2 * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include "opt_ipsec.h"
37 #include "opt_compat.h"
38 #include "opt_inet6.h"
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/malloc.h>
46 #include <sys/socket.h>
47 #include <sys/socketvar.h>
48 #include <sys/sysctl.h>
49 #include <sys/domain.h>
50 #include <sys/protosw.h>
51 #include <sys/kernel.h>
52 #include <sys/errno.h>
53 #include <sys/syslog.h>
55 #include <sys/limits.h>
56 #include <machine/cpu.h>
59 #include <net/route.h>
60 #include <net/if_types.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <netinet/in_pcb.h>
66 #include <netinet/in_var.h>
67 #include <netinet/ip_var.h>
70 #include <netinet/ip6.h>
71 #include <netinet6/ip6_var.h>
74 #include <netinet/ip_icmp.h>
75 #include <netinet/icmp_var.h>
77 #include <netinet/sctp_os.h>
78 #include <netinet/sctp_var.h>
79 #include <netinet/sctp_pcb.h>
80 #include <netinet/sctp_header.h>
81 #include <netinet/sctputil.h>
82 #include <netinet/sctp_output.h>
83 #include <netinet/sctp_input.h>
84 #include <netinet/sctp_auth.h>
85 #include <netinet/sctp_indata.h>
86 #include <netinet/sctp_asconf.h>
88 #include <netinet/ip_options.h>
92 #include <netinet6/ipsec.h>
93 #include <netkey/key.h>
98 extern uint32_t sctp_debug_on;
104 sctp_stop_all_cookie_timers(struct sctp_tcb *stcb)
106 struct sctp_nets *net;
108 SCTP_TCB_LOCK_ASSERT(stcb);
109 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
110 if ((callout_pending(&net->rxt_timer.timer)) &&
111 (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE)) {
112 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE,
122 sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
123 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
124 struct sctp_nets *net)
126 struct sctp_init *init;
131 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
132 printf("sctp_handle_init: handling INIT tcb:%p\n", stcb);
137 /* First are we accepting? */
138 if ((inp->sctp_socket->so_qlimit == 0) && (stcb == NULL)) {
140 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
141 printf("sctp_handle_init: Abort, so_qlimit:%d\n", inp->sctp_socket->so_qlimit);
145 * FIX ME ?? What about TCP model and we have a
146 * match/restart case?
148 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
151 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) {
153 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
154 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
157 /* validate parameters */
158 if (init->initiate_tag == 0) {
159 /* protocol error... send abort */
160 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
161 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
164 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) {
165 /* invalid parameter... send abort */
166 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
167 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
170 if (init->num_inbound_streams == 0) {
171 /* protocol error... send abort */
172 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
173 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
176 if (init->num_outbound_streams == 0) {
177 /* protocol error... send abort */
178 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
179 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
182 init_limit = offset + ntohs(cp->ch.chunk_length);
183 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp),
185 /* auth parameter(s) error... send abort */
186 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL);
189 /* send an INIT-ACK w/cookie */
191 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
192 printf("sctp_handle_init: sending INIT-ACK\n");
195 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp);
199 * process peer "INIT/INIT-ACK" chunk returns value < 0 on error
202 sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb,
203 struct sctp_nets *net)
205 struct sctp_init *init;
206 struct sctp_association *asoc;
207 struct sctp_nets *lnet;
212 /* save off parameters */
213 asoc->peer_vtag = ntohl(init->initiate_tag);
214 asoc->peers_rwnd = ntohl(init->a_rwnd);
215 if (TAILQ_FIRST(&asoc->nets)) {
216 /* update any ssthresh's that may have a default */
217 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
218 lnet->ssthresh = asoc->peers_rwnd;
220 #if defined(SCTP_CWND_MONITOR) || defined(SCTP_CWND_LOGGING)
221 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
226 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
228 struct sctp_stream_out *outs;
229 struct sctp_stream_queue_pending *sp;
231 /* cut back on number of streams */
232 newcnt = ntohs(init->num_inbound_streams);
233 /* This if is probably not needed but I am cautious */
235 /* First make sure no data chunks are trapped */
236 for (i = newcnt; i < asoc->pre_open_streams; i++) {
237 outs = &asoc->strmout[i];
238 sp = TAILQ_FIRST(&outs->outqueue);
240 TAILQ_REMOVE(&outs->outqueue, sp,
242 asoc->stream_queue_cnt--;
243 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL,
244 stcb, SCTP_NOTIFY_DATAGRAM_UNSENT,
247 sctp_m_freem(sp->data);
250 sctp_free_remote_addr(sp->net);
253 printf("sp:%x tcb:%x weird free case\n",
254 (u_int)sp, (u_int)stcb);
256 sctp_free_a_strmoq(stcb, sp);
257 sp = TAILQ_FIRST(&outs->outqueue);
261 /* cut back the count and abandon the upper streams */
262 asoc->pre_open_streams = newcnt;
264 asoc->streamincnt = ntohs(init->num_outbound_streams);
265 if (asoc->streamincnt > MAX_SCTP_STREAMS) {
266 asoc->streamincnt = MAX_SCTP_STREAMS;
268 asoc->streamoutcnt = asoc->pre_open_streams;
270 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
271 #ifdef SCTP_MAP_LOGGING
272 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
274 /* This is the next one we expect */
275 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
277 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
278 asoc->cumulative_tsn = asoc->asconf_seq_in;
279 asoc->last_echo_tsn = asoc->asconf_seq_in;
280 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
281 /* open the requested streams */
282 if (asoc->strmin != NULL) {
283 /* Free the old ones */
284 SCTP_FREE(asoc->strmin);
286 SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt *
287 sizeof(struct sctp_stream_in), "StreamsIn");
288 if (asoc->strmin == NULL) {
289 /* we didn't get memory for the streams! */
291 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
292 printf("process_init: couldn't get memory for the streams!\n");
297 for (i = 0; i < asoc->streamincnt; i++) {
298 asoc->strmin[i].stream_no = i;
299 asoc->strmin[i].last_sequence_delivered = 0xffff;
301 * U-stream ranges will be set when the cookie is unpacked.
302 * Or for the INIT sender they are un set (if pr-sctp not
303 * supported) when the INIT-ACK arrives.
305 TAILQ_INIT(&asoc->strmin[i].inqueue);
307 * we are not on any wheel, pr-sctp streams will go on the
308 * wheel when they have data waiting for reorder.
310 asoc->strmin[i].next_spoke.tqe_next = 0;
311 asoc->strmin[i].next_spoke.tqe_prev = 0;
315 * load_address_from_init will put the addresses into the
316 * association when the COOKIE is processed or the INIT-ACK is
317 * processed. Both types of COOKIE's existing and new call this
318 * routine. It will remove addresses that are no longer in the
319 * association (for the restarting case where addresses are
320 * removed). Up front when the INIT arrives we will discard it if it
321 * is a restart and new addresses have been added.
327 * INIT-ACK message processing/consumption returns value < 0 on error
330 sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
331 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
332 struct sctp_nets *net)
334 struct sctp_association *asoc;
336 int retval, abort_flag;
337 uint32_t initack_limit;
339 /* First verify that we have no illegal param's */
343 op_err = sctp_arethere_unrecognized_parameters(m,
344 (offset + sizeof(struct sctp_init_chunk)),
345 &abort_flag, (struct sctp_chunkhdr *)cp);
347 /* Send an abort and notify peer */
348 if (op_err != NULL) {
349 sctp_send_operr_to(m, iphlen, op_err, cp->init.initiate_tag);
352 * Just notify (abort_assoc does this if we send an
355 sctp_abort_notification(stcb, 0);
357 * No sense in further INIT's since we will get the
360 sctp_free_assoc(stcb->sctp_ep, stcb, 0);
365 /* process the peer's parameters in the INIT-ACK */
366 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net);
370 initack_limit = offset + ntohs(cp->ch.chunk_length);
371 /* load all addresses */
372 if ((retval = sctp_load_addresses_from_init(stcb, m, iphlen,
373 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh,
375 /* Huh, we should abort */
377 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
378 printf("Load addresses from INIT causes an abort %d\n", retval);
381 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
385 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
386 stcb->asoc.local_hmacs);
388 sctp_queue_op_err(stcb, op_err);
389 /* queuing will steal away the mbuf chain to the out queue */
392 /* extract the cookie and queue it to "echo" it back... */
393 stcb->asoc.overall_error_count = 0;
394 net->error_count = 0;
397 * Cancel the INIT timer, We do this first before queueing the
398 * cookie. We always cancel at the primary to assue that we are
399 * canceling the timer started by the INIT which always goes to the
402 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb,
403 asoc->primary_destination);
405 retval = sctp_send_cookie_echo(m, offset, stcb, net);
408 * No cookie, we probably should send a op error. But in any
409 * case if there is no cookie in the INIT-ACK, we can
410 * abandon the peer, its broke.
413 /* We abort with an error of missing mandatory param */
417 sctp_generate_invmanparam(SCTP_CAUSE_MISSING_PARAM);
420 * Expand beyond to include the mandatory
423 struct sctp_inv_mandatory_param *mp;
426 sizeof(struct sctp_inv_mandatory_param);
428 struct sctp_inv_mandatory_param *);
429 /* Subtract the reserved param */
431 htons(sizeof(struct sctp_inv_mandatory_param) - 2);
432 mp->num_param = htonl(1);
433 mp->param = htons(SCTP_STATE_COOKIE);
436 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
441 /* calculate the RTO */
442 net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered);
448 sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp,
449 struct sctp_tcb *stcb, struct sctp_nets *net)
451 struct sockaddr_storage store;
452 struct sockaddr_in *sin;
453 struct sockaddr_in6 *sin6;
454 struct sctp_nets *r_net;
457 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) {
461 sin = (struct sockaddr_in *)&store;
462 sin6 = (struct sockaddr_in6 *)&store;
464 memset(&store, 0, sizeof(store));
465 if (cp->heartbeat.hb_info.addr_family == AF_INET &&
466 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) {
467 sin->sin_family = cp->heartbeat.hb_info.addr_family;
468 sin->sin_len = cp->heartbeat.hb_info.addr_len;
469 sin->sin_port = stcb->rport;
470 memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address,
471 sizeof(sin->sin_addr));
472 } else if (cp->heartbeat.hb_info.addr_family == AF_INET6 &&
473 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) {
474 sin6->sin6_family = cp->heartbeat.hb_info.addr_family;
475 sin6->sin6_len = cp->heartbeat.hb_info.addr_len;
476 sin6->sin6_port = stcb->rport;
477 memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address,
478 sizeof(sin6->sin6_addr));
482 r_net = sctp_findnet(stcb, (struct sockaddr *)sin);
485 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
486 printf("Huh? I can't find the address I sent it to, discard\n");
491 if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
492 (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) &&
493 (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) {
495 * If the its a HB and it's random value is correct when can
496 * confirm the destination.
498 r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
499 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
500 stcb, 0, (void *)r_net);
502 r_net->error_count = 0;
503 r_net->hb_responded = 1;
504 tv.tv_sec = cp->heartbeat.hb_info.time_value_1;
505 tv.tv_usec = cp->heartbeat.hb_info.time_value_2;
506 if (r_net->dest_state & SCTP_ADDR_NOT_REACHABLE) {
507 r_net->dest_state &= ~SCTP_ADDR_NOT_REACHABLE;
508 r_net->dest_state |= SCTP_ADDR_REACHABLE;
509 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
510 SCTP_HEARTBEAT_SUCCESS, (void *)r_net);
511 /* now was it the primary? if so restore */
512 if (r_net->dest_state & SCTP_ADDR_WAS_PRIMARY) {
513 sctp_set_primary_addr(stcb, (struct sockaddr *)NULL, r_net);
516 /* Now lets do a RTO with this */
517 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv);
521 sctp_handle_abort(struct sctp_abort_chunk *cp,
522 struct sctp_tcb *stcb, struct sctp_nets *net)
526 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
527 printf("sctp_handle_abort: handling ABORT\n");
532 /* verify that the destination addr is in the association */
533 /* ignore abort for addresses being deleted */
535 /* stop any receive timers */
536 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net);
537 /* notify user of the abort and clean up... */
538 sctp_abort_notification(stcb, 0);
540 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
541 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) ||
542 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
543 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
545 sctp_free_assoc(stcb->sctp_ep, stcb, 0);
547 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
548 printf("sctp_handle_abort: finished\n");
554 sctp_handle_shutdown(struct sctp_shutdown_chunk *cp,
555 struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag)
557 struct sctp_association *asoc;
558 int some_on_streamwheel;
561 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
562 printf("sctp_handle_shutdown: handling SHUTDOWN\n");
568 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_WAIT) ||
569 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
572 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) {
573 /* Shutdown NOT the expected size */
576 sctp_update_acked(stcb, cp, net, abort_flag);
579 if (stcb->asoc.control_pdapi) {
581 * With a normal shutdown we assume the end of last record.
583 SCTP_INP_READ_LOCK(stcb->sctp_ep);
584 stcb->asoc.control_pdapi->end_added = 1;
585 if (stcb->asoc.control_pdapi->tail_mbuf) {
586 stcb->asoc.control_pdapi->tail_mbuf->m_flags |= M_EOR;
588 stcb->asoc.control_pdapi = NULL;
589 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
591 /* goto SHUTDOWN_RECEIVED state to block new requests */
592 if (stcb->sctp_socket) {
593 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
594 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
595 asoc->state = SCTP_STATE_SHUTDOWN_RECEIVED;
597 * notify upper layer that peer has initiated a
600 sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL);
603 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
606 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
608 * stop the shutdown timer, since we WILL move to
611 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net);
613 /* Now are we there yet? */
614 some_on_streamwheel = 0;
615 if (!TAILQ_EMPTY(&asoc->out_wheel)) {
616 /* Check to see if some data queued */
617 struct sctp_stream_out *outs;
619 TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) {
620 if (!TAILQ_EMPTY(&outs->outqueue)) {
621 some_on_streamwheel = 1;
626 if (!TAILQ_EMPTY(&asoc->send_queue) ||
627 !TAILQ_EMPTY(&asoc->sent_queue) ||
628 some_on_streamwheel) {
629 /* By returning we will push more data out */
632 /* no outstanding data to send, so move on... */
633 /* send SHUTDOWN-ACK */
634 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
635 /* move to SHUTDOWN-ACK-SENT state */
636 if (asoc->state == SCTP_STATE_SHUTDOWN_RECEIVED) {
637 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
639 asoc->state = SCTP_STATE_SHUTDOWN_ACK_SENT;
641 /* start SHUTDOWN timer */
642 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep,
648 sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp,
649 struct sctp_tcb *stcb, struct sctp_nets *net)
651 struct sctp_association *asoc;
654 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
655 printf("sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n");
662 /* process according to association state */
663 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
664 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
665 /* unexpected SHUTDOWN-ACK... so ignore... */
666 SCTP_TCB_UNLOCK(stcb);
669 if (stcb->asoc.control_pdapi) {
671 * With a normal shutdown we assume the end of last record.
673 SCTP_INP_READ_LOCK(stcb->sctp_ep);
674 stcb->asoc.control_pdapi->end_added = 1;
675 if (stcb->asoc.control_pdapi->tail_mbuf) {
676 stcb->asoc.control_pdapi->tail_mbuf->m_flags |= M_EOR;
678 stcb->asoc.control_pdapi = NULL;
679 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
681 /* are the queues empty? */
682 if (!TAILQ_EMPTY(&asoc->send_queue) ||
683 !TAILQ_EMPTY(&asoc->sent_queue) ||
684 !TAILQ_EMPTY(&asoc->out_wheel)) {
685 sctp_report_all_outbound(stcb);
688 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net);
689 /* send SHUTDOWN-COMPLETE */
690 sctp_send_shutdown_complete(stcb, net);
691 /* notify upper layer protocol */
692 if (stcb->sctp_socket) {
693 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
694 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
695 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
696 /* Set the connected flag to disconnected */
697 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0;
700 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
701 /* free the TCB but first save off the ep */
702 sctp_free_assoc(stcb->sctp_ep, stcb, 0);
706 * Skip past the param header and then we will find the chunk that caused the
707 * problem. There are two possiblities ASCONF or FWD-TSN other than that and
708 * our peer must be broken.
711 sctp_process_unrecog_chunk(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr,
712 struct sctp_nets *net)
714 struct sctp_chunkhdr *chk;
716 chk = (struct sctp_chunkhdr *)((caddr_t)phdr + sizeof(*phdr));
717 switch (chk->chunk_type) {
718 case SCTP_ASCONF_ACK:
720 sctp_asconf_cleanup(stcb, net);
722 case SCTP_FORWARD_CUM_TSN:
723 stcb->asoc.peer_supports_prsctp = 0;
727 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
728 printf("Peer does not support chunk type %d(%x)??\n",
729 chk->chunk_type, (uint32_t) chk->chunk_type);
737 * Skip past the param header and then we will find the param that caused the
738 * problem. There are a number of param's in a ASCONF OR the prsctp param
739 * these will turn of specific features.
742 sctp_process_unrecog_param(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr)
744 struct sctp_paramhdr *pbad;
747 switch (ntohs(pbad->param_type)) {
749 case SCTP_PRSCTP_SUPPORTED:
750 stcb->asoc.peer_supports_prsctp = 0;
752 case SCTP_SUPPORTED_CHUNK_EXT:
754 /* draft-ietf-tsvwg-addip-sctp */
755 case SCTP_ECN_NONCE_SUPPORTED:
756 stcb->asoc.peer_supports_ecn_nonce = 0;
757 stcb->asoc.ecn_nonce_allowed = 0;
758 stcb->asoc.ecn_allowed = 0;
760 case SCTP_ADD_IP_ADDRESS:
761 case SCTP_DEL_IP_ADDRESS:
762 case SCTP_SET_PRIM_ADDR:
763 stcb->asoc.peer_supports_asconf = 0;
765 case SCTP_SUCCESS_REPORT:
766 case SCTP_ERROR_CAUSE_IND:
768 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
769 printf("Huh, the peer does not support success? or error cause?\n");
770 printf("Turning off ASCONF to this strange peer\n");
773 stcb->asoc.peer_supports_asconf = 0;
777 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
778 printf("Peer does not support param type %d(%x)??\n",
779 pbad->param_type, (uint32_t) pbad->param_type);
787 sctp_handle_error(struct sctp_chunkhdr *ch,
788 struct sctp_tcb *stcb, struct sctp_nets *net)
791 struct sctp_paramhdr *phdr;
794 struct sctp_association *asoc;
798 /* parse through all of the errors and process */
800 phdr = (struct sctp_paramhdr *)((caddr_t)ch +
801 sizeof(struct sctp_chunkhdr));
802 chklen = ntohs(ch->chunk_length) - sizeof(struct sctp_chunkhdr);
803 while ((size_t)chklen >= sizeof(struct sctp_paramhdr)) {
804 /* Process an Error Cause */
805 error_type = ntohs(phdr->param_type);
806 error_len = ntohs(phdr->param_length);
807 if ((error_len > chklen) || (error_len == 0)) {
808 /* invalid param length for this param */
810 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
811 printf("Bogus length in error param- chunk left:%d errorlen:%d\n",
814 #endif /* SCTP_DEBUG */
817 switch (error_type) {
818 case SCTP_CAUSE_INVALID_STREAM:
819 case SCTP_CAUSE_MISSING_PARAM:
820 case SCTP_CAUSE_INVALID_PARAM:
821 case SCTP_CAUSE_NO_USER_DATA:
823 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
824 printf("Software error we got a %d back? We have a bug :/ (or do they?)\n",
829 case SCTP_CAUSE_STALE_COOKIE:
831 * We only act if we have echoed a cookie and are
834 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
837 p = (int *)((caddr_t)phdr + sizeof(*phdr));
838 /* Save the time doubled */
839 asoc->cookie_preserve_req = ntohl(*p) << 1;
840 asoc->stale_cookie_count++;
841 if (asoc->stale_cookie_count >
842 asoc->max_init_times) {
843 sctp_abort_notification(stcb, 0);
844 /* now free the asoc */
845 sctp_free_assoc(stcb->sctp_ep, stcb, 0);
848 /* blast back to INIT state */
849 asoc->state &= ~SCTP_STATE_COOKIE_ECHOED;
850 asoc->state |= SCTP_STATE_COOKIE_WAIT;
852 sctp_stop_all_cookie_timers(stcb);
853 sctp_send_initiate(stcb->sctp_ep, stcb);
856 case SCTP_CAUSE_UNRESOLVABLE_ADDR:
858 * Nothing we can do here, we don't do hostname
859 * addresses so if the peer does not like my IPv6
860 * (or IPv4 for that matter) it does not matter. If
861 * they don't support that type of address, they can
862 * NOT possibly get that packet type... i.e. with no
863 * IPv6 you can't recieve a IPv6 packet. so we can
864 * safely ignore this one. If we ever added support
865 * for HOSTNAME Addresses, then we would need to do
869 case SCTP_CAUSE_UNRECOG_CHUNK:
870 sctp_process_unrecog_chunk(stcb, phdr, net);
872 case SCTP_CAUSE_UNRECOG_PARAM:
873 sctp_process_unrecog_param(stcb, phdr);
875 case SCTP_CAUSE_COOKIE_IN_SHUTDOWN:
877 * We ignore this since the timer will drive out a
878 * new cookie anyway and there timer will drive us
879 * to send a SHUTDOWN_COMPLETE. We can't send one
880 * here since we don't have their tag.
883 case SCTP_CAUSE_DELETING_LAST_ADDR:
884 case SCTP_CAUSE_RESOURCE_SHORTAGE:
885 case SCTP_CAUSE_DELETING_SRC_ADDR:
887 * We should NOT get these here, but in a
891 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
892 printf("Peer sends ASCONF errors in a Operational Error?<%d>?\n",
897 case SCTP_CAUSE_OUT_OF_RESC:
899 * And what, pray tell do we do with the fact that
900 * the peer is out of resources? Not really sure we
901 * could do anything but abort. I suspect this n *
902 * should have came WITH an abort instead of in a
908 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
909 /* don't know what this error cause is... */
910 printf("sctp_handle_error: unknown error type = 0x%xh\n",
913 #endif /* SCTP_DEBUG */
916 adjust = SCTP_SIZE32(error_len);
918 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust);
924 sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
925 struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
926 struct sctp_nets *net)
928 struct sctp_init_ack *init_ack;
933 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
934 printf("sctp_handle_init_ack: handling INIT-ACK\n");
939 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
940 printf("sctp_handle_init_ack: TCB is null\n");
945 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) {
947 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
948 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
952 init_ack = &cp->init;
953 /* validate parameters */
954 if (init_ack->initiate_tag == 0) {
955 /* protocol error... send an abort */
956 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
957 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
961 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) {
962 /* protocol error... send an abort */
963 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
964 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
968 if (init_ack->num_inbound_streams == 0) {
969 /* protocol error... send an abort */
970 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
971 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
975 if (init_ack->num_outbound_streams == 0) {
976 /* protocol error... send an abort */
977 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
978 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
982 /* process according to association state... */
983 state = &stcb->asoc.state;
984 switch (*state & SCTP_STATE_MASK) {
985 case SCTP_STATE_COOKIE_WAIT:
986 /* this is the expected state for this chunk */
987 /* process the INIT-ACK parameters */
988 if (stcb->asoc.primary_destination->dest_state &
989 SCTP_ADDR_UNCONFIRMED) {
991 * The primary is where we sent the INIT, we can
992 * always consider it confirmed when the INIT-ACK is
993 * returned. Do this before we load addresses
996 stcb->asoc.primary_destination->dest_state &=
997 ~SCTP_ADDR_UNCONFIRMED;
998 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
999 stcb, 0, (void *)stcb->asoc.primary_destination);
1001 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, net
1003 /* error in parsing parameters */
1006 /* update our state */
1008 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1009 printf("moving to COOKIE-ECHOED state\n");
1012 if (*state & SCTP_STATE_SHUTDOWN_PENDING) {
1013 *state = SCTP_STATE_COOKIE_ECHOED |
1014 SCTP_STATE_SHUTDOWN_PENDING;
1016 *state = SCTP_STATE_COOKIE_ECHOED;
1019 /* reset the RTO calc */
1020 stcb->asoc.overall_error_count = 0;
1021 SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
1023 * collapse the init timer back in case of a exponential
1026 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep,
1029 * the send at the end of the inbound data processing will
1030 * cause the cookie to be sent
1033 case SCTP_STATE_SHUTDOWN_SENT:
1034 /* incorrect state... discard */
1036 case SCTP_STATE_COOKIE_ECHOED:
1037 /* incorrect state... discard */
1039 case SCTP_STATE_OPEN:
1040 /* incorrect state... discard */
1042 case SCTP_STATE_EMPTY:
1043 case SCTP_STATE_INUSE:
1045 /* incorrect state... discard */
1048 } /* end switch asoc state */
1050 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1051 printf("Leaving handle-init-ack end\n");
1059 * handle a state cookie for an existing association m: input packet mbuf
1060 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a
1061 * "split" mbuf and the cookie signature does not exist offset: offset into
1062 * mbuf to the cookie-echo chunk
1064 static struct sctp_tcb *
1065 sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
1066 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1067 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
1068 struct sockaddr *init_src, int *notification, sctp_assoc_t * sac_assoc_id)
1070 struct sctp_association *asoc;
1071 struct sctp_init_chunk *init_cp, init_buf;
1072 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1074 int init_offset, initack_offset;
1077 /* I know that the TCB is non-NULL from the caller */
1080 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
1081 /* SHUTDOWN came in after sending INIT-ACK */
1082 struct mbuf *op_err;
1083 struct sctp_paramhdr *ph;
1085 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
1086 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
1087 1, M_DONTWAIT, 1, MT_DATA);
1088 if (op_err == NULL) {
1092 /* pre-reserve some space */
1093 op_err->m_data += sizeof(struct ip6_hdr);
1094 op_err->m_data += sizeof(struct sctphdr);
1095 op_err->m_data += sizeof(struct sctp_chunkhdr);
1097 op_err->m_len = op_err->m_pkthdr.len = sizeof(struct sctp_paramhdr);
1098 ph = mtod(op_err, struct sctp_paramhdr *);
1099 ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN);
1100 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1101 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
1105 * find and validate the INIT chunk in the cookie (peer's info) the
1106 * INIT should start after the cookie-echo header struct (chunk
1107 * header, state cookie header struct)
1109 init_offset = offset += sizeof(struct sctp_cookie_echo_chunk);
1111 init_cp = (struct sctp_init_chunk *)
1112 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1113 (uint8_t *) & init_buf);
1114 if (init_cp == NULL) {
1115 /* could not pull a INIT chunk in cookie */
1118 chk_length = ntohs(init_cp->ch.chunk_length);
1119 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1123 * find and validate the INIT-ACK chunk in the cookie (my info) the
1124 * INIT-ACK follows the INIT chunk
1126 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1127 initack_cp = (struct sctp_init_ack_chunk *)
1128 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1129 (uint8_t *) & initack_buf);
1130 if (initack_cp == NULL) {
1131 /* could not pull INIT-ACK chunk in cookie */
1134 chk_length = ntohs(initack_cp->ch.chunk_length);
1135 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1138 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1139 (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) {
1141 * case D in Section 5.2.4 Table 2: MMAA process accordingly
1142 * to get into the OPEN state
1144 switch SCTP_GET_STATE
1146 case SCTP_STATE_COOKIE_WAIT:
1148 * INIT was sent, but got got a COOKIE_ECHO with the
1149 * correct tags... just accept it...
1151 /* First we must process the INIT !! */
1152 retval = sctp_process_init(init_cp, stcb, net);
1156 /* intentional fall through to below... */
1158 case SCTP_STATE_COOKIE_ECHOED:
1159 /* Duplicate INIT case */
1160 /* we have already processed the INIT so no problem */
1161 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb,
1163 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net);
1164 sctp_stop_all_cookie_timers(stcb);
1165 /* update current state */
1166 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1167 asoc->state = SCTP_STATE_OPEN |
1168 SCTP_STATE_SHUTDOWN_PENDING;
1169 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1170 stcb->sctp_ep, stcb, asoc->primary_destination);
1172 } else if ((asoc->state & SCTP_STATE_SHUTDOWN_SENT) == 0) {
1173 /* if ok, move to OPEN state */
1174 asoc->state = SCTP_STATE_OPEN;
1176 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1177 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1178 (inp->sctp_socket->so_qlimit == 0)
1181 * Here is where collision would go if we
1182 * did a connect() and instead got a
1183 * init/init-ack/cookie done before the
1184 * init-ack came back..
1186 stcb->sctp_ep->sctp_flags |=
1187 SCTP_PCB_FLAGS_CONNECTED;
1188 soisconnected(stcb->sctp_ep->sctp_socket);
1190 /* notify upper layer */
1191 *notification = SCTP_NOTIFY_ASSOC_UP;
1193 * since we did not send a HB make sure we don't
1196 net->hb_responded = 1;
1198 if (stcb->asoc.sctp_autoclose_ticks &&
1199 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) {
1200 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
1206 * we're in the OPEN state (or beyond), so peer must
1207 * have simply lost the COOKIE-ACK
1213 * We ignore the return code here.. not sure if we should
1214 * somehow abort.. but we do have an existing asoc. This
1215 * really should not fail.
1217 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1218 init_offset + sizeof(struct sctp_init_chunk),
1219 initack_offset, sh, init_src)) {
1222 /* respond with a COOKIE-ACK */
1223 sctp_send_cookie_ack(stcb);
1226 if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1227 ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag &&
1228 cookie->tie_tag_my_vtag == 0 &&
1229 cookie->tie_tag_peer_vtag == 0) {
1231 * case C in Section 5.2.4 Table 2: XMOO silently discard
1235 if (ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag &&
1236 (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag ||
1237 init_cp->init.initiate_tag == 0)) {
1239 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info
1240 * should be ok, re-accept peer info
1242 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
1243 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net);
1244 sctp_stop_all_cookie_timers(stcb);
1246 * since we did not send a HB make sure we don't double
1249 net->hb_responded = 1;
1250 if (stcb->asoc.sctp_autoclose_ticks &&
1251 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1252 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1255 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1256 asoc->pre_open_streams =
1257 ntohs(initack_cp->init.num_outbound_streams);
1258 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1259 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out =
1260 asoc->init_seq_number;
1261 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1262 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1263 asoc->str_reset_seq_in = asoc->init_seq_number;
1264 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1266 /* process the INIT info (peer's info) */
1267 retval = sctp_process_init(init_cp, stcb, net);
1271 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1272 init_offset + sizeof(struct sctp_init_chunk),
1273 initack_offset, sh, init_src)) {
1276 if ((asoc->state & SCTP_STATE_COOKIE_WAIT) ||
1277 (asoc->state & SCTP_STATE_COOKIE_ECHOED)) {
1278 *notification = SCTP_NOTIFY_ASSOC_UP;
1280 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1281 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1282 (inp->sctp_socket->so_qlimit == 0)) {
1283 stcb->sctp_ep->sctp_flags |=
1284 SCTP_PCB_FLAGS_CONNECTED;
1285 soisconnected(stcb->sctp_ep->sctp_socket);
1288 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1289 asoc->state = SCTP_STATE_OPEN |
1290 SCTP_STATE_SHUTDOWN_PENDING;
1291 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1292 stcb->sctp_ep, stcb, asoc->primary_destination);
1295 asoc->state = SCTP_STATE_OPEN;
1297 sctp_stop_all_cookie_timers(stcb);
1298 sctp_send_cookie_ack(stcb);
1301 if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1302 ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) &&
1303 cookie->tie_tag_my_vtag == asoc->my_vtag_nonce &&
1304 cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce &&
1305 cookie->tie_tag_peer_vtag != 0) {
1306 struct sctpasochead *head;
1309 * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
1311 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net);
1312 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
1313 *sac_assoc_id = sctp_get_associd(stcb);
1314 /* notify upper layer */
1315 *notification = SCTP_NOTIFY_ASSOC_RESTART;
1318 /* send up all the data */
1319 sctp_report_all_outbound(stcb);
1321 /* process the INIT-ACK info (my info) */
1322 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1323 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1325 /* pull from vtag hash */
1326 LIST_REMOVE(stcb, sctp_asocs);
1327 /* re-insert to new vtag position */
1328 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1329 sctppcbinfo.hashasocmark)];
1331 * put it in the bucket in the vtag hash of assoc's for the
1334 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1336 /* Is this the first restart? */
1337 if (stcb->asoc.in_restart_hash == 0) {
1338 /* Ok add it to assoc_id vtag hash */
1339 head = &sctppcbinfo.sctp_restarthash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
1340 sctppcbinfo.hashrestartmark)];
1341 LIST_INSERT_HEAD(head, stcb, sctp_tcbrestarhash);
1342 stcb->asoc.in_restart_hash = 1;
1344 asoc->pre_open_streams =
1345 ntohs(initack_cp->init.num_outbound_streams);
1346 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1347 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1349 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1350 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1352 asoc->str_reset_seq_in = asoc->init_seq_number;
1354 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1355 if (asoc->mapping_array)
1356 memset(asoc->mapping_array, 0,
1357 asoc->mapping_array_size);
1358 /* process the INIT info (peer's info) */
1359 retval = sctp_process_init(init_cp, stcb, net);
1364 * since we did not send a HB make sure we don't double
1367 net->hb_responded = 1;
1369 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1370 init_offset + sizeof(struct sctp_init_chunk),
1371 initack_offset, sh, init_src)) {
1374 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1375 asoc->state = SCTP_STATE_OPEN |
1376 SCTP_STATE_SHUTDOWN_PENDING;
1377 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1378 stcb->sctp_ep, stcb, asoc->primary_destination);
1380 } else if (!(asoc->state & SCTP_STATE_SHUTDOWN_SENT)) {
1381 /* move to OPEN state, if not in SHUTDOWN_SENT */
1382 asoc->state = SCTP_STATE_OPEN;
1384 /* respond with a COOKIE-ACK */
1385 sctp_stop_all_cookie_timers(stcb);
1386 sctp_send_cookie_ack(stcb);
1390 /* if we are not a restart we need the assoc_id field pop'd */
1391 asoc->assoc_id = ntohl(initack_cp->init.initiate_tag);
1393 /* all other cases... */
1398 * handle a state cookie for a new association m: input packet mbuf chain--
1399 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf
1400 * and the cookie signature does not exist offset: offset into mbuf to the
1401 * cookie-echo chunk length: length of the cookie chunk to: where the init
1402 * was from returns a new TCB
1404 static struct sctp_tcb *
1405 sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
1406 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1407 struct sctp_inpcb *inp, struct sctp_nets **netp,
1408 struct sockaddr *init_src, int *notification,
1409 int auth_skipped, uint32_t auth_offset, uint32_t auth_len)
1411 struct sctp_tcb *stcb;
1412 struct sctp_init_chunk *init_cp, init_buf;
1413 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1414 struct sockaddr_storage sa_store;
1415 struct sockaddr *initack_src = (struct sockaddr *)&sa_store;
1416 struct sockaddr_in *sin;
1417 struct sockaddr_in6 *sin6;
1418 struct sctp_association *asoc;
1420 int init_offset, initack_offset, initack_limit;
1424 uint8_t chunk_buf[DEFAULT_CHUNK_BUFFER];
1427 * find and validate the INIT chunk in the cookie (peer's info) the
1428 * INIT should start after the cookie-echo header struct (chunk
1429 * header, state cookie header struct)
1431 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk);
1432 init_cp = (struct sctp_init_chunk *)
1433 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1434 (uint8_t *) & init_buf);
1435 if (init_cp == NULL) {
1436 /* could not pull a INIT chunk in cookie */
1438 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1439 printf("process_cookie_new: could not pull INIT chunk hdr\n");
1441 #endif /* SCTP_DEBUG */
1444 chk_length = ntohs(init_cp->ch.chunk_length);
1445 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1447 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1448 printf("HUH? process_cookie_new: could not find INIT chunk!\n");
1450 #endif /* SCTP_DEBUG */
1453 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1455 * find and validate the INIT-ACK chunk in the cookie (my info) the
1456 * INIT-ACK follows the INIT chunk
1458 initack_cp = (struct sctp_init_ack_chunk *)
1459 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1460 (uint8_t *) & initack_buf);
1461 if (initack_cp == NULL) {
1462 /* could not pull INIT-ACK chunk in cookie */
1464 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1465 printf("process_cookie_new: could not pull INIT-ACK chunk hdr\n");
1467 #endif /* SCTP_DEBUG */
1470 chk_length = ntohs(initack_cp->ch.chunk_length);
1471 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1475 * NOTE: We can't use the INIT_ACK's chk_length to determine the
1476 * "initack_limit" value. This is because the chk_length field
1477 * includes the length of the cookie, but the cookie is omitted when
1478 * the INIT and INIT_ACK are tacked onto the cookie...
1480 initack_limit = offset + cookie_len;
1483 * now that we know the INIT/INIT-ACK are in place, create a new TCB
1486 stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
1487 ntohl(initack_cp->init.initiate_tag));
1489 struct mbuf *op_err;
1491 /* memory problem? */
1493 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1494 printf("process_cookie_new: no room for another TCB!\n");
1496 #endif /* SCTP_DEBUG */
1497 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1498 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1502 /* get the correct sctp_nets */
1503 *netp = sctp_findnet(stcb, init_src);
1505 /* get scope variables out of cookie */
1506 asoc->ipv4_local_scope = cookie->ipv4_scope;
1507 asoc->site_scope = cookie->site_scope;
1508 asoc->local_scope = cookie->local_scope;
1509 asoc->loopback_scope = cookie->loopback_scope;
1511 if ((asoc->ipv4_addr_legal != cookie->ipv4_addr_legal) ||
1512 (asoc->ipv6_addr_legal != cookie->ipv6_addr_legal)) {
1513 struct mbuf *op_err;
1516 * Houston we have a problem. The EP changed while the
1517 * cookie was in flight. Only recourse is to abort the
1520 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1521 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1525 /* process the INIT-ACK info (my info) */
1526 old_tag = asoc->my_vtag;
1527 asoc->assoc_id = asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1528 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1529 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1530 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1531 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1532 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1533 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1534 asoc->str_reset_seq_in = asoc->init_seq_number;
1536 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1538 /* process the INIT info (peer's info) */
1539 retval = sctp_process_init(init_cp, stcb, *netp);
1541 sctp_free_assoc(inp, stcb, 0);
1544 /* load all addresses */
1545 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1546 init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh,
1548 sctp_free_assoc(inp, stcb, 0);
1552 * verify any preceding AUTH chunk that was skipped
1554 /* pull the local authentication parameters from the cookie/init-ack */
1555 sctp_auth_get_cookie_params(stcb, m,
1556 initack_offset + sizeof(struct sctp_init_ack_chunk),
1557 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)));
1559 struct sctp_auth_chunk *auth;
1561 auth = (struct sctp_auth_chunk *)
1562 sctp_m_getptr(m, auth_offset, auth_len, chunk_buf);
1563 if (sctp_handle_auth(stcb, auth, m, auth_offset)) {
1564 /* auth HMAC failed, dump the assoc and packet */
1566 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1567 printf("COOKIE-ECHO: AUTH failed\n");
1568 #endif /* SCTP_DEBUG */
1569 sctp_free_assoc(inp, stcb, 0);
1572 /* remaining chunks checked... good to go */
1573 stcb->asoc.authenticated = 1;
1576 /* update current state */
1578 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1579 printf("moving to OPEN state\n");
1582 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1583 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1584 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1585 stcb->sctp_ep, stcb, asoc->primary_destination);
1587 asoc->state = SCTP_STATE_OPEN;
1589 SCTP_STAT_INCR_COUNTER32(sctps_passiveestab);
1590 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1591 sctp_stop_all_cookie_timers(stcb);
1592 /* calculate the RTT */
1593 (*netp)->RTO = sctp_calculate_rto(stcb, asoc, *netp,
1594 &cookie->time_entered);
1597 * if we're doing ASCONFs, check to see if we have any new local
1598 * addresses that need to get added to the peer (eg. addresses
1599 * changed while cookie echo in flight). This needs to be done
1600 * after we go to the OPEN state to do the correct asconf
1601 * processing. else, make sure we have the correct addresses in our
1605 /* warning, we re-use sin, sin6, sa_store here! */
1606 /* pull in local_address (our "from" address) */
1607 if (cookie->laddr_type == SCTP_IPV4_ADDRESS) {
1608 /* source addr is IPv4 */
1609 sin = (struct sockaddr_in *)initack_src;
1610 memset(sin, 0, sizeof(*sin));
1611 sin->sin_family = AF_INET;
1612 sin->sin_len = sizeof(struct sockaddr_in);
1613 sin->sin_addr.s_addr = cookie->laddress[0];
1614 } else if (cookie->laddr_type == SCTP_IPV6_ADDRESS) {
1615 /* source addr is IPv6 */
1616 sin6 = (struct sockaddr_in6 *)initack_src;
1617 memset(sin6, 0, sizeof(*sin6));
1618 sin6->sin6_family = AF_INET6;
1619 sin6->sin6_len = sizeof(struct sockaddr_in6);
1620 sin6->sin6_scope_id = cookie->scope_id;
1621 memcpy(&sin6->sin6_addr, cookie->laddress,
1622 sizeof(sin6->sin6_addr));
1624 sctp_free_assoc(inp, stcb, 0);
1628 sctp_check_address_list(stcb, m,
1629 initack_offset + sizeof(struct sctp_init_ack_chunk),
1630 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)),
1631 initack_src, cookie->local_scope, cookie->site_scope,
1632 cookie->ipv4_scope, cookie->loopback_scope);
1635 /* set up to notify upper layer */
1636 *notification = SCTP_NOTIFY_ASSOC_UP;
1637 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1638 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1639 (inp->sctp_socket->so_qlimit == 0)) {
1641 * This is an endpoint that called connect() how it got a
1642 * cookie that is NEW is a bit of a mystery. It must be that
1643 * the INIT was sent, but before it got there.. a complete
1644 * INIT/INIT-ACK/COOKIE arrived. But of course then it
1645 * should have went to the other code.. not here.. oh well..
1646 * a bit of protection is worth having..
1648 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
1649 soisconnected(stcb->sctp_ep->sctp_socket);
1650 } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
1651 (inp->sctp_socket->so_qlimit)) {
1653 * We don't want to do anything with this one. Since it is
1654 * the listening guy. The timer will get started for
1655 * accepted connections in the caller.
1659 /* since we did not send a HB make sure we don't double things */
1660 (*netp)->hb_responded = 1;
1662 if (stcb->asoc.sctp_autoclose_ticks &&
1663 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1664 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1666 /* respond with a COOKIE-ACK */
1667 sctp_send_cookie_ack(stcb);
1673 * handles a COOKIE-ECHO message stcb: modified to either a new or left as
1674 * existing (non-NULL) TCB
1676 static struct mbuf *
1677 sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
1678 struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp,
1679 struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp,
1680 int auth_skipped, uint32_t auth_offset, uint32_t auth_len)
1682 struct sctp_state_cookie *cookie;
1683 struct sockaddr_in6 sin6;
1684 struct sockaddr_in sin;
1685 struct sctp_tcb *l_stcb = *stcb;
1686 struct sctp_inpcb *l_inp;
1687 struct sockaddr *to;
1688 sctp_assoc_t sac_restart_id;
1689 struct sctp_pcb *ep;
1691 uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE];
1693 uint8_t cookie_ok = 0;
1694 unsigned int size_of_pkt, sig_offset, cookie_offset;
1695 unsigned int cookie_len;
1697 struct timeval time_expires;
1698 struct sockaddr_storage dest_store;
1699 struct sockaddr *localep_sa = (struct sockaddr *)&dest_store;
1701 int notification = 0;
1702 struct sctp_nets *netl;
1703 int had_a_existing_tcb = 0;
1706 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1707 printf("sctp_handle_cookie: handling COOKIE-ECHO\n");
1711 if (inp_p == NULL) {
1714 /* First get the destination address setup too. */
1715 iph = mtod(m, struct ip *);
1716 if (iph->ip_v == IPVERSION) {
1718 struct sockaddr_in *sin;
1720 sin = (struct sockaddr_in *)(localep_sa);
1721 memset(sin, 0, sizeof(*sin));
1722 sin->sin_family = AF_INET;
1723 sin->sin_len = sizeof(*sin);
1724 sin->sin_port = sh->dest_port;
1725 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
1726 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1728 struct ip6_hdr *ip6;
1729 struct sockaddr_in6 *sin6;
1731 sin6 = (struct sockaddr_in6 *)(localep_sa);
1732 memset(sin6, 0, sizeof(*sin6));
1733 sin6->sin6_family = AF_INET6;
1734 sin6->sin6_len = sizeof(struct sockaddr_in6);
1735 ip6 = mtod(m, struct ip6_hdr *);
1736 sin6->sin6_port = sh->dest_port;
1737 sin6->sin6_addr = ip6->ip6_dst;
1742 cookie = &cp->cookie;
1743 cookie_offset = offset + sizeof(struct sctp_chunkhdr);
1744 cookie_len = ntohs(cp->ch.chunk_length);
1746 if ((cookie->peerport != sh->src_port) &&
1747 (cookie->myport != sh->dest_port) &&
1748 (cookie->my_vtag != sh->v_tag)) {
1750 * invalid ports or bad tag. Note that we always leave the
1751 * v_tag in the header in network order and when we stored
1752 * it in the my_vtag slot we also left it in network order.
1753 * This maintians the match even though it may be in the
1754 * opposite byte order of the machine :->
1758 /* compute size of packet */
1759 if (m->m_flags & M_PKTHDR) {
1760 size_of_pkt = m->m_pkthdr.len;
1762 /* Should have a pkt hdr really */
1767 while (mat != NULL) {
1768 size_of_pkt += mat->m_len;
1772 if (cookie_len > size_of_pkt ||
1773 cookie_len < sizeof(struct sctp_cookie_echo_chunk) +
1774 sizeof(struct sctp_init_chunk) +
1775 sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) {
1776 /* cookie too long! or too small */
1780 * split off the signature into its own mbuf (since it should not be
1781 * calculated in the sctp_hmac_m() call).
1783 sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE;
1784 if (sig_offset > size_of_pkt) {
1785 /* packet not correct size! */
1786 /* XXX this may already be accounted for earlier... */
1789 m_sig = m_split(m, sig_offset, M_DONTWAIT);
1790 if (m_sig == NULL) {
1791 /* out of memory or ?? */
1795 * compute the signature/digest for the cookie
1797 ep = &(*inp_p)->sctp_ep;
1800 SCTP_TCB_UNLOCK(l_stcb);
1802 SCTP_INP_RLOCK(l_inp);
1804 SCTP_TCB_LOCK(l_stcb);
1806 /* which cookie is it? */
1807 if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) &&
1808 (ep->current_secret_number != ep->last_secret_number)) {
1809 /* it's the old cookie */
1810 sctp_hmac_m(SCTP_HMAC,
1811 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1812 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1814 /* it's the current cookie */
1815 sctp_hmac_m(SCTP_HMAC,
1816 (uint8_t *) ep->secret_key[(int)ep->current_secret_number],
1817 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1819 /* get the signature */
1820 SCTP_INP_RUNLOCK(l_inp);
1821 sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig);
1823 /* couldn't find signature */
1826 /* compare the received digest with the computed digest */
1827 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
1828 /* try the old cookie? */
1829 if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
1830 (ep->current_secret_number != ep->last_secret_number)) {
1831 /* compute digest with old */
1832 sctp_hmac_m(SCTP_HMAC,
1833 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1834 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1836 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
1844 * Now before we continue we must reconstruct our mbuf so that
1845 * normal processing of any other chunks will work.
1851 while (m_at->m_next != NULL) {
1852 m_at = m_at->m_next;
1854 m_at->m_next = m_sig;
1855 if (m->m_flags & M_PKTHDR) {
1857 * We should only do this if and only if the front
1858 * mbuf has a m_pkthdr... it should in theory.
1860 if (m_sig->m_flags & M_PKTHDR) {
1861 /* Add back to the pkt hdr of main m chain */
1862 m->m_pkthdr.len += m_sig->m_pkthdr.len;
1865 * Got a problem, no pkthdr in split chain.
1866 * TSNH but we will handle it just in case
1871 printf("Warning: Hitting m_split join TSNH code - fixed\n");
1874 mmlen += lat->m_len;
1877 m->m_pkthdr.len += mmlen;
1882 if (cookie_ok == 0) {
1884 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1885 printf("handle_cookie_echo: cookie signature validation failed!\n");
1886 printf("offset = %u, cookie_offset = %u, sig_offset = %u\n",
1887 (uint32_t) offset, cookie_offset, sig_offset);
1893 * check the cookie timestamps to be sure it's not stale
1895 SCTP_GETTIME_TIMEVAL(&now);
1896 /* Expire time is in Ticks, so we convert to seconds */
1897 time_expires.tv_sec = cookie->time_entered.tv_sec + cookie->cookie_life;
1898 time_expires.tv_usec = cookie->time_entered.tv_usec;
1899 if (timevalcmp(&now, &time_expires, >)) {
1900 /* cookie is stale! */
1901 struct mbuf *op_err;
1902 struct sctp_stale_cookie_msg *scm;
1905 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_stale_cookie_msg),
1906 1, M_DONTWAIT, 1, MT_DATA);
1907 if (op_err == NULL) {
1911 /* pre-reserve some space */
1912 op_err->m_data += sizeof(struct ip6_hdr);
1913 op_err->m_data += sizeof(struct sctphdr);
1914 op_err->m_data += sizeof(struct sctp_chunkhdr);
1917 op_err->m_len = op_err->m_pkthdr.len = sizeof(struct sctp_stale_cookie_msg);
1918 scm = mtod(op_err, struct sctp_stale_cookie_msg *);
1919 scm->ph.param_type = htons(SCTP_CAUSE_STALE_COOKIE);
1920 scm->ph.param_length = htons((sizeof(struct sctp_paramhdr) +
1921 (sizeof(uint32_t))));
1922 /* seconds to usec */
1923 tim = (now.tv_sec - time_expires.tv_sec) * 1000000;
1926 tim = now.tv_usec - cookie->time_entered.tv_usec;
1927 scm->time_usec = htonl(tim);
1928 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
1932 * Now we must see with the lookup address if we have an existing
1933 * asoc. This will only happen if we were in the COOKIE-WAIT state
1934 * and a INIT collided with us and somewhere the peer sent the
1935 * cookie on another address besides the single address our assoc
1936 * had for him. In this case we will have one of the tie-tags set at
1937 * least AND the address field in the cookie can be used to look it
1941 if (cookie->addr_type == SCTP_IPV6_ADDRESS) {
1942 memset(&sin6, 0, sizeof(sin6));
1943 sin6.sin6_family = AF_INET6;
1944 sin6.sin6_len = sizeof(sin6);
1945 sin6.sin6_port = sh->src_port;
1946 sin6.sin6_scope_id = cookie->scope_id;
1947 memcpy(&sin6.sin6_addr.s6_addr, cookie->address,
1948 sizeof(sin6.sin6_addr.s6_addr));
1949 to = (struct sockaddr *)&sin6;
1950 } else if (cookie->addr_type == SCTP_IPV4_ADDRESS) {
1951 memset(&sin, 0, sizeof(sin));
1952 sin.sin_family = AF_INET;
1953 sin.sin_len = sizeof(sin);
1954 sin.sin_port = sh->src_port;
1955 sin.sin_addr.s_addr = cookie->address[0];
1956 to = (struct sockaddr *)&sin;
1958 if ((*stcb == NULL) && to) {
1959 /* Yep, lets check */
1960 *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, localep_sa, NULL);
1961 if (*stcb == NULL) {
1963 * We should have only got back the same inp. If we
1964 * got back a different ep we have a problem. The
1965 * original findep got back l_inp and now
1967 if (l_inp != *inp_p) {
1968 printf("Bad problem find_ep got a diff inp then special_locate?\n");
1972 cookie_len -= SCTP_SIGNATURE_SIZE;
1973 if (*stcb == NULL) {
1974 /* this is the "normal" case... get a new TCB */
1975 *stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie,
1976 cookie_len, *inp_p, netp, to, ¬ification,
1977 auth_skipped, auth_offset, auth_len);
1979 /* this is abnormal... cookie-echo on existing TCB */
1980 had_a_existing_tcb = 1;
1981 *stcb = sctp_process_cookie_existing(m, iphlen, offset, sh,
1982 cookie, cookie_len, *inp_p, *stcb, *netp, to, ¬ification,
1986 if (*stcb == NULL) {
1987 /* still no TCB... must be bad cookie-echo */
1991 * Ok, we built an association so confirm the address we sent the
1994 netl = sctp_findnet(*stcb, to);
1996 * This code should in theory NOT run but
1999 /* TSNH! Huh, why do I need to add this address here? */
2002 ret = sctp_add_remote_addr(*stcb, to, 0, 100);
2003 netl = sctp_findnet(*stcb, to);
2006 if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) {
2007 netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
2008 sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL,
2010 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
2011 (*stcb), 0, (void *)netl);
2015 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, *inp_p,
2018 if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
2019 if (!had_a_existing_tcb ||
2020 (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) {
2022 * If we have a NEW cookie or the connect never
2023 * reached the connected state during collision we
2024 * must do the TCP accept thing.
2026 struct socket *so, *oso;
2027 struct sctp_inpcb *inp;
2029 if (notification == SCTP_NOTIFY_ASSOC_RESTART) {
2031 * For a restart we will keep the same
2032 * socket, no need to do anything. I THINK!!
2034 sctp_ulp_notify(notification, *stcb, 0, (void *)&sac_restart_id);
2037 oso = (*inp_p)->sctp_socket;
2039 * We do this to keep the sockets side happy durin
2040 * the sonewcon ONLY.
2043 SCTP_TCB_UNLOCK((*stcb));
2044 so = sonewconn(oso, SS_ISCONNECTED
2047 SCTP_INP_WLOCK((*stcb)->sctp_ep);
2048 SCTP_TCB_LOCK((*stcb));
2049 SCTP_INP_WUNLOCK((*stcb)->sctp_ep);
2051 struct mbuf *op_err;
2053 /* Too many sockets */
2055 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
2056 printf("process_cookie_new: no room for another socket!\n");
2058 #endif /* SCTP_DEBUG */
2059 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2060 sctp_abort_association(*inp_p, NULL, m, iphlen,
2062 sctp_free_assoc(*inp_p, *stcb, 0);
2065 inp = (struct sctp_inpcb *)so->so_pcb;
2066 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2067 SCTP_PCB_FLAGS_CONNECTED |
2068 SCTP_PCB_FLAGS_IN_TCPPOOL |
2069 (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) |
2070 SCTP_PCB_FLAGS_DONT_WAKE);
2071 inp->sctp_features = (*inp_p)->sctp_features;
2072 inp->sctp_socket = so;
2073 inp->sctp_frag_point = (*inp_p)->sctp_frag_point;
2074 inp->partial_delivery_point = (*inp_p)->partial_delivery_point;
2075 inp->sctp_context = (*inp_p)->sctp_context;
2076 inp->inp_starting_point_for_iterator = NULL;
2078 * copy in the authentication parameters from the
2081 if (inp->sctp_ep.local_hmacs)
2082 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
2083 inp->sctp_ep.local_hmacs =
2084 sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs);
2085 if (inp->sctp_ep.local_auth_chunks)
2086 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
2087 inp->sctp_ep.local_auth_chunks =
2088 sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks);
2089 (void)sctp_copy_skeylist(&(*inp_p)->sctp_ep.shared_keys,
2090 &inp->sctp_ep.shared_keys);
2093 * Now we must move it from one hash table to
2094 * another and get the tcb in the right place.
2096 sctp_move_pcb_and_assoc(*inp_p, inp, *stcb);
2098 sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb);
2100 /* Switch over to the new guy */
2103 sctp_ulp_notify(notification, *stcb, 0, NULL);
2107 if ((notification) && ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
2108 sctp_ulp_notify(notification, *stcb, 0, NULL);
2114 sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp,
2115 struct sctp_tcb *stcb, struct sctp_nets *net)
2117 /* cp must not be used, others call this without a c-ack :-) */
2118 struct sctp_association *asoc;
2121 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2122 printf("sctp_handle_cookie_ack: handling COOKIE-ACK\n");
2130 sctp_stop_all_cookie_timers(stcb);
2131 /* process according to association state */
2132 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
2133 /* state change only needed when I am in right state */
2135 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2136 printf("moving to OPEN state\n");
2139 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
2140 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
2141 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
2142 stcb->sctp_ep, stcb, asoc->primary_destination);
2145 asoc->state = SCTP_STATE_OPEN;
2148 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
2149 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
2150 if (asoc->overall_error_count == 0) {
2151 net->RTO = sctp_calculate_rto(stcb, asoc, net,
2152 &asoc->time_entered);
2154 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
2155 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL);
2156 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
2157 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
2158 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
2159 soisconnected(stcb->sctp_ep->sctp_socket);
2161 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
2164 * since we did not send a HB make sure we don't double
2167 net->hb_responded = 1;
2169 if (stcb->asoc.sctp_autoclose_ticks &&
2170 sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) {
2171 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
2172 stcb->sctp_ep, stcb, NULL);
2175 * set ASCONF timer if ASCONFs are pending and allowed (eg.
2176 * addresses changed when init/cookie echo in flight)
2178 if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) &&
2179 (stcb->asoc.peer_supports_asconf) &&
2180 (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) {
2181 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF,
2182 stcb->sctp_ep, stcb,
2183 stcb->asoc.primary_destination);
2186 /* Toss the cookie if I can */
2187 sctp_toss_old_cookies(stcb, asoc);
2188 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
2189 /* Restart the timer if we have pending data */
2190 struct sctp_tmit_chunk *chk;
2192 chk = TAILQ_FIRST(&asoc->sent_queue);
2194 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2201 sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp,
2202 struct sctp_tcb *stcb)
2204 struct sctp_nets *net;
2205 struct sctp_tmit_chunk *lchk;
2208 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_ecne_chunk)) {
2211 SCTP_STAT_INCR(sctps_recvecne);
2212 tsn = ntohl(cp->tsn);
2213 /* ECN Nonce stuff: need a resync and disable the nonce sum check */
2214 /* Also we make sure we disable the nonce_wait */
2215 lchk = TAILQ_FIRST(&stcb->asoc.send_queue);
2217 stcb->asoc.nonce_resync_tsn = stcb->asoc.sending_seq;
2219 stcb->asoc.nonce_resync_tsn = lchk->rec.data.TSN_seq;
2221 stcb->asoc.nonce_wait_for_ecne = 0;
2222 stcb->asoc.nonce_sum_check = 0;
2224 /* Find where it was sent, if possible */
2226 lchk = TAILQ_FIRST(&stcb->asoc.sent_queue);
2228 if (lchk->rec.data.TSN_seq == tsn) {
2232 if (compare_with_wrap(lchk->rec.data.TSN_seq, tsn, MAX_SEQ))
2234 lchk = TAILQ_NEXT(lchk, sctp_next);
2237 /* default is we use the primary */
2238 net = stcb->asoc.primary_destination;
2240 if (compare_with_wrap(tsn, stcb->asoc.last_cwr_tsn, MAX_TSN)) {
2241 #ifdef SCTP_CWND_MONITOR
2244 old_cwnd = net->cwnd;
2246 SCTP_STAT_INCR(sctps_ecnereducedcwnd);
2247 net->ssthresh = net->cwnd / 2;
2248 if (net->ssthresh < net->mtu) {
2249 net->ssthresh = net->mtu;
2250 /* here back off the timer as well, to slow us down */
2253 net->cwnd = net->ssthresh;
2254 #ifdef SCTP_CWND_MONITOR
2255 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd), SCTP_CWND_LOG_FROM_SAT);
2258 * we reduce once every RTT. So we will only lower cwnd at
2259 * the next sending seq i.e. the resync_tsn.
2261 stcb->asoc.last_cwr_tsn = stcb->asoc.nonce_resync_tsn;
2264 * We always send a CWR this way if our previous one was lost our
2265 * peer will get an update, or if it is not time again to reduce we
2266 * still get the cwr to the peer.
2268 sctp_send_cwr(stcb, net, tsn);
2272 sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb)
2275 * Here we get a CWR from the peer. We must look in the outqueue and
2276 * make sure that we have a covered ECNE in teh control chunk part.
2279 struct sctp_tmit_chunk *chk;
2280 struct sctp_ecne_chunk *ecne;
2282 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
2283 if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) {
2287 * Look for and remove if it is the right TSN. Since there
2288 * is only ONE ECNE on the control queue at any one time we
2289 * don't need to worry about more than one!
2291 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
2292 if (compare_with_wrap(ntohl(cp->tsn), ntohl(ecne->tsn),
2293 MAX_TSN) || (cp->tsn == ecne->tsn)) {
2294 /* this covers this ECNE, we can remove it */
2295 stcb->asoc.ecn_echo_cnt_onq--;
2296 TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk,
2299 sctp_m_freem(chk->data);
2302 stcb->asoc.ctrl_queue_cnt--;
2303 sctp_free_remote_addr(chk->whoTo);
2304 sctp_free_a_chunk(stcb, chk);
2311 sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp,
2312 struct sctp_tcb *stcb, struct sctp_nets *net)
2314 struct sctp_association *asoc;
2317 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2318 printf("sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n");
2325 /* process according to association state */
2326 if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT) {
2327 /* unexpected SHUTDOWN-COMPLETE... so ignore... */
2328 SCTP_TCB_UNLOCK(stcb);
2331 /* notify upper layer protocol */
2332 if (stcb->sctp_socket) {
2333 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
2334 /* are the queues empty? they should be */
2335 if (!TAILQ_EMPTY(&asoc->send_queue) ||
2336 !TAILQ_EMPTY(&asoc->sent_queue) ||
2337 !TAILQ_EMPTY(&asoc->out_wheel)) {
2338 sctp_report_all_outbound(stcb);
2341 /* stop the timer */
2342 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net);
2343 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
2345 sctp_free_assoc(stcb->sctp_ep, stcb, 0);
2350 process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc,
2351 struct sctp_nets *net, uint8_t flg)
2353 switch (desc->chunk_type) {
2355 /* find the tsn to resend (possibly */
2358 struct sctp_tmit_chunk *tp1;
2360 tsn = ntohl(desc->tsn_ifany);
2361 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2363 if (tp1->rec.data.TSN_seq == tsn) {
2367 if (compare_with_wrap(tp1->rec.data.TSN_seq, tsn,
2373 tp1 = TAILQ_NEXT(tp1, sctp_next);
2377 * Do it the other way , aka without paying
2378 * attention to queue seq order.
2380 SCTP_STAT_INCR(sctps_pdrpdnfnd);
2381 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2383 if (tp1->rec.data.TSN_seq == tsn) {
2387 tp1 = TAILQ_NEXT(tp1, sctp_next);
2391 SCTP_STAT_INCR(sctps_pdrptsnnf);
2393 if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) {
2396 if ((stcb->asoc.peers_rwnd == 0) &&
2397 ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) {
2398 SCTP_STAT_INCR(sctps_pdrpdiwnp);
2401 if (stcb->asoc.peers_rwnd == 0 &&
2402 (flg & SCTP_FROM_MIDDLE_BOX)) {
2403 SCTP_STAT_INCR(sctps_pdrpdizrw);
2406 ddp = (uint8_t *) (mtod(tp1->data, caddr_t)+
2407 sizeof(struct sctp_data_chunk));
2411 for (iii = 0; iii < sizeof(desc->data_bytes);
2413 if (ddp[iii] != desc->data_bytes[iii]) {
2414 SCTP_STAT_INCR(sctps_pdrpbadd);
2420 * We zero out the nonce so resync not
2423 tp1->rec.data.ect_nonce = 0;
2427 * this guy had a RTO calculation
2428 * pending on it, cancel it
2430 tp1->whoTo->rto_pending = 0;
2433 SCTP_STAT_INCR(sctps_pdrpmark);
2434 if (tp1->sent != SCTP_DATAGRAM_RESEND)
2435 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2436 tp1->sent = SCTP_DATAGRAM_RESEND;
2438 * mark it as if we were doing a FR, since
2439 * we will be getting gap ack reports behind
2440 * the info from the router.
2442 tp1->rec.data.doing_fast_retransmit = 1;
2444 * mark the tsn with what sequences can
2447 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
2448 tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
2450 tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.TSN_seq;
2453 /* restart the timer */
2454 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2456 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2459 /* fix counts and things */
2460 if (tp1->whoTo->flight_size >= tp1->book_size)
2461 tp1->whoTo->flight_size -= tp1->book_size;
2463 tp1->whoTo->flight_size = 0;
2465 if (stcb->asoc.total_flight >= tp1->book_size) {
2466 stcb->asoc.total_flight -= tp1->book_size;
2467 if (stcb->asoc.total_flight_count > 0)
2468 stcb->asoc.total_flight_count--;
2470 stcb->asoc.total_flight = 0;
2471 stcb->asoc.total_flight_count = 0;
2479 TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) {
2480 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2483 TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue,
2485 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2488 if (audit != stcb->asoc.sent_queue_retran_cnt) {
2489 printf("**Local Audit finds cnt:%d asoc cnt:%d\n",
2490 audit, stcb->asoc.sent_queue_retran_cnt);
2491 #ifndef SCTP_AUDITING_ENABLED
2492 stcb->asoc.sent_queue_retran_cnt = audit;
2500 struct sctp_tmit_chunk *asconf;
2502 TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue,
2504 if (asconf->rec.chunk_id.id == SCTP_ASCONF) {
2509 if (asconf->sent != SCTP_DATAGRAM_RESEND)
2510 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2511 asconf->sent = SCTP_DATAGRAM_RESEND;
2512 asconf->snd_count--;
2516 case SCTP_INITIATION:
2517 /* resend the INIT */
2518 stcb->asoc.dropped_special_cnt++;
2519 if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) {
2521 * If we can get it in, in a few attempts we do
2522 * this, otherwise we let the timer fire.
2524 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep,
2526 sctp_send_initiate(stcb->sctp_ep, stcb);
2529 case SCTP_SELECTIVE_ACK:
2530 /* resend the sack */
2531 sctp_send_sack(stcb);
2533 case SCTP_HEARTBEAT_REQUEST:
2534 /* resend a demand HB */
2535 sctp_send_hb(stcb, 1, net);
2538 sctp_send_shutdown(stcb, net);
2540 case SCTP_SHUTDOWN_ACK:
2541 sctp_send_shutdown_ack(stcb, net);
2543 case SCTP_COOKIE_ECHO:
2545 struct sctp_tmit_chunk *cookie;
2548 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue,
2550 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
2555 if (cookie->sent != SCTP_DATAGRAM_RESEND)
2556 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2557 cookie->sent = SCTP_DATAGRAM_RESEND;
2558 sctp_stop_all_cookie_timers(stcb);
2562 case SCTP_COOKIE_ACK:
2563 sctp_send_cookie_ack(stcb);
2565 case SCTP_ASCONF_ACK:
2566 /* resend last asconf ack */
2567 sctp_send_asconf_ack(stcb, 1);
2569 case SCTP_FORWARD_CUM_TSN:
2570 send_forward_tsn(stcb, &stcb->asoc);
2572 /* can't do anything with these */
2573 case SCTP_PACKET_DROPPED:
2574 case SCTP_INITIATION_ACK: /* this should not happen */
2575 case SCTP_HEARTBEAT_ACK:
2576 case SCTP_ABORT_ASSOCIATION:
2577 case SCTP_OPERATION_ERROR:
2578 case SCTP_SHUTDOWN_COMPLETE:
2588 sctp_reset_in_stream(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2594 * We set things to 0xffff since this is the last delivered sequence
2595 * and we will be sending in 0 after the reset.
2598 if (number_entries) {
2599 for (i = 0; i < number_entries; i++) {
2600 temp = ntohs(list[i]);
2601 if (temp >= stcb->asoc.streamincnt) {
2604 stcb->asoc.strmin[temp].last_sequence_delivered = 0xffff;
2608 for (i = 0; i < stcb->asoc.streamincnt; i++) {
2609 stcb->asoc.strmin[i].last_sequence_delivered = 0xffff;
2612 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list);
2616 sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2620 if (number_entries == 0) {
2621 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
2622 stcb->asoc.strmout[i].next_sequence_sent = 0;
2624 } else if (number_entries) {
2625 for (i = 0; i < number_entries; i++) {
2628 temp = ntohs(list[i]);
2629 if (temp >= stcb->asoc.streamoutcnt) {
2630 /* no such stream */
2633 stcb->asoc.strmout[temp].next_sequence_sent = 0;
2636 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list);
2640 struct sctp_stream_reset_out_request *
2641 sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk)
2643 struct sctp_association *asoc;
2644 struct sctp_stream_reset_out_req *req;
2645 struct sctp_stream_reset_out_request *r;
2646 struct sctp_tmit_chunk *chk;
2650 if (TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
2653 if (stcb->asoc.str_reset == NULL) {
2656 chk = stcb->asoc.str_reset;
2657 if (chk->data == NULL) {
2661 /* he wants a copy of the chk pointer */
2664 clen = chk->send_size;
2665 req = mtod(chk->data, struct sctp_stream_reset_out_req *);
2667 if (ntohl(r->request_seq) == seq) {
2671 len = SCTP_SIZE32(ntohs(r->ph.param_length));
2672 if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) {
2673 /* move to the next one, there can only be a max of two */
2674 r = (struct sctp_stream_reset_out_request *)((caddr_t)r + len);
2675 if (ntohl(r->request_seq) == seq) {
2679 /* that seq is not here */
2684 sctp_clean_up_stream_reset(struct sctp_tcb *stcb)
2686 struct sctp_association *asoc;
2689 struct sctp_tmit_chunk *chk = stcb->asoc.str_reset;
2691 if (stcb->asoc.str_reset == NULL) {
2694 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
2695 TAILQ_REMOVE(&asoc->control_send_queue,
2699 sctp_m_freem(chk->data);
2702 asoc->ctrl_queue_cnt--;
2703 sctp_free_remote_addr(chk->whoTo);
2705 sctp_free_a_chunk(stcb, chk);
2706 stcb->asoc.str_reset = NULL;
2711 sctp_handle_stream_reset_response(struct sctp_tcb *stcb,
2712 uint32_t seq, uint32_t action,
2713 struct sctp_stream_reset_response *respin
2718 struct sctp_association *asoc = &stcb->asoc;
2719 struct sctp_tmit_chunk *chk;
2720 struct sctp_stream_reset_out_request *srparam;
2723 if (asoc->stream_reset_outstanding == 0) {
2727 if (seq == stcb->asoc.str_reset_seq_out) {
2728 srparam = sctp_find_stream_reset(stcb, seq, &chk);
2730 stcb->asoc.str_reset_seq_out++;
2731 type = ntohs(srparam->ph.param_type);
2732 lparm_len = ntohs(srparam->ph.param_length);
2733 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t);
2734 if (type == SCTP_STR_RESET_OUT_REQUEST) {
2735 asoc->stream_reset_out_is_outstanding = 0;
2736 if (asoc->stream_reset_outstanding)
2737 asoc->stream_reset_outstanding--;
2738 if (action == SCTP_STREAM_RESET_PERFORMED) {
2740 sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams);
2742 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams);
2744 } else if (type == SCTP_STR_RESET_IN_REQUEST) {
2745 /* Answered my request */
2746 if (asoc->stream_reset_outstanding)
2747 asoc->stream_reset_outstanding--;
2748 if (action != SCTP_STREAM_RESET_PERFORMED) {
2749 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, number_entries, srparam->list_of_streams);
2751 } else if (type == SCTP_STR_RESET_TSN_REQUEST) {
2753 * a) Adopt the new in tsn.
2755 * c) Adopt the new out-tsn
2757 struct sctp_stream_reset_response_tsn *resp;
2758 struct sctp_forward_tsn_chunk fwdtsn;
2761 if (respin == NULL) {
2765 if (action == SCTP_STREAM_RESET_PERFORMED) {
2766 resp = (struct sctp_stream_reset_response_tsn *)respin;
2767 asoc->stream_reset_outstanding--;
2768 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
2769 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
2770 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
2771 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
2775 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
2776 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
2777 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
2778 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
2779 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
2780 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
2782 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
2783 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
2787 /* get rid of the request and get the request flags */
2788 if (asoc->stream_reset_outstanding == 0) {
2789 sctp_clean_up_stream_reset(stcb);
2797 sctp_handle_str_reset_request_in(struct sctp_tcb *stcb,
2798 struct sctp_tmit_chunk *chk,
2799 struct sctp_stream_reset_in_request *req)
2807 * peer wants me to send a str-reset to him for my outgoing seq's if
2810 struct sctp_association *asoc = &stcb->asoc;
2812 seq = ntohl(req->request_seq);
2813 if (asoc->str_reset_seq_in == seq) {
2814 if (stcb->asoc.stream_reset_out_is_outstanding == 0) {
2815 len = ntohs(req->ph.param_length);
2816 number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t));
2817 for (i = 0; i < number_entries; i++) {
2818 temp = ntohs(req->list_of_streams[i]);
2819 req->list_of_streams[i] = temp;
2821 /* move the reset action back one */
2822 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2823 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2824 sctp_add_stream_reset_out(chk, number_entries, req->list_of_streams,
2825 asoc->str_reset_seq_out,
2826 seq, (asoc->sending_seq - 1));
2827 asoc->stream_reset_out_is_outstanding = 1;
2828 asoc->str_reset = chk;
2829 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
2830 stcb->asoc.stream_reset_outstanding++;
2832 /* Can't do it, since we have sent one out */
2833 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2834 asoc->last_reset_action[0] = SCTP_STREAM_RESET_TRY_LATER;
2835 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2837 asoc->str_reset_seq_in++;
2838 } else if (asoc->str_reset_seq_in - 1 == seq) {
2839 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2840 } else if (asoc->str_reset_seq_in - 2 == seq) {
2841 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
2843 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
2848 sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb,
2849 struct sctp_tmit_chunk *chk,
2850 struct sctp_stream_reset_tsn_request *req)
2852 /* reset all in and out and update the tsn */
2854 * A) reset my str-seq's on in and out. B) Select a receive next,
2855 * and set cum-ack to it. Also process this selected number as a
2856 * fwd-tsn as well. C) set in the response my next sending seq.
2858 struct sctp_forward_tsn_chunk fwdtsn;
2859 struct sctp_association *asoc = &stcb->asoc;
2863 seq = ntohl(req->request_seq);
2864 if (asoc->str_reset_seq_in == seq) {
2865 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
2866 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
2867 fwdtsn.ch.chunk_flags = 0;
2868 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
2869 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
2873 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
2874 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
2875 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
2876 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
2877 atomic_add_int(&stcb->asoc.sending_seq, 1);
2878 /* save off historical data for retrans */
2879 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
2880 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
2881 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
2882 stcb->asoc.last_base_tsnsent[0] = stcb->asoc.mapping_array_base_tsn;
2884 sctp_add_stream_reset_result_tsn(chk,
2885 ntohl(req->request_seq),
2886 SCTP_STREAM_RESET_PERFORMED,
2887 stcb->asoc.sending_seq,
2888 stcb->asoc.mapping_array_base_tsn);
2889 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
2890 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
2891 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
2892 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2894 asoc->str_reset_seq_in++;
2895 } else if (asoc->str_reset_seq_in - 1 == seq) {
2896 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0],
2897 stcb->asoc.last_sending_seq[0],
2898 stcb->asoc.last_base_tsnsent[0]
2900 } else if (asoc->str_reset_seq_in - 2 == seq) {
2901 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1],
2902 stcb->asoc.last_sending_seq[1],
2903 stcb->asoc.last_base_tsnsent[1]
2906 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
2912 sctp_handle_str_reset_request_out(struct sctp_tcb *stcb,
2913 struct sctp_tmit_chunk *chk,
2914 struct sctp_stream_reset_out_request *req)
2917 int number_entries, len;
2918 struct sctp_association *asoc = &stcb->asoc;
2920 seq = ntohl(req->request_seq);
2922 /* now if its not a duplicate we process it */
2923 if (asoc->str_reset_seq_in == seq) {
2924 len = ntohs(req->ph.param_length);
2925 number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t));
2927 * the sender is resetting, handle the list issue.. we must
2928 * a) verify if we can do the reset, if so no problem b) If
2929 * we can't do the reset we must copy the request. c) queue
2930 * it, and setup the data in processor to trigger it off
2931 * when needed and dequeue all the queued data.
2933 tsn = ntohl(req->send_reset_at_tsn);
2935 /* move the reset action back one */
2936 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2937 if ((tsn == asoc->cumulative_tsn) ||
2938 (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN))) {
2939 /* we can do it now */
2940 sctp_reset_in_stream(stcb, number_entries, req->list_of_streams);
2941 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
2942 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2945 * we must queue it up and thus wait for the TSN's
2946 * to arrive that are at or before tsn
2948 struct sctp_stream_reset_list *liste;
2951 siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t));
2952 SCTP_MALLOC(liste, struct sctp_stream_reset_list *,
2954 if (liste == NULL) {
2955 /* gak out of memory */
2956 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
2957 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
2961 liste->number_entries = number_entries;
2962 memcpy(&liste->req, req,
2963 (sizeof(struct sctp_stream_reset_out_request) + (number_entries * sizeof(uint16_t))));
2964 TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp);
2965 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
2966 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2968 asoc->str_reset_seq_in++;
2969 } else if ((asoc->str_reset_seq_in - 1) == seq) {
2971 * one seq back, just echo back last action since my
2972 * response was lost.
2974 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2975 } else if ((asoc->str_reset_seq_in - 2) == seq) {
2977 * two seq back, just echo back last action since my
2978 * response was lost.
2980 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
2982 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
2987 sctp_handle_stream_reset(struct sctp_tcb *stcb, struct sctp_stream_reset_out_req *sr_req)
2989 int chk_length, param_len, ptype;
2992 struct sctp_tmit_chunk *chk;
2993 struct sctp_chunkhdr *ch;
2994 struct sctp_paramhdr *ph;
2996 /* now it may be a reset or a reset-response */
2997 chk_length = ntohs(sr_req->ch.chunk_length);
3001 /* setup for adding the response */
3002 sctp_alloc_a_chunk(stcb, chk);
3006 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
3007 chk->asoc = &stcb->asoc;
3008 chk->no_fr_allowed = 0;
3009 chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr);
3010 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA);
3011 if (chk->data == NULL) {
3014 sctp_m_freem(chk->data);
3017 sctp_free_a_chunk(stcb, chk);
3020 chk->data->m_data += SCTP_MIN_OVERHEAD;
3022 /* setup chunk parameters */
3023 chk->sent = SCTP_DATAGRAM_UNSENT;
3025 chk->whoTo = stcb->asoc.primary_destination;
3026 atomic_add_int(&chk->whoTo->ref_count, 1);
3028 ch = mtod(chk->data, struct sctp_chunkhdr *);
3029 ch->chunk_type = SCTP_STREAM_RESET;
3030 ch->chunk_flags = 0;
3031 ch->chunk_length = htons(chk->send_size);
3032 chk->data->m_pkthdr.len = chk->data->m_len = SCTP_SIZE32(chk->send_size);
3035 ph = (struct sctp_paramhdr *)&sr_req->sr_req;
3036 while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) {
3037 param_len = ntohs(ph->param_length);
3038 if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) {
3042 ptype = ntohs(ph->param_type);
3044 if (num_param > SCTP_MAX_RESET_PARAMS) {
3045 /* hit the max of parameters already sorry.. */
3048 if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
3049 struct sctp_stream_reset_out_request *req_out;
3051 req_out = (struct sctp_stream_reset_out_request *)ph;
3053 if (stcb->asoc.stream_reset_outstanding) {
3054 seq = ntohl(req_out->response_seq);
3055 if (seq == stcb->asoc.str_reset_seq_out) {
3057 sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_PERFORMED, NULL);
3060 sctp_handle_str_reset_request_out(stcb, chk, req_out);
3061 } else if (ptype == SCTP_STR_RESET_IN_REQUEST) {
3062 struct sctp_stream_reset_in_request *req_in;
3065 req_in = (struct sctp_stream_reset_in_request *)ph;
3066 sctp_handle_str_reset_request_in(stcb, chk, req_in);
3067 } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) {
3068 struct sctp_stream_reset_tsn_request *req_tsn;
3071 req_tsn = (struct sctp_stream_reset_tsn_request *)ph;
3072 if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) {
3074 goto strres_nochunk;
3078 } else if (ptype == SCTP_STR_RESET_RESPONSE) {
3079 struct sctp_stream_reset_response *resp;
3082 resp = (struct sctp_stream_reset_response *)ph;
3083 seq = ntohl(resp->response_seq);
3084 result = ntohl(resp->result);
3085 if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) {
3087 goto strres_nochunk;
3093 ph = (struct sctp_paramhdr *)((caddr_t)ph + SCTP_SIZE32(param_len));
3094 chk_length -= SCTP_SIZE32(param_len);
3097 /* we have no response free the stuff */
3098 goto strres_nochunk;
3100 /* ok we have a chunk to link in */
3101 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue,
3104 stcb->asoc.ctrl_queue_cnt++;
3109 * Handle a router or endpoints report of a packet loss, there are two ways
3110 * to handle this, either we get the whole packet and must disect it
3111 * ourselves (possibly with truncation and or corruption) or it is a summary
3112 * from a middle box that did the disectting for us.
3115 sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
3116 struct sctp_tcb *stcb, struct sctp_nets *net)
3118 uint32_t bottle_bw, on_queue;
3122 struct sctp_chunk_desc desc;
3123 struct sctp_chunkhdr *ch;
3125 chlen = ntohs(cp->ch.chunk_length);
3126 chlen -= sizeof(struct sctp_pktdrop_chunk);
3127 /* XXX possible chlen underflow */
3130 if (cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX)
3131 SCTP_STAT_INCR(sctps_pdrpbwrpt);
3133 ch = (struct sctp_chunkhdr *)(cp->data + sizeof(struct sctphdr));
3134 chlen -= sizeof(struct sctphdr);
3135 /* XXX possible chlen underflow */
3136 memset(&desc, 0, sizeof(desc));
3138 trunc_len = (uint16_t) ntohs(cp->trunc_len);
3139 /* now the chunks themselves */
3140 while ((ch != NULL) && (chlen >= sizeof(struct sctp_chunkhdr))) {
3141 desc.chunk_type = ch->chunk_type;
3142 /* get amount we need to move */
3143 at = ntohs(ch->chunk_length);
3144 if (at < sizeof(struct sctp_chunkhdr)) {
3145 /* corrupt chunk, maybe at the end? */
3146 SCTP_STAT_INCR(sctps_pdrpcrupt);
3149 if (trunc_len == 0) {
3150 /* we are supposed to have all of it */
3152 /* corrupt skip it */
3153 SCTP_STAT_INCR(sctps_pdrpcrupt);
3157 /* is there enough of it left ? */
3158 if (desc.chunk_type == SCTP_DATA) {
3159 if (chlen < (sizeof(struct sctp_data_chunk) +
3160 sizeof(desc.data_bytes))) {
3164 if (chlen < sizeof(struct sctp_chunkhdr)) {
3169 if (desc.chunk_type == SCTP_DATA) {
3170 /* can we get out the tsn? */
3171 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3172 SCTP_STAT_INCR(sctps_pdrpmbda);
3174 if (chlen >= (sizeof(struct sctp_data_chunk) + sizeof(uint32_t))) {
3176 struct sctp_data_chunk *dcp;
3180 dcp = (struct sctp_data_chunk *)ch;
3181 ddp = (uint8_t *) (dcp + 1);
3182 for (iii = 0; iii < sizeof(desc.data_bytes); iii++) {
3183 desc.data_bytes[iii] = ddp[iii];
3185 desc.tsn_ifany = dcp->dp.tsn;
3187 /* nope we are done. */
3188 SCTP_STAT_INCR(sctps_pdrpnedat);
3192 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3193 SCTP_STAT_INCR(sctps_pdrpmbct);
3196 if (process_chunk_drop(stcb, &desc, net, cp->ch.chunk_flags)) {
3197 SCTP_STAT_INCR(sctps_pdrppdbrk);
3200 if (SCTP_SIZE32(at) > chlen) {
3203 chlen -= SCTP_SIZE32(at);
3204 if (chlen < sizeof(struct sctp_chunkhdr)) {
3205 /* done, none left */
3208 ch = (struct sctp_chunkhdr *)((caddr_t)ch + SCTP_SIZE32(at));
3210 /* Now update any rwnd --- possibly */
3211 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) == 0) {
3212 /* From a peer, we get a rwnd report */
3215 SCTP_STAT_INCR(sctps_pdrpfehos);
3217 bottle_bw = ntohl(cp->bottle_bw);
3218 on_queue = ntohl(cp->current_onq);
3219 if (bottle_bw && on_queue) {
3220 /* a rwnd report is in here */
3221 if (bottle_bw > on_queue)
3222 a_rwnd = bottle_bw - on_queue;
3227 stcb->asoc.peers_rwnd = 0;
3229 if (a_rwnd > stcb->asoc.total_flight) {
3230 stcb->asoc.peers_rwnd =
3231 a_rwnd - stcb->asoc.total_flight;
3233 stcb->asoc.peers_rwnd = 0;
3235 if (stcb->asoc.peers_rwnd <
3236 stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3237 /* SWS sender side engages */
3238 stcb->asoc.peers_rwnd = 0;
3243 SCTP_STAT_INCR(sctps_pdrpfmbox);
3246 /* now middle boxes in sat networks get a cwnd bump */
3247 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) &&
3248 (stcb->asoc.sat_t3_loss_recovery == 0) &&
3249 (stcb->asoc.sat_network)) {
3251 * This is debateable but for sat networks it makes sense
3252 * Note if a T3 timer has went off, we will prohibit any
3253 * changes to cwnd until we exit the t3 loss recovery.
3258 #ifdef SCTP_CWND_MONITOR
3259 int old_cwnd = net->cwnd;
3262 /* need real RTT for this calc */
3263 rtt = ((net->lastsa >> 2) + net->lastsv) >> 1;
3264 /* get bottle neck bw */
3265 bottle_bw = ntohl(cp->bottle_bw);
3266 /* and whats on queue */
3267 on_queue = ntohl(cp->current_onq);
3269 * adjust the on-queue if our flight is more it could be
3270 * that the router has not yet gotten data "in-flight" to it
3272 if (on_queue < net->flight_size)
3273 on_queue = net->flight_size;
3275 /* calculate the available space */
3276 bw_avail = (bottle_bw * rtt) / 1000;
3277 if (bw_avail > bottle_bw) {
3279 * Cap the growth to no more than the bottle neck.
3280 * This can happen as RTT slides up due to queues.
3281 * It also means if you have more than a 1 second
3282 * RTT with a empty queue you will be limited to the
3283 * bottle_bw per second no matter if other points
3284 * have 1/2 the RTT and you could get more out...
3286 bw_avail = bottle_bw;
3288 if (on_queue > bw_avail) {
3290 * No room for anything else don't allow anything
3291 * else to be "added to the fire".
3293 int seg_inflight, seg_onqueue, my_portion;
3295 net->partial_bytes_acked = 0;
3297 /* how much are we over queue size? */
3298 incr = on_queue - bw_avail;
3299 if (stcb->asoc.seen_a_sack_this_pkt) {
3301 * undo any cwnd adjustment that the sack
3304 net->cwnd = net->prev_cwnd;
3306 /* Now how much of that is mine? */
3307 seg_inflight = net->flight_size / net->mtu;
3308 seg_onqueue = on_queue / net->mtu;
3309 my_portion = (incr * seg_inflight) / seg_onqueue;
3311 /* Have I made an adjustment already */
3312 if (net->cwnd > net->flight_size) {
3314 * for this flight I made an adjustment we
3315 * need to decrease the portion by a share
3316 * our previous adjustment.
3320 diff_adj = net->cwnd - net->flight_size;
3321 if (diff_adj > my_portion)
3324 my_portion -= diff_adj;
3327 * back down to the previous cwnd (assume we have
3328 * had a sack before this packet). minus what ever
3329 * portion of the overage is my fault.
3331 net->cwnd -= my_portion;
3333 /* we will NOT back down more than 1 MTU */
3334 if (net->cwnd <= net->mtu) {
3335 net->cwnd = net->mtu;
3338 net->ssthresh = net->cwnd - 1;
3341 * Take 1/4 of the space left or max burst up ..
3342 * whichever is less.
3344 incr = min((bw_avail - on_queue) >> 2,
3345 (int)stcb->asoc.max_burst * (int)net->mtu);
3348 if (net->cwnd > bw_avail) {
3349 /* We can't exceed the pipe size */
3350 net->cwnd = bw_avail;
3352 if (net->cwnd < net->mtu) {
3353 /* We always have 1 MTU */
3354 net->cwnd = net->mtu;
3356 #ifdef SCTP_CWND_MONITOR
3357 if (net->cwnd - old_cwnd != 0) {
3358 /* log only changes */
3359 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd),
3360 SCTP_CWND_LOG_FROM_SAT);
3366 extern int sctp_strict_init;
3367 extern int sctp_abort_if_one_2_one_hits_limit;
3370 * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to
3371 * still contain IP/SCTP header - stcb: is the tcb found for this packet -
3372 * offset: offset into the mbuf chain to first chunkhdr - length: is the
3373 * length of the complete packet outputs: - length: modified to remaining
3374 * length after control processing - netp: modified to new sctp_nets after
3375 * cookie-echo processing - return NULL to discard the packet (ie. no asoc,
3376 * bad packet,...) otherwise return the tcb for this packet
3378 static struct sctp_tcb *
3379 sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
3380 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp,
3381 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen)
3383 struct sctp_association *asoc;
3385 int num_chunks = 0; /* number of control chunks processed */
3390 * How big should this be, and should it be alloc'd? Lets try the
3391 * d-mtu-ceiling for now (2k) and that should hopefully work ...
3392 * until we get into jumbo grams and such..
3394 uint8_t chunk_buf[DEFAULT_CHUNK_BUFFER];
3395 struct sctp_tcb *locked_tcb = stcb;
3397 uint32_t auth_offset = 0, auth_len = 0;
3398 int auth_skipped = 0;
3401 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
3402 printf("sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n",
3403 iphlen, *offset, length, stcb);
3405 #endif /* SCTP_DEBUG */
3407 /* validate chunk header length... */
3408 if (ntohs(ch->chunk_length) < sizeof(*ch)) {
3412 * validate the verification tag
3414 vtag_in = ntohl(sh->v_tag);
3416 if (ch->chunk_type == SCTP_INITIATION) {
3418 /* protocol error- silently discard... */
3419 SCTP_STAT_INCR(sctps_badvtag);
3421 SCTP_TCB_UNLOCK(locked_tcb);
3424 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
3426 * If there is no stcb, skip the AUTH chunk and process
3427 * later after a stcb is found (to validate the lookup was
3430 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
3431 (stcb == NULL) && !sctp_auth_disable) {
3432 /* save this chunk for later processing */
3434 auth_offset = *offset;
3435 auth_len = ntohs(ch->chunk_length);
3437 /* (temporarily) move past this chunk */
3438 *offset += SCTP_SIZE32(auth_len);
3439 if (*offset >= length) {
3440 /* no more data left in the mbuf chain */
3444 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3445 sizeof(struct sctp_chunkhdr), chunk_buf);
3447 if (ch->chunk_type == SCTP_COOKIE_ECHO) {
3448 goto process_control_chunks;
3451 * first check if it's an ASCONF with an unknown src addr we
3452 * need to look inside to find the association
3454 if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) {
3455 /* inp's refcount may be reduced */
3456 SCTP_INP_INCR_REF(inp);
3458 stcb = sctp_findassociation_ep_asconf(m, iphlen,
3459 *offset, sh, &inp, netp);
3462 * reduce inp's refcount if not reduced in
3463 * sctp_findassociation_ep_asconf().
3465 SCTP_INP_DECR_REF(inp);
3467 /* now go back and verify any auth chunk to be sure */
3468 if (auth_skipped && (stcb != NULL)) {
3469 struct sctp_auth_chunk *auth;
3471 auth = (struct sctp_auth_chunk *)
3472 sctp_m_getptr(m, auth_offset,
3473 auth_len, chunk_buf);
3476 if (sctp_handle_auth(stcb, auth, m,
3478 /* auth HMAC failed so dump it */
3482 /* remaining chunks are HMAC checked */
3483 stcb->asoc.authenticated = 1;
3488 /* no association, so it's out of the blue... */
3489 sctp_handle_ootb(m, iphlen, *offset, sh, inp, NULL);
3492 SCTP_TCB_UNLOCK(locked_tcb);
3496 /* ABORT and SHUTDOWN can use either v_tag... */
3497 if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) ||
3498 (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) ||
3499 (ch->chunk_type == SCTP_PACKET_DROPPED)) {
3500 if ((vtag_in == asoc->my_vtag) ||
3501 ((ch->chunk_flags & SCTP_HAD_NO_TCB) &&
3502 (vtag_in == asoc->peer_vtag))) {
3505 /* drop this packet... */
3506 SCTP_STAT_INCR(sctps_badvtag);
3508 SCTP_TCB_UNLOCK(locked_tcb);
3511 } else if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
3512 if (vtag_in != asoc->my_vtag) {
3514 * this could be a stale SHUTDOWN-ACK or the
3515 * peer never got the SHUTDOWN-COMPLETE and
3516 * is still hung; we have started a new asoc
3517 * but it won't complete until the shutdown
3521 SCTP_TCB_UNLOCK(locked_tcb);
3522 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
3527 /* for all other chunks, vtag must match */
3528 if (vtag_in != asoc->my_vtag) {
3529 /* invalid vtag... */
3531 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3532 printf("invalid vtag: %xh, expect %xh\n", vtag_in, asoc->my_vtag);
3534 #endif /* SCTP_DEBUG */
3535 SCTP_STAT_INCR(sctps_badvtag);
3537 SCTP_TCB_UNLOCK(locked_tcb);
3542 } /* end if !SCTP_COOKIE_ECHO */
3544 * process all control chunks...
3546 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
3547 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
3548 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
3549 /* implied cookie-ack.. we must have lost the ack */
3550 stcb->asoc.overall_error_count = 0;
3551 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
3554 process_control_chunks:
3556 while (IS_SCTP_CONTROL(ch)) {
3557 /* validate chunk length */
3558 chk_length = ntohs(ch->chunk_length);
3560 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
3561 printf("sctp_process_control: processing a chunk type=%u, len=%u\n",
3562 ch->chunk_type, chk_length);
3564 #endif /* SCTP_DEBUG */
3565 if ((size_t)chk_length < sizeof(*ch) ||
3566 (*offset + chk_length) > length) {
3569 SCTP_TCB_UNLOCK(locked_tcb);
3572 SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks);
3574 * INIT-ACK only gets the init ack "header" portion only
3575 * because we don't have to process the peer's COOKIE. All
3576 * others get a complete chunk.
3578 if (ch->chunk_type == SCTP_INITIATION_ACK) {
3579 /* get an init-ack chunk */
3580 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3581 sizeof(struct sctp_init_ack_chunk), chunk_buf);
3585 SCTP_TCB_UNLOCK(locked_tcb);
3589 /* get a complete chunk... */
3590 if ((size_t)chk_length > sizeof(chunk_buf)) {
3592 struct sctp_paramhdr *phdr;
3595 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
3596 1, M_DONTWAIT, 1, MT_DATA);
3598 /* pre-reserve some space */
3599 oper->m_data += sizeof(struct sctp_chunkhdr);
3600 oper->m_len = sizeof(struct sctp_paramhdr);
3601 oper->m_pkthdr.len = oper->m_len;
3602 phdr = mtod(oper, struct sctp_paramhdr *);
3603 phdr->param_type = htons(SCTP_CAUSE_OUT_OF_RESC);
3604 phdr->param_length = htons(sizeof(struct sctp_paramhdr));
3605 sctp_queue_op_err(stcb, oper);
3608 SCTP_TCB_UNLOCK(locked_tcb);
3611 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3612 chk_length, chunk_buf);
3614 printf("sctp_process_control: Can't get the all data....\n");
3617 SCTP_TCB_UNLOCK(locked_tcb);
3622 /* Save off the last place we got a control from */
3624 if ((*netp != NULL) || (ch->chunk_type == SCTP_ASCONF)) {
3626 * allow last_control to be NULL if
3627 * ASCONF... ASCONF processing will find the
3630 stcb->asoc.last_control_chunk_from = *netp;
3633 #ifdef SCTP_AUDITING_ENABLED
3634 sctp_audit_log(0xB0, ch->chunk_type);
3637 /* check to see if this chunk required auth, but isn't */
3638 if ((stcb != NULL) && !sctp_auth_disable &&
3639 sctp_auth_is_required_chunk(ch->chunk_type,
3640 stcb->asoc.local_auth_chunks) &&
3641 !stcb->asoc.authenticated) {
3642 /* "silently" ignore */
3643 SCTP_STAT_INCR(sctps_recvauthmissing);
3646 switch (ch->chunk_type) {
3647 case SCTP_INITIATION:
3648 /* must be first and only chunk */
3650 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3651 printf("SCTP_INIT\n");
3653 #endif /* SCTP_DEBUG */
3654 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3655 /* We are not interested anymore? */
3656 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3658 * collision case where we are
3659 * sending to them too
3664 SCTP_TCB_UNLOCK(locked_tcb);
3669 if ((num_chunks > 1) ||
3670 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3673 SCTP_TCB_UNLOCK(locked_tcb);
3676 if ((stcb != NULL) &&
3677 (SCTP_GET_STATE(&stcb->asoc) ==
3678 SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3679 sctp_send_shutdown_ack(stcb,
3680 stcb->asoc.primary_destination);
3682 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3684 SCTP_TCB_UNLOCK(locked_tcb);
3687 sctp_handle_init(m, iphlen, *offset, sh,
3688 (struct sctp_init_chunk *)ch, inp, stcb, *netp);
3691 SCTP_TCB_UNLOCK(locked_tcb);
3694 case SCTP_INITIATION_ACK:
3695 /* must be first and only chunk */
3697 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3698 printf("SCTP_INIT-ACK\n");
3700 #endif /* SCTP_DEBUG */
3701 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3702 /* We are not interested anymore */
3703 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3707 SCTP_TCB_UNLOCK(locked_tcb);
3710 sctp_free_assoc(inp, stcb, 0);
3715 if ((num_chunks > 1) ||
3716 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3719 SCTP_TCB_UNLOCK(locked_tcb);
3722 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
3723 (struct sctp_init_ack_chunk *)ch, stcb, *netp);
3725 * Special case, I must call the output routine to
3726 * get the cookie echoed
3728 if ((stcb) && ret == 0)
3729 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3732 SCTP_TCB_UNLOCK(locked_tcb);
3735 case SCTP_SELECTIVE_ACK:
3737 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3738 printf("SCTP_SACK\n");
3740 #endif /* SCTP_DEBUG */
3741 SCTP_STAT_INCR(sctps_recvsacks);
3743 struct sctp_sack_chunk *sack;
3745 uint32_t a_rwnd, cum_ack;
3749 sack = (struct sctp_sack_chunk *)ch;
3751 nonce_sum_flag = ch->chunk_flags & SCTP_SACK_NONCE_SUM;
3752 cum_ack = ntohl(sack->sack.cum_tsn_ack);
3753 num_seg = ntohs(sack->sack.num_gap_ack_blks);
3754 a_rwnd = (uint32_t) ntohl(sack->sack.a_rwnd);
3755 stcb->asoc.seen_a_sack_this_pkt = 1;
3756 if ((stcb->asoc.pr_sctp_cnt == 0) &&
3758 ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) ||
3759 (cum_ack == stcb->asoc.last_acked_seq)) &&
3760 (stcb->asoc.saw_sack_with_frags == 0) &&
3761 (!TAILQ_EMPTY(&stcb->asoc.sent_queue))
3764 * We have a SIMPLE sack having no
3765 * prior segments and data on sent
3766 * queue to be acked.. Use the
3767 * faster path sack processing. We
3768 * also allow window update sacks
3769 * with no missing segments to go
3772 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag, &abort_now);
3774 sctp_handle_sack(sack, stcb, *netp, &abort_now);
3777 /* ABORT signal from sack processing */
3783 case SCTP_HEARTBEAT_REQUEST:
3785 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3786 printf("SCTP_HEARTBEAT\n");
3788 #endif /* SCTP_DEBUG */
3789 SCTP_STAT_INCR(sctps_recvheartbeat);
3790 sctp_send_heartbeat_ack(stcb, m, *offset, chk_length,
3793 /* He's alive so give him credit */
3794 stcb->asoc.overall_error_count = 0;
3796 case SCTP_HEARTBEAT_ACK:
3798 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3799 printf("SCTP_HEARTBEAT-ACK\n");
3801 #endif /* SCTP_DEBUG */
3803 /* He's alive so give him credit */
3804 stcb->asoc.overall_error_count = 0;
3805 SCTP_STAT_INCR(sctps_recvheartbeatack);
3806 sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch,
3809 case SCTP_ABORT_ASSOCIATION:
3811 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3812 printf("SCTP_ABORT\n");
3814 #endif /* SCTP_DEBUG */
3815 sctp_handle_abort((struct sctp_abort_chunk *)ch,
3822 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3823 printf("SCTP_SHUTDOWN\n");
3825 #endif /* SCTP_DEBUG */
3829 sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch,
3830 stcb, *netp, &abort_flag);
3837 case SCTP_SHUTDOWN_ACK:
3839 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3840 printf("SCTP_SHUTDOWN-ACK\n");
3842 #endif /* SCTP_DEBUG */
3843 sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp);
3847 case SCTP_OPERATION_ERROR:
3849 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3850 printf("SCTP_OP-ERR\n");
3852 #endif /* SCTP_DEBUG */
3853 if (sctp_handle_error(ch, stcb, *netp) < 0) {
3858 case SCTP_COOKIE_ECHO:
3860 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3861 printf("SCTP_COOKIE-ECHO stcb is %p\n", stcb);
3863 #endif /* SCTP_DEBUG */
3864 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3867 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) &&
3869 /* We are not interested anymore */
3875 * First are we accepting? We do this again here
3876 * since it is possible that a previous endpoint WAS
3877 * listening responded to a INIT-ACK and then
3878 * closed. We opened and bound.. and are now no
3881 if (inp->sctp_socket->so_qlimit == 0) {
3882 if ((stcb) && (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
3884 * special case, is this a retran'd
3885 * COOKIE-ECHO or a restarting assoc
3886 * that is a peeled off or
3887 * one-to-one style socket.
3889 goto process_cookie_anyway;
3891 sctp_abort_association(inp, stcb, m, iphlen, sh,
3895 } else if (inp->sctp_socket->so_qlimit) {
3896 /* we are accepting so check limits like TCP */
3897 if (inp->sctp_socket->so_qlen >
3898 inp->sctp_socket->so_qlimit) {
3901 struct sctp_paramhdr *phdr;
3903 if (sctp_abort_if_one_2_one_hits_limit) {
3905 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
3906 1, M_DONTWAIT, 1, MT_DATA);
3909 oper->m_pkthdr.len =
3910 sizeof(struct sctp_paramhdr);
3912 struct sctp_paramhdr *);
3914 htons(SCTP_CAUSE_OUT_OF_RESC);
3915 phdr->param_length =
3916 htons(sizeof(struct sctp_paramhdr));
3918 sctp_abort_association(inp, stcb, m,
3925 process_cookie_anyway:
3927 struct mbuf *ret_buf;
3930 sctp_handle_cookie_echo(m, iphlen,
3932 (struct sctp_cookie_echo_chunk *)ch,
3938 if (ret_buf == NULL) {
3940 SCTP_TCB_UNLOCK(locked_tcb);
3943 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3944 printf("GAK, null buffer\n");
3946 #endif /* SCTP_DEBUG */
3951 /* if AUTH skipped, see if it verified... */
3956 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) {
3958 * Restart the timer if we have
3961 struct sctp_tmit_chunk *chk;
3963 chk = TAILQ_FIRST(&stcb->asoc.sent_queue);
3965 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
3966 stcb->sctp_ep, stcb,
3972 case SCTP_COOKIE_ACK:
3974 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3975 printf("SCTP_COOKIE-ACK\n");
3977 #endif /* SCTP_DEBUG */
3979 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3980 /* We are not interested anymore */
3981 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3984 sctp_free_assoc(inp, stcb, 0);
3989 /* He's alive so give him credit */
3990 stcb->asoc.overall_error_count = 0;
3991 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
3995 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3996 printf("SCTP_ECN-ECHO\n");
3998 #endif /* SCTP_DEBUG */
3999 /* He's alive so give him credit */
4000 stcb->asoc.overall_error_count = 0;
4001 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
4006 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4007 printf("SCTP_ECN-CWR\n");
4009 #endif /* SCTP_DEBUG */
4010 /* He's alive so give him credit */
4011 stcb->asoc.overall_error_count = 0;
4013 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
4015 case SCTP_SHUTDOWN_COMPLETE:
4017 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4018 printf("SCTP_SHUTDOWN-COMPLETE\n");
4020 #endif /* SCTP_DEBUG */
4021 /* must be first and only chunk */
4022 if ((num_chunks > 1) ||
4023 (length - *offset > SCTP_SIZE32(chk_length))) {
4026 SCTP_TCB_UNLOCK(locked_tcb);
4030 sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch,
4037 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4038 printf("SCTP_ASCONF\n");
4040 #endif /* SCTP_DEBUG */
4041 /* He's alive so give him credit */
4042 stcb->asoc.overall_error_count = 0;
4044 sctp_handle_asconf(m, *offset,
4045 (struct sctp_asconf_chunk *)ch, stcb);
4047 case SCTP_ASCONF_ACK:
4049 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4050 printf("SCTP_ASCONF-ACK\n");
4052 #endif /* SCTP_DEBUG */
4053 /* He's alive so give him credit */
4054 stcb->asoc.overall_error_count = 0;
4056 sctp_handle_asconf_ack(m, *offset,
4057 (struct sctp_asconf_ack_chunk *)ch, stcb, *netp);
4059 case SCTP_FORWARD_CUM_TSN:
4061 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4062 printf("SCTP_FWD-TSN\n");
4064 #endif /* SCTP_DEBUG */
4065 /* He's alive so give him credit */
4069 stcb->asoc.overall_error_count = 0;
4071 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4072 /* We are not interested anymore */
4073 sctp_free_assoc(inp, stcb, 0);
4077 sctp_handle_forward_tsn(stcb,
4078 (struct sctp_forward_tsn_chunk *)ch, &abort_flag);
4083 stcb->asoc.overall_error_count = 0;
4088 case SCTP_STREAM_RESET:
4090 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4091 printf("SCTP_STREAM_RESET\n");
4093 #endif /* SCTP_DEBUG */
4094 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4095 chk_length, chunk_buf);
4096 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4097 /* We are not interested anymore */
4098 sctp_free_assoc(inp, stcb, 0);
4102 if (stcb->asoc.peer_supports_strreset == 0) {
4104 * hmm, peer should have announced this, but
4105 * we will turn it on since he is sending us
4108 stcb->asoc.peer_supports_strreset = 1;
4110 if (sctp_handle_stream_reset(stcb, (struct sctp_stream_reset_out_req *)ch)) {
4111 /* stop processing */
4116 case SCTP_PACKET_DROPPED:
4118 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4119 printf("SCTP_PACKET_DROPPED\n");
4121 #endif /* SCTP_DEBUG */
4122 /* re-get it all please */
4123 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4124 chk_length, chunk_buf);
4126 sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch,
4131 case SCTP_AUTHENTICATION:
4133 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4134 printf("SCTP_AUTHENTICATION\n");
4136 #endif /* SCTP_DEBUG */
4137 if (sctp_auth_disable)
4141 /* save the first AUTH for later processing */
4142 if (auth_skipped == 0) {
4143 auth_offset = *offset;
4144 auth_len = chk_length;
4147 /* skip this chunk (temporarily) */
4150 if (got_auth == 1) {
4151 /* skip this chunk... it's already auth'd */
4154 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4155 chk_length, chunk_buf);
4157 if (sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch,
4159 /* auth HMAC failed so dump the packet */
4163 /* remaining chunks are HMAC checked */
4164 stcb->asoc.authenticated = 1;
4170 /* it's an unknown chunk! */
4171 if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
4173 struct sctp_paramhdr *phd;
4175 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4176 1, M_DONTWAIT, 1, MT_DATA);
4178 phd = mtod(mm, struct sctp_paramhdr *);
4180 * We cheat and use param type since
4181 * we did not bother to define a
4182 * error cause struct. They are the
4183 * same basic format with different
4186 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
4187 phd->param_length = htons(chk_length + sizeof(*phd));
4188 mm->m_len = sizeof(*phd);
4189 mm->m_next = sctp_m_copym(m, *offset, SCTP_SIZE32(chk_length),
4192 mm->m_pkthdr.len = SCTP_SIZE32(chk_length) + sizeof(*phd);
4193 sctp_queue_op_err(stcb, mm);
4199 if ((ch->chunk_type & 0x80) == 0) {
4200 /* discard this packet */
4203 } /* else skip this bad chunk and continue... */
4205 } /* switch (ch->chunk_type) */
4209 /* get the next chunk */
4210 *offset += SCTP_SIZE32(chk_length);
4211 if (*offset >= length) {
4212 /* no more data left in the mbuf chain */
4215 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4216 sizeof(struct sctp_chunkhdr), chunk_buf);
4219 SCTP_TCB_UNLOCK(locked_tcb);
4229 * Process the ECN bits we have something set so we must look to see if it is
4230 * ECN(0) or ECN(1) or CE
4232 static __inline void
4233 sctp_process_ecn_marked_a(struct sctp_tcb *stcb, struct sctp_nets *net,
4236 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4238 } else if ((ecn_bits & SCTP_ECT1_BIT) == SCTP_ECT1_BIT) {
4240 * we only add to the nonce sum for ECT1, ECT0 does not
4241 * change the NS bit (that we have yet to find a way to send
4245 /* ECN Nonce stuff */
4246 stcb->asoc.receiver_nonce_sum++;
4247 stcb->asoc.receiver_nonce_sum &= SCTP_SACK_NONCE_SUM;
4250 * Drag up the last_echo point if cumack is larger since we
4251 * don't want the point falling way behind by more than
4252 * 2^^31 and then having it be incorrect.
4254 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4255 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4256 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4258 } else if ((ecn_bits & SCTP_ECT0_BIT) == SCTP_ECT0_BIT) {
4260 * Drag up the last_echo point if cumack is larger since we
4261 * don't want the point falling way behind by more than
4262 * 2^^31 and then having it be incorrect.
4264 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4265 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4266 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4271 static __inline void
4272 sctp_process_ecn_marked_b(struct sctp_tcb *stcb, struct sctp_nets *net,
4273 uint32_t high_tsn, uint8_t ecn_bits)
4275 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4277 * we possibly must notify the sender that a congestion
4278 * window reduction is in order. We do this by adding a ECNE
4279 * chunk to the output chunk queue. The incoming CWR will
4280 * remove this chunk.
4282 if (compare_with_wrap(high_tsn, stcb->asoc.last_echo_tsn,
4284 /* Yep, we need to add a ECNE */
4285 sctp_send_ecn_echo(stcb, net, high_tsn);
4286 stcb->asoc.last_echo_tsn = high_tsn;
4292 * common input chunk processing (v4 and v6)
4295 sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
4296 int length, struct sctphdr *sh, struct sctp_chunkhdr *ch,
4297 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
4301 * Control chunk processing
4304 int fwd_tsn_seen = 0, data_processed = 0;
4305 struct mbuf *m = *mm;
4309 SCTP_STAT_INCR(sctps_recvdatagrams);
4310 #ifdef SCTP_AUDITING_ENABLED
4311 sctp_audit_log(0xE0, 1);
4312 sctp_auditing(0, inp, stcb, net);
4316 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4317 printf("Ok, Common input processing called, m:%x iphlen:%d offset:%d\n",
4318 (uint32_t) m, iphlen, offset);
4320 #endif /* SCTP_DEBUG */
4323 /* always clear this before beginning a packet */
4324 stcb->asoc.authenticated = 0;
4325 stcb->asoc.seen_a_sack_this_pkt = 0;
4327 if (IS_SCTP_CONTROL(ch)) {
4328 /* process the control portion of the SCTP packet */
4329 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
4330 inp, stcb, &net, &fwd_tsn_seen);
4333 * This covers us if the cookie-echo was there and
4334 * it changes our INP.
4336 inp = stcb->sctp_ep;
4340 * no control chunks, so pre-process DATA chunks (these
4341 * checks are taken care of by control processing)
4345 * if DATA only packet, and auth is required, then punt...
4346 * can't have authenticated without any AUTH (control)
4349 if ((stcb != NULL) && !sctp_auth_disable &&
4350 sctp_auth_is_required_chunk(SCTP_DATA,
4351 stcb->asoc.local_auth_chunks)) {
4352 /* "silently" ignore */
4353 SCTP_STAT_INCR(sctps_recvauthmissing);
4354 SCTP_TCB_UNLOCK(stcb);
4358 /* out of the blue DATA chunk */
4359 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4362 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) {
4363 /* v_tag mismatch! */
4364 SCTP_STAT_INCR(sctps_badvtag);
4365 SCTP_TCB_UNLOCK(stcb);
4372 * no valid TCB for this packet, or we found it's a bad
4373 * packet while processing control, or we're done with this
4374 * packet (done or skip rest of data), so we drop it...
4379 * DATA chunk processing
4381 /* plow through the data chunks while length > offset */
4384 * Rest should be DATA only. Check authentication state if AUTH for
4387 if ((stcb != NULL) && !sctp_auth_disable &&
4388 sctp_auth_is_required_chunk(SCTP_DATA,
4389 stcb->asoc.local_auth_chunks) &&
4390 !stcb->asoc.authenticated) {
4391 /* "silently" ignore */
4392 SCTP_STAT_INCR(sctps_recvauthmissing);
4394 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
4395 printf("Data chunk requires AUTH, skipped\n");
4397 SCTP_TCB_UNLOCK(stcb);
4400 if (length > offset) {
4404 * First check to make sure our state is correct. We would
4405 * not get here unless we really did have a tag, so we don't
4406 * abort if this happens, just dump the chunk silently.
4408 switch (SCTP_GET_STATE(&stcb->asoc)) {
4409 case SCTP_STATE_COOKIE_ECHOED:
4411 * we consider data with valid tags in this state
4412 * shows us the cookie-ack was lost. Imply it was
4415 stcb->asoc.overall_error_count = 0;
4416 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
4418 case SCTP_STATE_COOKIE_WAIT:
4420 * We consider OOTB any data sent during asoc setup.
4422 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4423 SCTP_TCB_UNLOCK(stcb);
4426 case SCTP_STATE_EMPTY: /* should not happen */
4427 case SCTP_STATE_INUSE: /* should not happen */
4428 case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */
4429 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4431 SCTP_TCB_UNLOCK(stcb);
4434 case SCTP_STATE_OPEN:
4435 case SCTP_STATE_SHUTDOWN_SENT:
4438 /* take care of ECN, part 1. */
4439 if (stcb->asoc.ecn_allowed &&
4440 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4441 sctp_process_ecn_marked_a(stcb, net, ecn_bits);
4443 /* plow through the data chunks while length > offset */
4444 retval = sctp_process_data(mm, iphlen, &offset, length, sh,
4445 inp, stcb, net, &high_tsn);
4448 * The association aborted, NO UNLOCK needed since
4449 * the association is destroyed.
4455 /* take care of ecn part 2. */
4456 if (stcb->asoc.ecn_allowed &&
4457 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4458 sctp_process_ecn_marked_b(stcb, net, high_tsn,
4463 * Anything important needs to have been m_copy'ed in
4467 if ((data_processed == 0) && (fwd_tsn_seen)) {
4470 if (compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
4471 stcb->asoc.cumulative_tsn, MAX_TSN)) {
4472 /* there was a gap before this data was processed */
4475 sctp_sack_check(stcb, 1, was_a_gap, &abort_flag);
4477 /* Again, we aborted so NO UNLOCK needed */
4481 /* trigger send of any chunks in queue... */
4482 #ifdef SCTP_AUDITING_ENABLED
4483 sctp_audit_log(0xE0, 2);
4484 sctp_auditing(1, inp, stcb, net);
4487 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4488 printf("Check for chunk output prw:%d tqe:%d tf=%d\n",
4489 stcb->asoc.peers_rwnd,
4490 TAILQ_EMPTY(&stcb->asoc.control_send_queue),
4491 stcb->asoc.total_flight);
4494 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight);
4496 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue) ||
4498 (stcb->asoc.peers_rwnd > 0 ||
4499 (stcb->asoc.peers_rwnd <= 0 && stcb->asoc.total_flight == 0)))) {
4501 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4502 printf("Calling chunk OUTPUT\n");
4505 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
4507 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4508 printf("chunk OUTPUT returns\n");
4512 #ifdef SCTP_AUDITING_ENABLED
4513 sctp_audit_log(0xE0, 3);
4514 sctp_auditing(2, inp, stcb, net);
4516 SCTP_TCB_UNLOCK(stcb);
4520 extern int sctp_no_csum_on_loopback;
4529 #ifdef SCTP_MBUF_LOGGING
4538 struct sctp_inpcb *inp = NULL;
4540 uint32_t check, calc_check;
4541 struct sctp_nets *net;
4542 struct sctp_tcb *stcb = NULL;
4543 struct sctp_chunkhdr *ch;
4544 int refcount_up = 0;
4545 int length, mlen, offset;
4550 SCTP_STAT_INCR(sctps_recvpackets);
4551 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
4554 * Strip IP options, we don't allow any in or out.
4556 #ifdef SCTP_MBUF_LOGGING
4557 /* Log in any input mbufs */
4560 if (mat->m_flags & M_EXT) {
4561 sctp_log_mb(mat, SCTP_MBUF_INPUT);
4566 if ((size_t)iphlen > sizeof(struct ip)) {
4567 ip_stripoptions(m, (struct mbuf *)0);
4568 iphlen = sizeof(struct ip);
4571 * Get IP, SCTP, and first chunk header together in first mbuf.
4573 ip = mtod(m, struct ip *);
4574 offset = iphlen + sizeof(*sh) + sizeof(*ch);
4575 if (m->m_len < offset) {
4576 if ((m = m_pullup(m, offset)) == 0) {
4577 SCTP_STAT_INCR(sctps_hdrops);
4580 ip = mtod(m, struct ip *);
4582 sh = (struct sctphdr *)((caddr_t)ip + iphlen);
4583 ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(*sh));
4585 /* SCTP does not allow broadcasts or multicasts */
4586 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
4589 if (((ch->chunk_type == SCTP_INITIATION) ||
4590 (ch->chunk_type == SCTP_INITIATION_ACK) ||
4591 (ch->chunk_type == SCTP_COOKIE_ECHO)) &&
4592 (in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))) {
4594 * We only look at broadcast if its a front state, All
4595 * others we will not have a tcb for anyway.
4599 /* destination port of 0 is illegal, based on RFC2960. */
4600 if (sh->dest_port == 0) {
4601 SCTP_STAT_INCR(sctps_hdrops);
4604 /* validate SCTP checksum */
4605 if ((sctp_no_csum_on_loopback == 0) ||
4606 (m->m_pkthdr.rcvif == NULL) ||
4607 (m->m_pkthdr.rcvif->if_type != IFT_LOOP)) {
4609 * we do NOT validate things from the loopback if the sysctl
4612 check = sh->checksum; /* save incoming checksum */
4613 if ((check == 0) && (sctp_no_csum_on_loopback)) {
4615 * special hook for where we got a local address
4616 * somehow routed across a non IFT_LOOP type
4619 if (ip->ip_src.s_addr == ip->ip_dst.s_addr)
4620 goto sctp_skip_csum_4;
4622 sh->checksum = 0; /* prepare for calc */
4623 calc_check = sctp_calculate_sum(m, &mlen, iphlen);
4624 if (calc_check != check) {
4626 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4627 printf("Bad CSUM on SCTP packet calc_check:%x check:%x m:%x mlen:%d iphlen:%d\n",
4628 calc_check, check, (uint32_t) m, mlen, iphlen);
4632 stcb = sctp_findassociation_addr(m, iphlen,
4633 offset - sizeof(*ch),
4634 sh, ch, &inp, &net);
4635 if ((inp) && (stcb)) {
4636 sctp_send_packet_dropped(stcb, net, m, iphlen, 1);
4637 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR);
4638 } else if ((inp != NULL) && (stcb == NULL)) {
4641 SCTP_STAT_INCR(sctps_badsum);
4642 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors);
4645 sh->checksum = calc_check;
4648 mlen = m->m_pkthdr.len;
4650 /* validate mbuf chain length with IP payload length */
4651 if (mlen < (ip->ip_len - iphlen)) {
4652 SCTP_STAT_INCR(sctps_hdrops);
4656 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants
4657 * IP/SCTP/first chunk header...
4659 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch),
4660 sh, ch, &inp, &net);
4661 /* inp's ref-count increased && stcb locked */
4663 struct sctp_init_chunk *init_chk, chunk_buf;
4665 SCTP_STAT_INCR(sctps_noport);
4668 * we use the bandwidth limiting to protect against sending
4669 * too many ABORTS all at once. In this case these count the
4670 * same as an ICMP message.
4672 if (badport_bandlim(0) < 0)
4674 #endif /* ICMP_BANDLIM */
4676 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4677 printf("Sending a ABORT from packet entry!\n");
4680 if (ch->chunk_type == SCTP_INITIATION) {
4682 * we do a trick here to get the INIT tag, dig in
4683 * and get the tag from the INIT and put it in the
4686 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m,
4687 iphlen + sizeof(*sh), sizeof(*init_chk),
4688 (uint8_t *) & chunk_buf);
4689 if (init_chk != NULL)
4690 sh->v_tag = init_chk->init.initiate_tag;
4692 sctp_send_abort(m, iphlen, sh, 0, NULL);
4694 } else if (stcb == NULL) {
4699 * I very much doubt any of the IPSEC stuff will work but I have no
4700 * idea, so I will leave it in place.
4703 if (ipsec4_in_reject_so(m, inp->ip_inp.inp.inp_socket)) {
4704 ipsecstat.in_polvio++;
4705 SCTP_STAT_INCR(sctps_hdrops);
4713 * common chunk processing
4715 length = ip->ip_len + iphlen;
4716 offset -= sizeof(struct sctp_chunkhdr);
4718 ecn_bits = ip->ip_tos;
4721 sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
4722 inp, stcb, net, ecn_bits);
4723 /* inp's ref-count reduced && stcb unlocked */
4728 if ((inp) && (refcount_up)) {
4729 /* reduce ref-count */
4730 SCTP_INP_WLOCK(inp);
4731 SCTP_INP_DECR_REF(inp);
4732 SCTP_INP_WUNLOCK(inp);
4737 SCTP_TCB_UNLOCK(stcb);
4739 if ((inp) && (refcount_up)) {
4740 /* reduce ref-count */
4741 SCTP_INP_WLOCK(inp);
4742 SCTP_INP_DECR_REF(inp);
4743 SCTP_INP_WUNLOCK(inp);