2 * Copyright (c) 2001-2007, Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_auth.h>
45 #include <netinet/sctp_indata.h>
46 #include <netinet/sctp_asconf.h>
52 sctp_stop_all_cookie_timers(struct sctp_tcb *stcb)
54 struct sctp_nets *net;
57 * This now not only stops all cookie timers it also stops any INIT
58 * timers as well. This will make sure that the timers are stopped
59 * in all collision cases.
61 SCTP_TCB_LOCK_ASSERT(stcb);
62 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
63 if (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE) {
64 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE,
67 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_1);
68 } else if (net->rxt_timer.type == SCTP_TIMER_TYPE_INIT) {
69 sctp_timer_stop(SCTP_TIMER_TYPE_INIT,
72 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2);
79 sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
80 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
81 struct sctp_nets *net, int *abort_no_unlock)
83 struct sctp_init *init;
88 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
89 printf("sctp_handle_init: handling INIT tcb:%p\n", stcb);
94 /* First are we accepting? */
95 if ((inp->sctp_socket->so_qlimit == 0) && (stcb == NULL)) {
97 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
98 printf("sctp_handle_init: Abort, so_qlimit:%d\n", inp->sctp_socket->so_qlimit);
102 * FIX ME ?? What about TCP model and we have a
103 * match/restart case?
105 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
107 *abort_no_unlock = 1;
110 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) {
112 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
113 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
115 *abort_no_unlock = 1;
118 /* validate parameters */
119 if (init->initiate_tag == 0) {
120 /* protocol error... send abort */
121 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
122 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
124 *abort_no_unlock = 1;
127 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) {
128 /* invalid parameter... send abort */
129 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
130 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
133 if (init->num_inbound_streams == 0) {
134 /* protocol error... send abort */
135 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
138 *abort_no_unlock = 1;
141 if (init->num_outbound_streams == 0) {
142 /* protocol error... send abort */
143 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
144 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
146 *abort_no_unlock = 1;
149 init_limit = offset + ntohs(cp->ch.chunk_length);
150 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp),
152 /* auth parameter(s) error... send abort */
153 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL);
155 *abort_no_unlock = 1;
158 /* send an INIT-ACK w/cookie */
160 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
161 printf("sctp_handle_init: sending INIT-ACK\n");
164 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp);
168 * process peer "INIT/INIT-ACK" chunk returns value < 0 on error
171 sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb,
172 struct sctp_nets *net)
174 struct sctp_init *init;
175 struct sctp_association *asoc;
176 struct sctp_nets *lnet;
181 /* save off parameters */
182 asoc->peer_vtag = ntohl(init->initiate_tag);
183 asoc->peers_rwnd = ntohl(init->a_rwnd);
184 if (TAILQ_FIRST(&asoc->nets)) {
185 /* update any ssthresh's that may have a default */
186 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
187 lnet->ssthresh = asoc->peers_rwnd;
189 #if defined(SCTP_CWND_MONITOR) || defined(SCTP_CWND_LOGGING)
190 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
195 SCTP_TCB_SEND_LOCK(stcb);
196 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
198 struct sctp_stream_out *outs;
199 struct sctp_stream_queue_pending *sp;
201 /* cut back on number of streams */
202 newcnt = ntohs(init->num_inbound_streams);
203 /* This if is probably not needed but I am cautious */
205 /* First make sure no data chunks are trapped */
206 for (i = newcnt; i < asoc->pre_open_streams; i++) {
207 outs = &asoc->strmout[i];
208 sp = TAILQ_FIRST(&outs->outqueue);
210 TAILQ_REMOVE(&outs->outqueue, sp,
212 asoc->stream_queue_cnt--;
213 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL,
214 stcb, SCTP_NOTIFY_DATAGRAM_UNSENT,
217 sctp_m_freem(sp->data);
220 sctp_free_remote_addr(sp->net);
223 printf("sp:%p tcb:%p weird free case\n",
226 sctp_free_a_strmoq(stcb, sp);
227 sp = TAILQ_FIRST(&outs->outqueue);
231 /* cut back the count and abandon the upper streams */
232 asoc->pre_open_streams = newcnt;
234 SCTP_TCB_SEND_UNLOCK(stcb);
235 asoc->streamoutcnt = asoc->pre_open_streams;
237 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
238 #ifdef SCTP_MAP_LOGGING
239 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
241 /* This is the next one we expect */
242 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
244 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
245 asoc->cumulative_tsn = asoc->asconf_seq_in;
246 asoc->last_echo_tsn = asoc->asconf_seq_in;
247 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
248 /* open the requested streams */
249 if (asoc->strmin != NULL) {
250 /* Free the old ones */
251 struct sctp_queued_to_read *ctl;
253 for (i = 0; i < asoc->streamincnt; i++) {
254 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
256 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
257 sctp_free_remote_addr(ctl->whoFrom);
258 sctp_m_freem(ctl->data);
260 sctp_free_a_readq(stcb, ctl);
261 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
264 SCTP_FREE(asoc->strmin);
266 asoc->streamincnt = ntohs(init->num_outbound_streams);
267 if (asoc->streamincnt > MAX_SCTP_STREAMS) {
268 asoc->streamincnt = MAX_SCTP_STREAMS;
270 SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt *
271 sizeof(struct sctp_stream_in), "StreamsIn");
272 if (asoc->strmin == NULL) {
273 /* we didn't get memory for the streams! */
275 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
276 printf("process_init: couldn't get memory for the streams!\n");
281 for (i = 0; i < asoc->streamincnt; i++) {
282 asoc->strmin[i].stream_no = i;
283 asoc->strmin[i].last_sequence_delivered = 0xffff;
285 * U-stream ranges will be set when the cookie is unpacked.
286 * Or for the INIT sender they are un set (if pr-sctp not
287 * supported) when the INIT-ACK arrives.
289 TAILQ_INIT(&asoc->strmin[i].inqueue);
291 * we are not on any wheel, pr-sctp streams will go on the
292 * wheel when they have data waiting for reorder.
294 asoc->strmin[i].next_spoke.tqe_next = 0;
295 asoc->strmin[i].next_spoke.tqe_prev = 0;
299 * load_address_from_init will put the addresses into the
300 * association when the COOKIE is processed or the INIT-ACK is
301 * processed. Both types of COOKIE's existing and new call this
302 * routine. It will remove addresses that are no longer in the
303 * association (for the restarting case where addresses are
304 * removed). Up front when the INIT arrives we will discard it if it
305 * is a restart and new addresses have been added.
311 * INIT-ACK message processing/consumption returns value < 0 on error
314 sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
315 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
316 struct sctp_nets *net, int *abort_no_unlock)
318 struct sctp_association *asoc;
320 int retval, abort_flag;
321 uint32_t initack_limit;
323 /* First verify that we have no illegal param's */
327 op_err = sctp_arethere_unrecognized_parameters(m,
328 (offset + sizeof(struct sctp_init_chunk)),
329 &abort_flag, (struct sctp_chunkhdr *)cp);
331 /* Send an abort and notify peer */
332 if (op_err != NULL) {
333 sctp_send_operr_to(m, iphlen, op_err, cp->init.initiate_tag);
336 * Just notify (abort_assoc does this if we send an
339 sctp_abort_notification(stcb, 0);
341 * No sense in further INIT's since we will get the
344 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
345 *abort_no_unlock = 1;
350 /* process the peer's parameters in the INIT-ACK */
351 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net);
355 initack_limit = offset + ntohs(cp->ch.chunk_length);
356 /* load all addresses */
357 if ((retval = sctp_load_addresses_from_init(stcb, m, iphlen,
358 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh,
360 /* Huh, we should abort */
362 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
363 printf("Load addresses from INIT causes an abort %d\n", retval);
366 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
368 *abort_no_unlock = 1;
371 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
372 stcb->asoc.local_hmacs);
374 sctp_queue_op_err(stcb, op_err);
375 /* queuing will steal away the mbuf chain to the out queue */
378 /* extract the cookie and queue it to "echo" it back... */
379 stcb->asoc.overall_error_count = 0;
380 net->error_count = 0;
383 * Cancel the INIT timer, We do this first before queueing the
384 * cookie. We always cancel at the primary to assue that we are
385 * canceling the timer started by the INIT which always goes to the
388 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb,
389 asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4);
391 /* calculate the RTO */
392 net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered);
394 retval = sctp_send_cookie_echo(m, offset, stcb, net);
397 * No cookie, we probably should send a op error. But in any
398 * case if there is no cookie in the INIT-ACK, we can
399 * abandon the peer, its broke.
402 /* We abort with an error of missing mandatory param */
406 sctp_generate_invmanparam(SCTP_CAUSE_MISSING_PARAM);
409 * Expand beyond to include the mandatory
412 struct sctp_inv_mandatory_param *mp;
414 SCTP_BUF_LEN(op_err) =
415 sizeof(struct sctp_inv_mandatory_param);
417 struct sctp_inv_mandatory_param *);
418 /* Subtract the reserved param */
420 htons(sizeof(struct sctp_inv_mandatory_param) - 2);
421 mp->num_param = htonl(1);
422 mp->param = htons(SCTP_STATE_COOKIE);
425 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
427 *abort_no_unlock = 1;
435 sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp,
436 struct sctp_tcb *stcb, struct sctp_nets *net)
438 struct sockaddr_storage store;
439 struct sockaddr_in *sin;
440 struct sockaddr_in6 *sin6;
441 struct sctp_nets *r_net;
444 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) {
448 sin = (struct sockaddr_in *)&store;
449 sin6 = (struct sockaddr_in6 *)&store;
451 memset(&store, 0, sizeof(store));
452 if (cp->heartbeat.hb_info.addr_family == AF_INET &&
453 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) {
454 sin->sin_family = cp->heartbeat.hb_info.addr_family;
455 sin->sin_len = cp->heartbeat.hb_info.addr_len;
456 sin->sin_port = stcb->rport;
457 memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address,
458 sizeof(sin->sin_addr));
459 } else if (cp->heartbeat.hb_info.addr_family == AF_INET6 &&
460 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) {
461 sin6->sin6_family = cp->heartbeat.hb_info.addr_family;
462 sin6->sin6_len = cp->heartbeat.hb_info.addr_len;
463 sin6->sin6_port = stcb->rport;
464 memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address,
465 sizeof(sin6->sin6_addr));
469 r_net = sctp_findnet(stcb, (struct sockaddr *)sin);
472 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
473 printf("Huh? I can't find the address I sent it to, discard\n");
478 if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
479 (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) &&
480 (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) {
482 * If the its a HB and it's random value is correct when can
483 * confirm the destination.
485 r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
486 if (r_net->dest_state & SCTP_ADDR_REQ_PRIMARY) {
487 stcb->asoc.primary_destination = r_net;
488 r_net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY;
489 r_net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
490 r_net = TAILQ_FIRST(&stcb->asoc.nets);
491 if (r_net != stcb->asoc.primary_destination) {
493 * first one on the list is NOT the primary
494 * sctp_cmpaddr() is much more efficent if
495 * the primary is the first on the list,
498 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
499 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
502 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
503 stcb, 0, (void *)r_net);
505 r_net->error_count = 0;
506 r_net->hb_responded = 1;
507 tv.tv_sec = cp->heartbeat.hb_info.time_value_1;
508 tv.tv_usec = cp->heartbeat.hb_info.time_value_2;
509 if (r_net->dest_state & SCTP_ADDR_NOT_REACHABLE) {
510 r_net->dest_state &= ~SCTP_ADDR_NOT_REACHABLE;
511 r_net->dest_state |= SCTP_ADDR_REACHABLE;
512 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
513 SCTP_HEARTBEAT_SUCCESS, (void *)r_net);
514 /* now was it the primary? if so restore */
515 if (r_net->dest_state & SCTP_ADDR_WAS_PRIMARY) {
516 sctp_set_primary_addr(stcb, (struct sockaddr *)NULL, r_net);
519 /* Now lets do a RTO with this */
520 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv);
524 sctp_handle_abort(struct sctp_abort_chunk *cp,
525 struct sctp_tcb *stcb, struct sctp_nets *net)
529 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
530 printf("sctp_handle_abort: handling ABORT\n");
535 /* verify that the destination addr is in the association */
536 /* ignore abort for addresses being deleted */
538 /* stop any receive timers */
539 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_5);
540 /* notify user of the abort and clean up... */
541 sctp_abort_notification(stcb, 0);
543 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
544 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) ||
545 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
546 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
548 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_6);
550 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
551 printf("sctp_handle_abort: finished\n");
557 sctp_handle_shutdown(struct sctp_shutdown_chunk *cp,
558 struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag)
560 struct sctp_association *asoc;
561 int some_on_streamwheel;
564 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
565 printf("sctp_handle_shutdown: handling SHUTDOWN\n");
571 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
572 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
575 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) {
576 /* Shutdown NOT the expected size */
579 sctp_update_acked(stcb, cp, net, abort_flag);
581 if (asoc->control_pdapi) {
583 * With a normal shutdown we assume the end of last record.
585 SCTP_INP_READ_LOCK(stcb->sctp_ep);
586 asoc->control_pdapi->end_added = 1;
587 asoc->control_pdapi->pdapi_aborted = 1;
588 asoc->control_pdapi = NULL;
589 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
590 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
592 /* goto SHUTDOWN_RECEIVED state to block new requests */
593 if (stcb->sctp_socket) {
594 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
595 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
596 asoc->state = SCTP_STATE_SHUTDOWN_RECEIVED;
598 * notify upper layer that peer has initiated a
601 sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL);
604 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
607 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
609 * stop the shutdown timer, since we WILL move to
612 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_7);
614 /* Now are we there yet? */
615 some_on_streamwheel = 0;
616 if (!TAILQ_EMPTY(&asoc->out_wheel)) {
617 /* Check to see if some data queued */
618 struct sctp_stream_out *outs;
620 TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) {
621 if (!TAILQ_EMPTY(&outs->outqueue)) {
622 some_on_streamwheel = 1;
627 if (!TAILQ_EMPTY(&asoc->send_queue) ||
628 !TAILQ_EMPTY(&asoc->sent_queue) ||
629 some_on_streamwheel) {
630 /* By returning we will push more data out */
633 /* no outstanding data to send, so move on... */
634 /* send SHUTDOWN-ACK */
635 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
636 /* move to SHUTDOWN-ACK-SENT state */
637 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
638 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
639 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
641 asoc->state = SCTP_STATE_SHUTDOWN_ACK_SENT;
643 /* start SHUTDOWN timer */
644 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep,
650 sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp,
651 struct sctp_tcb *stcb, struct sctp_nets *net)
653 struct sctp_association *asoc;
656 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
657 printf("sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n");
664 /* process according to association state */
665 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
666 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
667 /* unexpected SHUTDOWN-ACK... so ignore... */
668 SCTP_TCB_UNLOCK(stcb);
671 if (asoc->control_pdapi) {
673 * With a normal shutdown we assume the end of last record.
675 SCTP_INP_READ_LOCK(stcb->sctp_ep);
676 asoc->control_pdapi->end_added = 1;
677 asoc->control_pdapi->pdapi_aborted = 1;
678 asoc->control_pdapi = NULL;
679 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
680 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
682 /* are the queues empty? */
683 if (!TAILQ_EMPTY(&asoc->send_queue) ||
684 !TAILQ_EMPTY(&asoc->sent_queue) ||
685 !TAILQ_EMPTY(&asoc->out_wheel)) {
686 sctp_report_all_outbound(stcb, 0);
689 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_8);
690 /* send SHUTDOWN-COMPLETE */
691 sctp_send_shutdown_complete(stcb, net);
692 /* notify upper layer protocol */
693 if (stcb->sctp_socket) {
694 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
695 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
696 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
697 /* Set the connected flag to disconnected */
698 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0;
701 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
702 /* free the TCB but first save off the ep */
703 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC,
704 SCTP_FROM_SCTP_INPUT + SCTP_LOC_9);
708 * Skip past the param header and then we will find the chunk that caused the
709 * problem. There are two possiblities ASCONF or FWD-TSN other than that and
710 * our peer must be broken.
713 sctp_process_unrecog_chunk(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr,
714 struct sctp_nets *net)
716 struct sctp_chunkhdr *chk;
718 chk = (struct sctp_chunkhdr *)((caddr_t)phdr + sizeof(*phdr));
719 switch (chk->chunk_type) {
720 case SCTP_ASCONF_ACK:
722 sctp_asconf_cleanup(stcb, net);
724 case SCTP_FORWARD_CUM_TSN:
725 stcb->asoc.peer_supports_prsctp = 0;
729 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
730 printf("Peer does not support chunk type %d(%x)??\n",
731 chk->chunk_type, (uint32_t) chk->chunk_type);
739 * Skip past the param header and then we will find the param that caused the
740 * problem. There are a number of param's in a ASCONF OR the prsctp param
741 * these will turn of specific features.
744 sctp_process_unrecog_param(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr)
746 struct sctp_paramhdr *pbad;
749 switch (ntohs(pbad->param_type)) {
751 case SCTP_PRSCTP_SUPPORTED:
752 stcb->asoc.peer_supports_prsctp = 0;
754 case SCTP_SUPPORTED_CHUNK_EXT:
756 /* draft-ietf-tsvwg-addip-sctp */
757 case SCTP_ECN_NONCE_SUPPORTED:
758 stcb->asoc.peer_supports_ecn_nonce = 0;
759 stcb->asoc.ecn_nonce_allowed = 0;
760 stcb->asoc.ecn_allowed = 0;
762 case SCTP_ADD_IP_ADDRESS:
763 case SCTP_DEL_IP_ADDRESS:
764 case SCTP_SET_PRIM_ADDR:
765 stcb->asoc.peer_supports_asconf = 0;
767 case SCTP_SUCCESS_REPORT:
768 case SCTP_ERROR_CAUSE_IND:
770 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
771 printf("Huh, the peer does not support success? or error cause?\n");
772 printf("Turning off ASCONF to this strange peer\n");
775 stcb->asoc.peer_supports_asconf = 0;
779 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
780 printf("Peer does not support param type %d(%x)??\n",
781 pbad->param_type, (uint32_t) pbad->param_type);
789 sctp_handle_error(struct sctp_chunkhdr *ch,
790 struct sctp_tcb *stcb, struct sctp_nets *net)
793 struct sctp_paramhdr *phdr;
796 struct sctp_association *asoc;
800 /* parse through all of the errors and process */
802 phdr = (struct sctp_paramhdr *)((caddr_t)ch +
803 sizeof(struct sctp_chunkhdr));
804 chklen = ntohs(ch->chunk_length) - sizeof(struct sctp_chunkhdr);
805 while ((size_t)chklen >= sizeof(struct sctp_paramhdr)) {
806 /* Process an Error Cause */
807 error_type = ntohs(phdr->param_type);
808 error_len = ntohs(phdr->param_length);
809 if ((error_len > chklen) || (error_len == 0)) {
810 /* invalid param length for this param */
812 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
813 printf("Bogus length in error param- chunk left:%d errorlen:%d\n",
816 #endif /* SCTP_DEBUG */
819 switch (error_type) {
820 case SCTP_CAUSE_INVALID_STREAM:
821 case SCTP_CAUSE_MISSING_PARAM:
822 case SCTP_CAUSE_INVALID_PARAM:
823 case SCTP_CAUSE_NO_USER_DATA:
825 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
826 printf("Software error we got a %d back? We have a bug :/ (or do they?)\n",
831 case SCTP_CAUSE_STALE_COOKIE:
833 * We only act if we have echoed a cookie and are
836 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
839 p = (int *)((caddr_t)phdr + sizeof(*phdr));
840 /* Save the time doubled */
841 asoc->cookie_preserve_req = ntohl(*p) << 1;
842 asoc->stale_cookie_count++;
843 if (asoc->stale_cookie_count >
844 asoc->max_init_times) {
845 sctp_abort_notification(stcb, 0);
846 /* now free the asoc */
847 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_10);
850 /* blast back to INIT state */
851 asoc->state &= ~SCTP_STATE_COOKIE_ECHOED;
852 asoc->state |= SCTP_STATE_COOKIE_WAIT;
854 sctp_stop_all_cookie_timers(stcb);
855 sctp_send_initiate(stcb->sctp_ep, stcb);
858 case SCTP_CAUSE_UNRESOLVABLE_ADDR:
860 * Nothing we can do here, we don't do hostname
861 * addresses so if the peer does not like my IPv6
862 * (or IPv4 for that matter) it does not matter. If
863 * they don't support that type of address, they can
864 * NOT possibly get that packet type... i.e. with no
865 * IPv6 you can't recieve a IPv6 packet. so we can
866 * safely ignore this one. If we ever added support
867 * for HOSTNAME Addresses, then we would need to do
871 case SCTP_CAUSE_UNRECOG_CHUNK:
872 sctp_process_unrecog_chunk(stcb, phdr, net);
874 case SCTP_CAUSE_UNRECOG_PARAM:
875 sctp_process_unrecog_param(stcb, phdr);
877 case SCTP_CAUSE_COOKIE_IN_SHUTDOWN:
879 * We ignore this since the timer will drive out a
880 * new cookie anyway and there timer will drive us
881 * to send a SHUTDOWN_COMPLETE. We can't send one
882 * here since we don't have their tag.
885 case SCTP_CAUSE_DELETING_LAST_ADDR:
886 case SCTP_CAUSE_RESOURCE_SHORTAGE:
887 case SCTP_CAUSE_DELETING_SRC_ADDR:
889 * We should NOT get these here, but in a
893 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
894 printf("Peer sends ASCONF errors in a Operational Error?<%d>?\n",
899 case SCTP_CAUSE_OUT_OF_RESC:
901 * And what, pray tell do we do with the fact that
902 * the peer is out of resources? Not really sure we
903 * could do anything but abort. I suspect this
904 * should have came WITH an abort instead of in a
910 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
911 /* don't know what this error cause is... */
912 printf("sctp_handle_error: unknown error type = 0x%xh\n",
915 #endif /* SCTP_DEBUG */
918 adjust = SCTP_SIZE32(error_len);
920 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust);
926 sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
927 struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
928 struct sctp_nets *net, int *abort_no_unlock)
930 struct sctp_init_ack *init_ack;
935 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
936 printf("sctp_handle_init_ack: handling INIT-ACK\n");
941 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
942 printf("sctp_handle_init_ack: TCB is null\n");
947 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) {
949 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
950 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
952 *abort_no_unlock = 1;
955 init_ack = &cp->init;
956 /* validate parameters */
957 if (init_ack->initiate_tag == 0) {
958 /* protocol error... send an abort */
959 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
960 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
962 *abort_no_unlock = 1;
965 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) {
966 /* protocol error... send an abort */
967 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
968 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
970 *abort_no_unlock = 1;
973 if (init_ack->num_inbound_streams == 0) {
974 /* protocol error... send an abort */
975 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
976 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
978 *abort_no_unlock = 1;
981 if (init_ack->num_outbound_streams == 0) {
982 /* protocol error... send an abort */
983 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
984 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
986 *abort_no_unlock = 1;
989 /* process according to association state... */
990 state = &stcb->asoc.state;
991 switch (*state & SCTP_STATE_MASK) {
992 case SCTP_STATE_COOKIE_WAIT:
993 /* this is the expected state for this chunk */
994 /* process the INIT-ACK parameters */
995 if (stcb->asoc.primary_destination->dest_state &
996 SCTP_ADDR_UNCONFIRMED) {
998 * The primary is where we sent the INIT, we can
999 * always consider it confirmed when the INIT-ACK is
1000 * returned. Do this before we load addresses
1003 stcb->asoc.primary_destination->dest_state &=
1004 ~SCTP_ADDR_UNCONFIRMED;
1005 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
1006 stcb, 0, (void *)stcb->asoc.primary_destination);
1008 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, net,
1009 abort_no_unlock) < 0) {
1010 /* error in parsing parameters */
1013 /* update our state */
1015 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1016 printf("moving to COOKIE-ECHOED state\n");
1019 if (*state & SCTP_STATE_SHUTDOWN_PENDING) {
1020 *state = SCTP_STATE_COOKIE_ECHOED |
1021 SCTP_STATE_SHUTDOWN_PENDING;
1023 *state = SCTP_STATE_COOKIE_ECHOED;
1026 /* reset the RTO calc */
1027 stcb->asoc.overall_error_count = 0;
1028 SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
1030 * collapse the init timer back in case of a exponential
1033 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep,
1036 * the send at the end of the inbound data processing will
1037 * cause the cookie to be sent
1040 case SCTP_STATE_SHUTDOWN_SENT:
1041 /* incorrect state... discard */
1043 case SCTP_STATE_COOKIE_ECHOED:
1044 /* incorrect state... discard */
1046 case SCTP_STATE_OPEN:
1047 /* incorrect state... discard */
1049 case SCTP_STATE_EMPTY:
1050 case SCTP_STATE_INUSE:
1052 /* incorrect state... discard */
1055 } /* end switch asoc state */
1057 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1058 printf("Leaving handle-init-ack end\n");
1066 * handle a state cookie for an existing association m: input packet mbuf
1067 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a
1068 * "split" mbuf and the cookie signature does not exist offset: offset into
1069 * mbuf to the cookie-echo chunk
1071 static struct sctp_tcb *
1072 sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
1073 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1074 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
1075 struct sockaddr *init_src, int *notification, sctp_assoc_t * sac_assoc_id)
1077 struct sctp_association *asoc;
1078 struct sctp_init_chunk *init_cp, init_buf;
1079 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1081 int init_offset, initack_offset, i;
1086 /* I know that the TCB is non-NULL from the caller */
1088 for (how_indx = 0; how_indx < sizeof(asoc->cookie_how); how_indx++) {
1089 if (asoc->cookie_how[how_indx] == 0)
1092 if (how_indx < sizeof(asoc->cookie_how)) {
1093 asoc->cookie_how[how_indx] = 1;
1095 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
1096 /* SHUTDOWN came in after sending INIT-ACK */
1097 struct mbuf *op_err;
1098 struct sctp_paramhdr *ph;
1100 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
1101 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
1102 0, M_DONTWAIT, 1, MT_DATA);
1103 if (op_err == NULL) {
1107 /* pre-reserve some space */
1108 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
1109 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
1110 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
1112 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr);
1113 ph = mtod(op_err, struct sctp_paramhdr *);
1114 ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN);
1115 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1116 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
1117 if (how_indx < sizeof(asoc->cookie_how))
1118 asoc->cookie_how[how_indx] = 2;
1122 * find and validate the INIT chunk in the cookie (peer's info) the
1123 * INIT should start after the cookie-echo header struct (chunk
1124 * header, state cookie header struct)
1126 init_offset = offset += sizeof(struct sctp_cookie_echo_chunk);
1128 init_cp = (struct sctp_init_chunk *)
1129 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1130 (uint8_t *) & init_buf);
1131 if (init_cp == NULL) {
1132 /* could not pull a INIT chunk in cookie */
1135 chk_length = ntohs(init_cp->ch.chunk_length);
1136 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1140 * find and validate the INIT-ACK chunk in the cookie (my info) the
1141 * INIT-ACK follows the INIT chunk
1143 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1144 initack_cp = (struct sctp_init_ack_chunk *)
1145 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1146 (uint8_t *) & initack_buf);
1147 if (initack_cp == NULL) {
1148 /* could not pull INIT-ACK chunk in cookie */
1151 chk_length = ntohs(initack_cp->ch.chunk_length);
1152 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1155 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1156 (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) {
1158 * case D in Section 5.2.4 Table 2: MMAA process accordingly
1159 * to get into the OPEN state
1161 if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) {
1163 panic("Case D and non-match seq?");
1165 printf("Case D, seq non-match %x vs %x?\n",
1166 ntohl(initack_cp->init.initial_tsn), asoc->init_seq_number);
1169 switch SCTP_GET_STATE
1171 case SCTP_STATE_COOKIE_WAIT:
1172 case SCTP_STATE_COOKIE_ECHOED:
1174 * INIT was sent, but got got a COOKIE_ECHO with the
1175 * correct tags... just accept it...but we must
1176 * process the init so that we can make sure we have
1177 * the right seq no's.
1179 /* First we must process the INIT !! */
1180 retval = sctp_process_init(init_cp, stcb, net);
1182 if (how_indx < sizeof(asoc->cookie_how))
1183 asoc->cookie_how[how_indx] = 3;
1186 /* we have already processed the INIT so no problem */
1187 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb,
1188 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_11);
1189 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_12);
1190 /* update current state */
1191 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)
1192 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1194 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1195 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1196 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1197 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1198 stcb->sctp_ep, stcb, asoc->primary_destination);
1201 /* if ok, move to OPEN state */
1202 asoc->state = SCTP_STATE_OPEN;
1204 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1205 sctp_stop_all_cookie_timers(stcb);
1206 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1207 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1208 (inp->sctp_socket->so_qlimit == 0)
1211 * Here is where collision would go if we
1212 * did a connect() and instead got a
1213 * init/init-ack/cookie done before the
1214 * init-ack came back..
1216 stcb->sctp_ep->sctp_flags |=
1217 SCTP_PCB_FLAGS_CONNECTED;
1218 soisconnected(stcb->sctp_ep->sctp_socket);
1220 /* notify upper layer */
1221 *notification = SCTP_NOTIFY_ASSOC_UP;
1223 * since we did not send a HB make sure we don't
1226 net->hb_responded = 1;
1228 if (stcb->asoc.sctp_autoclose_ticks &&
1229 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) {
1230 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
1236 * we're in the OPEN state (or beyond), so peer must
1237 * have simply lost the COOKIE-ACK
1242 sctp_stop_all_cookie_timers(stcb);
1244 * We ignore the return code here.. not sure if we should
1245 * somehow abort.. but we do have an existing asoc. This
1246 * really should not fail.
1248 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1249 init_offset + sizeof(struct sctp_init_chunk),
1250 initack_offset, sh, init_src)) {
1251 if (how_indx < sizeof(asoc->cookie_how))
1252 asoc->cookie_how[how_indx] = 4;
1255 /* respond with a COOKIE-ACK */
1256 sctp_toss_old_cookies(stcb, asoc);
1257 sctp_send_cookie_ack(stcb);
1258 if (how_indx < sizeof(asoc->cookie_how))
1259 asoc->cookie_how[how_indx] = 5;
1262 if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1263 ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag &&
1264 cookie->tie_tag_my_vtag == 0 &&
1265 cookie->tie_tag_peer_vtag == 0) {
1267 * case C in Section 5.2.4 Table 2: XMOO silently discard
1269 if (how_indx < sizeof(asoc->cookie_how))
1270 asoc->cookie_how[how_indx] = 6;
1273 if (ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag &&
1274 (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag ||
1275 init_cp->init.initiate_tag == 0)) {
1277 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info
1278 * should be ok, re-accept peer info
1280 if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) {
1282 * Extension of case C. If we hit this, then the
1283 * random number generator returned the same vtag
1284 * when we first sent our INIT-ACK and when we later
1285 * sent our INIT. The side with the seq numbers that
1286 * are different will be the one that normnally
1287 * would have hit case C. This in effect "extends"
1288 * our vtags in this collision case to be 64 bits.
1289 * The same collision could occur aka you get both
1290 * vtag and seq number the same twice in a row.. but
1291 * is much less likely. If it did happen then we
1292 * would proceed through and bring up the assoc.. we
1293 * may end up with the wrong stream setup however..
1294 * which would be bad.. but there is no way to
1295 * tell.. until we send on a stream that does not
1298 if (how_indx < sizeof(asoc->cookie_how))
1299 asoc->cookie_how[how_indx] = 7;
1303 if (how_indx < sizeof(asoc->cookie_how))
1304 asoc->cookie_how[how_indx] = 8;
1305 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_13);
1306 sctp_stop_all_cookie_timers(stcb);
1308 * since we did not send a HB make sure we don't double
1311 net->hb_responded = 1;
1312 if (stcb->asoc.sctp_autoclose_ticks &&
1313 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1314 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1317 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1318 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1320 /* Note last_cwr_tsn? where is this used? */
1321 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1322 if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) {
1324 * Ok the peer probably discarded our data (if we
1325 * echoed a cookie+data). So anything on the
1326 * sent_queue should be marked for retransmit, we
1327 * may not get something to kick us so it COULD
1328 * still take a timeout to move these.. but it can't
1329 * hurt to mark them.
1331 struct sctp_tmit_chunk *chk;
1333 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
1334 if (chk->sent < SCTP_DATAGRAM_RESEND) {
1335 chk->sent = SCTP_DATAGRAM_RESEND;
1336 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1342 /* process the INIT info (peer's info) */
1343 retval = sctp_process_init(init_cp, stcb, net);
1345 if (how_indx < sizeof(asoc->cookie_how))
1346 asoc->cookie_how[how_indx] = 9;
1349 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1350 init_offset + sizeof(struct sctp_init_chunk),
1351 initack_offset, sh, init_src)) {
1352 if (how_indx < sizeof(asoc->cookie_how))
1353 asoc->cookie_how[how_indx] = 10;
1356 if ((asoc->state & SCTP_STATE_COOKIE_WAIT) ||
1357 (asoc->state & SCTP_STATE_COOKIE_ECHOED)) {
1358 *notification = SCTP_NOTIFY_ASSOC_UP;
1360 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1361 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1362 (inp->sctp_socket->so_qlimit == 0)) {
1363 stcb->sctp_ep->sctp_flags |=
1364 SCTP_PCB_FLAGS_CONNECTED;
1365 soisconnected(stcb->sctp_ep->sctp_socket);
1367 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)
1368 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1370 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1371 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1372 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1373 } else if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
1374 SCTP_STAT_INCR_COUNTER32(sctps_restartestab);
1376 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1378 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1379 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1380 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1381 stcb->sctp_ep, stcb, asoc->primary_destination);
1384 asoc->state = SCTP_STATE_OPEN;
1386 sctp_stop_all_cookie_timers(stcb);
1387 sctp_toss_old_cookies(stcb, asoc);
1388 sctp_send_cookie_ack(stcb);
1391 * only if we have retrans set do we do this. What
1392 * this call does is get only the COOKIE-ACK out and
1393 * then when we return the normal call to
1394 * sctp_chunk_output will get the retrans out behind
1397 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_COOKIE_ACK);
1399 if (how_indx < sizeof(asoc->cookie_how))
1400 asoc->cookie_how[how_indx] = 11;
1404 if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1405 ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) &&
1406 cookie->tie_tag_my_vtag == asoc->my_vtag_nonce &&
1407 cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce &&
1408 cookie->tie_tag_peer_vtag != 0) {
1409 struct sctpasochead *head;
1412 * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
1415 if (how_indx < sizeof(asoc->cookie_how))
1416 asoc->cookie_how[how_indx] = 12;
1417 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_14);
1418 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_15);
1420 *sac_assoc_id = sctp_get_associd(stcb);
1421 /* notify upper layer */
1422 *notification = SCTP_NOTIFY_ASSOC_RESTART;
1423 atomic_add_int(&stcb->asoc.refcnt, 1);
1424 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_OPEN) &&
1425 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
1426 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
1427 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1429 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
1430 SCTP_STAT_INCR_GAUGE32(sctps_restartestab);
1431 } else if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) {
1432 SCTP_STAT_INCR_GAUGE32(sctps_collisionestab);
1434 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1435 asoc->state = SCTP_STATE_OPEN |
1436 SCTP_STATE_SHUTDOWN_PENDING;
1437 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1438 stcb->sctp_ep, stcb, asoc->primary_destination);
1440 } else if (!(asoc->state & SCTP_STATE_SHUTDOWN_SENT)) {
1441 /* move to OPEN state, if not in SHUTDOWN_SENT */
1442 asoc->state = SCTP_STATE_OPEN;
1444 asoc->pre_open_streams =
1445 ntohs(initack_cp->init.num_outbound_streams);
1446 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1447 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1449 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1450 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1452 asoc->str_reset_seq_in = asoc->init_seq_number;
1454 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1455 if (asoc->mapping_array)
1456 memset(asoc->mapping_array, 0,
1457 asoc->mapping_array_size);
1458 SCTP_TCB_UNLOCK(stcb);
1459 SCTP_INP_INFO_WLOCK();
1460 SCTP_INP_WLOCK(stcb->sctp_ep);
1461 SCTP_TCB_LOCK(stcb);
1462 atomic_add_int(&stcb->asoc.refcnt, -1);
1463 /* send up all the data */
1464 SCTP_TCB_SEND_LOCK(stcb);
1466 sctp_report_all_outbound(stcb, 1);
1467 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1468 stcb->asoc.strmout[i].stream_no = i;
1469 stcb->asoc.strmout[i].next_sequence_sent = 0;
1470 stcb->asoc.strmout[i].last_msg_incomplete = 0;
1472 /* process the INIT-ACK info (my info) */
1473 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1474 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1476 /* pull from vtag hash */
1477 LIST_REMOVE(stcb, sctp_asocs);
1478 /* re-insert to new vtag position */
1479 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1480 sctppcbinfo.hashasocmark)];
1482 * put it in the bucket in the vtag hash of assoc's for the
1485 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1487 /* Is this the first restart? */
1488 if (stcb->asoc.in_restart_hash == 0) {
1489 /* Ok add it to assoc_id vtag hash */
1490 head = &sctppcbinfo.sctp_restarthash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
1491 sctppcbinfo.hashrestartmark)];
1492 LIST_INSERT_HEAD(head, stcb, sctp_tcbrestarhash);
1493 stcb->asoc.in_restart_hash = 1;
1495 /* process the INIT info (peer's info) */
1496 SCTP_TCB_SEND_UNLOCK(stcb);
1497 SCTP_INP_WUNLOCK(stcb->sctp_ep);
1498 SCTP_INP_INFO_WUNLOCK();
1500 retval = sctp_process_init(init_cp, stcb, net);
1502 if (how_indx < sizeof(asoc->cookie_how))
1503 asoc->cookie_how[how_indx] = 13;
1508 * since we did not send a HB make sure we don't double
1511 net->hb_responded = 1;
1513 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1514 init_offset + sizeof(struct sctp_init_chunk),
1515 initack_offset, sh, init_src)) {
1516 if (how_indx < sizeof(asoc->cookie_how))
1517 asoc->cookie_how[how_indx] = 14;
1521 /* respond with a COOKIE-ACK */
1522 sctp_stop_all_cookie_timers(stcb);
1523 sctp_toss_old_cookies(stcb, asoc);
1524 sctp_send_cookie_ack(stcb);
1525 if (how_indx < sizeof(asoc->cookie_how))
1526 asoc->cookie_how[how_indx] = 15;
1530 if (how_indx < sizeof(asoc->cookie_how))
1531 asoc->cookie_how[how_indx] = 16;
1532 /* all other cases... */
1538 * handle a state cookie for a new association m: input packet mbuf chain--
1539 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf
1540 * and the cookie signature does not exist offset: offset into mbuf to the
1541 * cookie-echo chunk length: length of the cookie chunk to: where the init
1542 * was from returns a new TCB
1544 static struct sctp_tcb *
1545 sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
1546 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1547 struct sctp_inpcb *inp, struct sctp_nets **netp,
1548 struct sockaddr *init_src, int *notification,
1549 int auth_skipped, uint32_t auth_offset, uint32_t auth_len)
1551 struct sctp_tcb *stcb;
1552 struct sctp_init_chunk *init_cp, init_buf;
1553 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1554 struct sockaddr_storage sa_store;
1555 struct sockaddr *initack_src = (struct sockaddr *)&sa_store;
1556 struct sockaddr_in *sin;
1557 struct sockaddr_in6 *sin6;
1558 struct sctp_association *asoc;
1561 int init_offset, initack_offset, initack_limit;
1565 uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE];
1567 vrf_id = inp->def_vrf_id;
1570 * find and validate the INIT chunk in the cookie (peer's info) the
1571 * INIT should start after the cookie-echo header struct (chunk
1572 * header, state cookie header struct)
1574 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk);
1575 init_cp = (struct sctp_init_chunk *)
1576 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1577 (uint8_t *) & init_buf);
1578 if (init_cp == NULL) {
1579 /* could not pull a INIT chunk in cookie */
1581 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1582 printf("process_cookie_new: could not pull INIT chunk hdr\n");
1584 #endif /* SCTP_DEBUG */
1587 chk_length = ntohs(init_cp->ch.chunk_length);
1588 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1590 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1591 printf("HUH? process_cookie_new: could not find INIT chunk!\n");
1593 #endif /* SCTP_DEBUG */
1596 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1598 * find and validate the INIT-ACK chunk in the cookie (my info) the
1599 * INIT-ACK follows the INIT chunk
1601 initack_cp = (struct sctp_init_ack_chunk *)
1602 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1603 (uint8_t *) & initack_buf);
1604 if (initack_cp == NULL) {
1605 /* could not pull INIT-ACK chunk in cookie */
1607 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1608 printf("process_cookie_new: could not pull INIT-ACK chunk hdr\n");
1610 #endif /* SCTP_DEBUG */
1613 chk_length = ntohs(initack_cp->ch.chunk_length);
1614 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1618 * NOTE: We can't use the INIT_ACK's chk_length to determine the
1619 * "initack_limit" value. This is because the chk_length field
1620 * includes the length of the cookie, but the cookie is omitted when
1621 * the INIT and INIT_ACK are tacked onto the cookie...
1623 initack_limit = offset + cookie_len;
1626 * now that we know the INIT/INIT-ACK are in place, create a new TCB
1629 stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
1630 ntohl(initack_cp->init.initiate_tag), vrf_id);
1632 struct mbuf *op_err;
1634 /* memory problem? */
1636 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1637 printf("process_cookie_new: no room for another TCB!\n");
1639 #endif /* SCTP_DEBUG */
1640 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1641 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1645 /* get the correct sctp_nets */
1646 *netp = sctp_findnet(stcb, init_src);
1648 /* get scope variables out of cookie */
1649 asoc->ipv4_local_scope = cookie->ipv4_scope;
1650 asoc->site_scope = cookie->site_scope;
1651 asoc->local_scope = cookie->local_scope;
1652 asoc->loopback_scope = cookie->loopback_scope;
1654 if ((asoc->ipv4_addr_legal != cookie->ipv4_addr_legal) ||
1655 (asoc->ipv6_addr_legal != cookie->ipv6_addr_legal)) {
1656 struct mbuf *op_err;
1659 * Houston we have a problem. The EP changed while the
1660 * cookie was in flight. Only recourse is to abort the
1663 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1664 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1668 /* process the INIT-ACK info (my info) */
1669 old_tag = asoc->my_vtag;
1670 asoc->assoc_id = asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1671 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1672 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1673 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1674 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1675 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1676 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1677 asoc->str_reset_seq_in = asoc->init_seq_number;
1679 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1681 /* process the INIT info (peer's info) */
1682 retval = sctp_process_init(init_cp, stcb, *netp);
1684 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
1687 /* load all addresses */
1688 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1689 init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh,
1691 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17);
1695 * verify any preceding AUTH chunk that was skipped
1697 /* pull the local authentication parameters from the cookie/init-ack */
1698 sctp_auth_get_cookie_params(stcb, m,
1699 initack_offset + sizeof(struct sctp_init_ack_chunk),
1700 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)));
1702 struct sctp_auth_chunk *auth;
1704 auth = (struct sctp_auth_chunk *)
1705 sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
1706 if (sctp_handle_auth(stcb, auth, m, auth_offset)) {
1707 /* auth HMAC failed, dump the assoc and packet */
1709 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1710 printf("COOKIE-ECHO: AUTH failed\n");
1711 #endif /* SCTP_DEBUG */
1712 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_18);
1715 /* remaining chunks checked... good to go */
1716 stcb->asoc.authenticated = 1;
1719 /* update current state */
1721 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1722 printf("moving to OPEN state\n");
1725 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1726 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1727 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1728 stcb->sctp_ep, stcb, asoc->primary_destination);
1730 asoc->state = SCTP_STATE_OPEN;
1732 sctp_stop_all_cookie_timers(stcb);
1733 SCTP_STAT_INCR_COUNTER32(sctps_passiveestab);
1734 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1737 * if we're doing ASCONFs, check to see if we have any new local
1738 * addresses that need to get added to the peer (eg. addresses
1739 * changed while cookie echo in flight). This needs to be done
1740 * after we go to the OPEN state to do the correct asconf
1741 * processing. else, make sure we have the correct addresses in our
1745 /* warning, we re-use sin, sin6, sa_store here! */
1746 /* pull in local_address (our "from" address) */
1747 if (cookie->laddr_type == SCTP_IPV4_ADDRESS) {
1748 /* source addr is IPv4 */
1749 sin = (struct sockaddr_in *)initack_src;
1750 memset(sin, 0, sizeof(*sin));
1751 sin->sin_family = AF_INET;
1752 sin->sin_len = sizeof(struct sockaddr_in);
1753 sin->sin_addr.s_addr = cookie->laddress[0];
1754 } else if (cookie->laddr_type == SCTP_IPV6_ADDRESS) {
1755 /* source addr is IPv6 */
1756 sin6 = (struct sockaddr_in6 *)initack_src;
1757 memset(sin6, 0, sizeof(*sin6));
1758 sin6->sin6_family = AF_INET6;
1759 sin6->sin6_len = sizeof(struct sockaddr_in6);
1760 sin6->sin6_scope_id = cookie->scope_id;
1761 memcpy(&sin6->sin6_addr, cookie->laddress,
1762 sizeof(sin6->sin6_addr));
1764 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19);
1768 sctp_check_address_list(stcb, m,
1769 initack_offset + sizeof(struct sctp_init_ack_chunk),
1770 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)),
1771 initack_src, cookie->local_scope, cookie->site_scope,
1772 cookie->ipv4_scope, cookie->loopback_scope);
1775 /* set up to notify upper layer */
1776 *notification = SCTP_NOTIFY_ASSOC_UP;
1777 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1778 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1779 (inp->sctp_socket->so_qlimit == 0)) {
1781 * This is an endpoint that called connect() how it got a
1782 * cookie that is NEW is a bit of a mystery. It must be that
1783 * the INIT was sent, but before it got there.. a complete
1784 * INIT/INIT-ACK/COOKIE arrived. But of course then it
1785 * should have went to the other code.. not here.. oh well..
1786 * a bit of protection is worth having..
1788 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
1789 soisconnected(stcb->sctp_ep->sctp_socket);
1790 } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
1791 (inp->sctp_socket->so_qlimit)) {
1793 * We don't want to do anything with this one. Since it is
1794 * the listening guy. The timer will get started for
1795 * accepted connections in the caller.
1799 /* since we did not send a HB make sure we don't double things */
1800 (*netp)->hb_responded = 1;
1802 if (stcb->asoc.sctp_autoclose_ticks &&
1803 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1804 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1806 /* respond with a COOKIE-ACK */
1807 /* calculate the RTT */
1808 (*netp)->RTO = sctp_calculate_rto(stcb, asoc, *netp,
1809 &cookie->time_entered);
1810 sctp_send_cookie_ack(stcb);
1816 * handles a COOKIE-ECHO message stcb: modified to either a new or left as
1817 * existing (non-NULL) TCB
1819 static struct mbuf *
1820 sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
1821 struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp,
1822 struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp,
1823 int auth_skipped, uint32_t auth_offset, uint32_t auth_len, struct sctp_tcb **locked_tcb)
1825 struct sctp_state_cookie *cookie;
1826 struct sockaddr_in6 sin6;
1827 struct sockaddr_in sin;
1828 struct sctp_tcb *l_stcb = *stcb;
1829 struct sctp_inpcb *l_inp;
1830 struct sockaddr *to;
1831 sctp_assoc_t sac_restart_id;
1832 struct sctp_pcb *ep;
1834 uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE];
1836 uint8_t cookie_ok = 0;
1837 unsigned int size_of_pkt, sig_offset, cookie_offset;
1838 unsigned int cookie_len;
1840 struct timeval time_expires;
1841 struct sockaddr_storage dest_store;
1842 struct sockaddr *localep_sa = (struct sockaddr *)&dest_store;
1844 int notification = 0;
1845 struct sctp_nets *netl;
1846 int had_a_existing_tcb = 0;
1849 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1850 printf("sctp_handle_cookie: handling COOKIE-ECHO\n");
1854 if (inp_p == NULL) {
1857 /* First get the destination address setup too. */
1858 iph = mtod(m, struct ip *);
1859 if (iph->ip_v == IPVERSION) {
1861 struct sockaddr_in *sin;
1863 sin = (struct sockaddr_in *)(localep_sa);
1864 memset(sin, 0, sizeof(*sin));
1865 sin->sin_family = AF_INET;
1866 sin->sin_len = sizeof(*sin);
1867 sin->sin_port = sh->dest_port;
1868 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
1869 size_of_pkt = SCTP_GET_IPV4_LENGTH(iph);
1870 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1872 struct ip6_hdr *ip6;
1873 struct sockaddr_in6 *sin6;
1875 sin6 = (struct sockaddr_in6 *)(localep_sa);
1876 memset(sin6, 0, sizeof(*sin6));
1877 sin6->sin6_family = AF_INET6;
1878 sin6->sin6_len = sizeof(struct sockaddr_in6);
1879 ip6 = mtod(m, struct ip6_hdr *);
1880 sin6->sin6_port = sh->dest_port;
1881 sin6->sin6_addr = ip6->ip6_dst;
1882 size_of_pkt = SCTP_GET_IPV6_LENGTH(ip6) + iphlen;
1887 cookie = &cp->cookie;
1888 cookie_offset = offset + sizeof(struct sctp_chunkhdr);
1889 cookie_len = ntohs(cp->ch.chunk_length);
1891 if ((cookie->peerport != sh->src_port) &&
1892 (cookie->myport != sh->dest_port) &&
1893 (cookie->my_vtag != sh->v_tag)) {
1895 * invalid ports or bad tag. Note that we always leave the
1896 * v_tag in the header in network order and when we stored
1897 * it in the my_vtag slot we also left it in network order.
1898 * This maintians the match even though it may be in the
1899 * opposite byte order of the machine :->
1903 if (cookie_len > size_of_pkt ||
1904 cookie_len < sizeof(struct sctp_cookie_echo_chunk) +
1905 sizeof(struct sctp_init_chunk) +
1906 sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) {
1907 /* cookie too long! or too small */
1911 * split off the signature into its own mbuf (since it should not be
1912 * calculated in the sctp_hmac_m() call).
1914 sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE;
1915 if (sig_offset > size_of_pkt) {
1916 /* packet not correct size! */
1917 /* XXX this may already be accounted for earlier... */
1920 m_sig = m_split(m, sig_offset, M_DONTWAIT);
1921 if (m_sig == NULL) {
1922 /* out of memory or ?? */
1926 * compute the signature/digest for the cookie
1928 ep = &(*inp_p)->sctp_ep;
1931 SCTP_TCB_UNLOCK(l_stcb);
1933 SCTP_INP_RLOCK(l_inp);
1935 SCTP_TCB_LOCK(l_stcb);
1937 /* which cookie is it? */
1938 if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) &&
1939 (ep->current_secret_number != ep->last_secret_number)) {
1940 /* it's the old cookie */
1941 sctp_hmac_m(SCTP_HMAC,
1942 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1943 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1945 /* it's the current cookie */
1946 sctp_hmac_m(SCTP_HMAC,
1947 (uint8_t *) ep->secret_key[(int)ep->current_secret_number],
1948 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1950 /* get the signature */
1951 SCTP_INP_RUNLOCK(l_inp);
1952 sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig);
1954 /* couldn't find signature */
1955 sctp_m_freem(m_sig);
1958 /* compare the received digest with the computed digest */
1959 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
1960 /* try the old cookie? */
1961 if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
1962 (ep->current_secret_number != ep->last_secret_number)) {
1963 /* compute digest with old */
1964 sctp_hmac_m(SCTP_HMAC,
1965 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1966 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1968 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
1976 * Now before we continue we must reconstruct our mbuf so that
1977 * normal processing of any other chunks will work.
1983 while (SCTP_BUF_NEXT(m_at) != NULL) {
1984 m_at = SCTP_BUF_NEXT(m_at);
1986 SCTP_BUF_NEXT(m_at) = m_sig;
1989 if (cookie_ok == 0) {
1991 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1992 printf("handle_cookie_echo: cookie signature validation failed!\n");
1993 printf("offset = %u, cookie_offset = %u, sig_offset = %u\n",
1994 (uint32_t) offset, cookie_offset, sig_offset);
2000 * check the cookie timestamps to be sure it's not stale
2002 SCTP_GETTIME_TIMEVAL(&now);
2003 /* Expire time is in Ticks, so we convert to seconds */
2004 time_expires.tv_sec = cookie->time_entered.tv_sec + cookie->cookie_life;
2005 time_expires.tv_usec = cookie->time_entered.tv_usec;
2006 if (timevalcmp(&now, &time_expires, >)) {
2007 /* cookie is stale! */
2008 struct mbuf *op_err;
2009 struct sctp_stale_cookie_msg *scm;
2012 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_stale_cookie_msg),
2013 0, M_DONTWAIT, 1, MT_DATA);
2014 if (op_err == NULL) {
2018 /* pre-reserve some space */
2019 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
2020 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
2021 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
2024 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_stale_cookie_msg);
2025 scm = mtod(op_err, struct sctp_stale_cookie_msg *);
2026 scm->ph.param_type = htons(SCTP_CAUSE_STALE_COOKIE);
2027 scm->ph.param_length = htons((sizeof(struct sctp_paramhdr) +
2028 (sizeof(uint32_t))));
2029 /* seconds to usec */
2030 tim = (now.tv_sec - time_expires.tv_sec) * 1000000;
2033 tim = now.tv_usec - cookie->time_entered.tv_usec;
2034 scm->time_usec = htonl(tim);
2035 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
2039 * Now we must see with the lookup address if we have an existing
2040 * asoc. This will only happen if we were in the COOKIE-WAIT state
2041 * and a INIT collided with us and somewhere the peer sent the
2042 * cookie on another address besides the single address our assoc
2043 * had for him. In this case we will have one of the tie-tags set at
2044 * least AND the address field in the cookie can be used to look it
2048 if (cookie->addr_type == SCTP_IPV6_ADDRESS) {
2049 memset(&sin6, 0, sizeof(sin6));
2050 sin6.sin6_family = AF_INET6;
2051 sin6.sin6_len = sizeof(sin6);
2052 sin6.sin6_port = sh->src_port;
2053 sin6.sin6_scope_id = cookie->scope_id;
2054 memcpy(&sin6.sin6_addr.s6_addr, cookie->address,
2055 sizeof(sin6.sin6_addr.s6_addr));
2056 to = (struct sockaddr *)&sin6;
2057 } else if (cookie->addr_type == SCTP_IPV4_ADDRESS) {
2058 memset(&sin, 0, sizeof(sin));
2059 sin.sin_family = AF_INET;
2060 sin.sin_len = sizeof(sin);
2061 sin.sin_port = sh->src_port;
2062 sin.sin_addr.s_addr = cookie->address[0];
2063 to = (struct sockaddr *)&sin;
2065 if ((*stcb == NULL) && to) {
2066 /* Yep, lets check */
2067 *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, localep_sa, NULL);
2068 if (*stcb == NULL) {
2070 * We should have only got back the same inp. If we
2071 * got back a different ep we have a problem. The
2072 * original findep got back l_inp and now
2074 if (l_inp != *inp_p) {
2075 printf("Bad problem find_ep got a diff inp then special_locate?\n");
2078 if (*locked_tcb == NULL) {
2080 * In this case we found the assoc only
2081 * after we locked the create lock. This
2082 * means we are in a colliding case and we
2083 * must make sure that we unlock the tcb if
2084 * its one of the cases where we throw away
2085 * the incoming packets.
2087 *locked_tcb = *stcb;
2090 * We must also increment the inp ref count
2091 * since the ref_count flags was set when we
2092 * did not find the TCB, now we found it
2093 * which reduces the refcount.. we must
2094 * raise it back out to balance it all :-)
2096 SCTP_INP_INCR_REF((*stcb)->sctp_ep);
2097 if ((*stcb)->sctp_ep != l_inp) {
2098 printf("Huh? ep:%p diff then l_inp:%p?\n",
2099 (*stcb)->sctp_ep, l_inp);
2104 cookie_len -= SCTP_SIGNATURE_SIZE;
2105 if (*stcb == NULL) {
2106 /* this is the "normal" case... get a new TCB */
2107 *stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie,
2108 cookie_len, *inp_p, netp, to, ¬ification,
2109 auth_skipped, auth_offset, auth_len);
2111 /* this is abnormal... cookie-echo on existing TCB */
2112 had_a_existing_tcb = 1;
2113 *stcb = sctp_process_cookie_existing(m, iphlen, offset, sh,
2114 cookie, cookie_len, *inp_p, *stcb, *netp, to, ¬ification,
2118 if (*stcb == NULL) {
2119 /* still no TCB... must be bad cookie-echo */
2123 * Ok, we built an association so confirm the address we sent the
2126 netl = sctp_findnet(*stcb, to);
2128 * This code should in theory NOT run but
2131 /* TSNH! Huh, why do I need to add this address here? */
2134 ret = sctp_add_remote_addr(*stcb, to, SCTP_DONOT_SETSCOPE,
2135 SCTP_IN_COOKIE_PROC);
2136 netl = sctp_findnet(*stcb, to);
2139 if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) {
2140 netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
2141 sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL,
2143 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
2144 (*stcb), 0, (void *)netl);
2148 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, *inp_p,
2151 if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
2152 if (!had_a_existing_tcb ||
2153 (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) {
2155 * If we have a NEW cookie or the connect never
2156 * reached the connected state during collision we
2157 * must do the TCP accept thing.
2159 struct socket *so, *oso;
2160 struct sctp_inpcb *inp;
2162 if (notification == SCTP_NOTIFY_ASSOC_RESTART) {
2164 * For a restart we will keep the same
2165 * socket, no need to do anything. I THINK!!
2167 sctp_ulp_notify(notification, *stcb, 0, (void *)&sac_restart_id);
2170 oso = (*inp_p)->sctp_socket;
2172 * We do this to keep the sockets side happy durin
2173 * the sonewcon ONLY.
2176 SCTP_TCB_UNLOCK((*stcb));
2177 so = sonewconn(oso, 0
2180 SCTP_INP_WLOCK((*stcb)->sctp_ep);
2181 SCTP_TCB_LOCK((*stcb));
2182 SCTP_INP_WUNLOCK((*stcb)->sctp_ep);
2184 struct mbuf *op_err;
2186 /* Too many sockets */
2188 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
2189 printf("process_cookie_new: no room for another socket!\n");
2191 #endif /* SCTP_DEBUG */
2192 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2193 sctp_abort_association(*inp_p, NULL, m, iphlen,
2195 sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_20);
2198 inp = (struct sctp_inpcb *)so->so_pcb;
2199 SCTP_INP_INCR_REF(inp);
2201 * We add the unbound flag here so that if we get an
2202 * soabort() before we get the move_pcb done, we
2203 * will properly cleanup.
2205 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2206 SCTP_PCB_FLAGS_CONNECTED |
2207 SCTP_PCB_FLAGS_IN_TCPPOOL |
2208 SCTP_PCB_FLAGS_UNBOUND |
2209 (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) |
2210 SCTP_PCB_FLAGS_DONT_WAKE);
2211 inp->sctp_features = (*inp_p)->sctp_features;
2212 inp->sctp_socket = so;
2213 inp->sctp_frag_point = (*inp_p)->sctp_frag_point;
2214 inp->partial_delivery_point = (*inp_p)->partial_delivery_point;
2215 inp->sctp_context = (*inp_p)->sctp_context;
2216 inp->inp_starting_point_for_iterator = NULL;
2218 * copy in the authentication parameters from the
2221 if (inp->sctp_ep.local_hmacs)
2222 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
2223 inp->sctp_ep.local_hmacs =
2224 sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs);
2225 if (inp->sctp_ep.local_auth_chunks)
2226 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
2227 inp->sctp_ep.local_auth_chunks =
2228 sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks);
2229 (void)sctp_copy_skeylist(&(*inp_p)->sctp_ep.shared_keys,
2230 &inp->sctp_ep.shared_keys);
2233 * Now we must move it from one hash table to
2234 * another and get the tcb in the right place.
2236 sctp_move_pcb_and_assoc(*inp_p, inp, *stcb);
2237 sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb);
2240 * now we must check to see if we were aborted while
2241 * the move was going on and the lock/unlock
2244 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
2246 * yep it was, we leave the assoc attached
2247 * to the socket since the sctp_inpcb_free()
2248 * call will send an abort for us.
2250 SCTP_INP_DECR_REF(inp);
2253 SCTP_INP_DECR_REF(inp);
2254 /* Switch over to the new guy */
2256 sctp_ulp_notify(notification, *stcb, 0, NULL);
2259 * Pull it from the incomplete queue and wake the
2266 if ((notification) && ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
2267 sctp_ulp_notify(notification, *stcb, 0, NULL);
2273 sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp,
2274 struct sctp_tcb *stcb, struct sctp_nets *net)
2276 /* cp must not be used, others call this without a c-ack :-) */
2277 struct sctp_association *asoc;
2280 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2281 printf("sctp_handle_cookie_ack: handling COOKIE-ACK\n");
2289 sctp_stop_all_cookie_timers(stcb);
2290 /* process according to association state */
2291 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
2292 /* state change only needed when I am in right state */
2294 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2295 printf("moving to OPEN state\n");
2298 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
2299 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
2300 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
2301 stcb->sctp_ep, stcb, asoc->primary_destination);
2304 asoc->state = SCTP_STATE_OPEN;
2307 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
2308 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
2309 if (asoc->overall_error_count == 0) {
2310 net->RTO = sctp_calculate_rto(stcb, asoc, net,
2311 &asoc->time_entered);
2313 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
2314 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL);
2315 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
2316 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
2317 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
2318 soisconnected(stcb->sctp_ep->sctp_socket);
2320 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
2323 * since we did not send a HB make sure we don't double
2326 net->hb_responded = 1;
2328 if (stcb->asoc.sctp_autoclose_ticks &&
2329 sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) {
2330 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
2331 stcb->sctp_ep, stcb, NULL);
2334 * set ASCONF timer if ASCONFs are pending and allowed (eg.
2335 * addresses changed when init/cookie echo in flight)
2337 if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) &&
2338 (stcb->asoc.peer_supports_asconf) &&
2339 (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) {
2340 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF,
2341 stcb->sctp_ep, stcb,
2342 stcb->asoc.primary_destination);
2345 /* Toss the cookie if I can */
2346 sctp_toss_old_cookies(stcb, asoc);
2347 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
2348 /* Restart the timer if we have pending data */
2349 struct sctp_tmit_chunk *chk;
2351 chk = TAILQ_FIRST(&asoc->sent_queue);
2353 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2360 sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp,
2361 struct sctp_tcb *stcb)
2363 struct sctp_nets *net;
2364 struct sctp_tmit_chunk *lchk;
2367 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_ecne_chunk)) {
2370 SCTP_STAT_INCR(sctps_recvecne);
2371 tsn = ntohl(cp->tsn);
2372 /* ECN Nonce stuff: need a resync and disable the nonce sum check */
2373 /* Also we make sure we disable the nonce_wait */
2374 lchk = TAILQ_FIRST(&stcb->asoc.send_queue);
2376 stcb->asoc.nonce_resync_tsn = stcb->asoc.sending_seq;
2378 stcb->asoc.nonce_resync_tsn = lchk->rec.data.TSN_seq;
2380 stcb->asoc.nonce_wait_for_ecne = 0;
2381 stcb->asoc.nonce_sum_check = 0;
2383 /* Find where it was sent, if possible */
2385 lchk = TAILQ_FIRST(&stcb->asoc.sent_queue);
2387 if (lchk->rec.data.TSN_seq == tsn) {
2391 if (compare_with_wrap(lchk->rec.data.TSN_seq, tsn, MAX_SEQ))
2393 lchk = TAILQ_NEXT(lchk, sctp_next);
2396 /* default is we use the primary */
2397 net = stcb->asoc.primary_destination;
2399 if (compare_with_wrap(tsn, stcb->asoc.last_cwr_tsn, MAX_TSN)) {
2400 #ifdef SCTP_CWND_MONITOR
2403 old_cwnd = net->cwnd;
2405 SCTP_STAT_INCR(sctps_ecnereducedcwnd);
2406 net->ssthresh = net->cwnd / 2;
2407 if (net->ssthresh < net->mtu) {
2408 net->ssthresh = net->mtu;
2409 /* here back off the timer as well, to slow us down */
2412 net->cwnd = net->ssthresh;
2413 #ifdef SCTP_CWND_MONITOR
2414 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd), SCTP_CWND_LOG_FROM_SAT);
2417 * we reduce once every RTT. So we will only lower cwnd at
2418 * the next sending seq i.e. the resync_tsn.
2420 stcb->asoc.last_cwr_tsn = stcb->asoc.nonce_resync_tsn;
2423 * We always send a CWR this way if our previous one was lost our
2424 * peer will get an update, or if it is not time again to reduce we
2425 * still get the cwr to the peer.
2427 sctp_send_cwr(stcb, net, tsn);
2431 sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb)
2434 * Here we get a CWR from the peer. We must look in the outqueue and
2435 * make sure that we have a covered ECNE in teh control chunk part.
2438 struct sctp_tmit_chunk *chk;
2439 struct sctp_ecne_chunk *ecne;
2441 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
2442 if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) {
2446 * Look for and remove if it is the right TSN. Since there
2447 * is only ONE ECNE on the control queue at any one time we
2448 * don't need to worry about more than one!
2450 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
2451 if (compare_with_wrap(ntohl(cp->tsn), ntohl(ecne->tsn),
2452 MAX_TSN) || (cp->tsn == ecne->tsn)) {
2453 /* this covers this ECNE, we can remove it */
2454 stcb->asoc.ecn_echo_cnt_onq--;
2455 TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk,
2458 sctp_m_freem(chk->data);
2461 stcb->asoc.ctrl_queue_cnt--;
2462 sctp_free_remote_addr(chk->whoTo);
2463 sctp_free_a_chunk(stcb, chk);
2470 sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp,
2471 struct sctp_tcb *stcb, struct sctp_nets *net)
2473 struct sctp_association *asoc;
2476 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2477 printf("sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n");
2484 /* process according to association state */
2485 if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT) {
2486 /* unexpected SHUTDOWN-COMPLETE... so ignore... */
2487 SCTP_TCB_UNLOCK(stcb);
2490 /* notify upper layer protocol */
2491 if (stcb->sctp_socket) {
2492 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
2493 /* are the queues empty? they should be */
2494 if (!TAILQ_EMPTY(&asoc->send_queue) ||
2495 !TAILQ_EMPTY(&asoc->sent_queue) ||
2496 !TAILQ_EMPTY(&asoc->out_wheel)) {
2497 sctp_report_all_outbound(stcb, 0);
2500 /* stop the timer */
2501 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_21);
2502 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
2504 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_22);
2509 process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc,
2510 struct sctp_nets *net, uint8_t flg)
2512 switch (desc->chunk_type) {
2514 /* find the tsn to resend (possibly */
2517 struct sctp_tmit_chunk *tp1;
2519 tsn = ntohl(desc->tsn_ifany);
2520 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2522 if (tp1->rec.data.TSN_seq == tsn) {
2526 if (compare_with_wrap(tp1->rec.data.TSN_seq, tsn,
2532 tp1 = TAILQ_NEXT(tp1, sctp_next);
2536 * Do it the other way , aka without paying
2537 * attention to queue seq order.
2539 SCTP_STAT_INCR(sctps_pdrpdnfnd);
2540 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2542 if (tp1->rec.data.TSN_seq == tsn) {
2546 tp1 = TAILQ_NEXT(tp1, sctp_next);
2550 SCTP_STAT_INCR(sctps_pdrptsnnf);
2552 if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) {
2555 if ((stcb->asoc.peers_rwnd == 0) &&
2556 ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) {
2557 SCTP_STAT_INCR(sctps_pdrpdiwnp);
2560 if (stcb->asoc.peers_rwnd == 0 &&
2561 (flg & SCTP_FROM_MIDDLE_BOX)) {
2562 SCTP_STAT_INCR(sctps_pdrpdizrw);
2565 ddp = (uint8_t *) (mtod(tp1->data, caddr_t)+
2566 sizeof(struct sctp_data_chunk));
2570 for (iii = 0; iii < sizeof(desc->data_bytes);
2572 if (ddp[iii] != desc->data_bytes[iii]) {
2573 SCTP_STAT_INCR(sctps_pdrpbadd);
2579 * We zero out the nonce so resync not
2582 tp1->rec.data.ect_nonce = 0;
2586 * this guy had a RTO calculation
2587 * pending on it, cancel it
2591 SCTP_STAT_INCR(sctps_pdrpmark);
2592 if (tp1->sent != SCTP_DATAGRAM_RESEND)
2593 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2594 tp1->sent = SCTP_DATAGRAM_RESEND;
2596 * mark it as if we were doing a FR, since
2597 * we will be getting gap ack reports behind
2598 * the info from the router.
2600 tp1->rec.data.doing_fast_retransmit = 1;
2602 * mark the tsn with what sequences can
2605 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
2606 tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
2608 tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.TSN_seq;
2611 /* restart the timer */
2612 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2613 stcb, tp1->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_23);
2614 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2617 /* fix counts and things */
2618 #ifdef SCTP_FLIGHT_LOGGING
2619 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN,
2620 tp1->whoTo->flight_size,
2623 tp1->rec.data.TSN_seq);
2625 if (tp1->whoTo->flight_size >= tp1->book_size)
2626 tp1->whoTo->flight_size -= tp1->book_size;
2628 tp1->whoTo->flight_size = 0;
2630 if (stcb->asoc.total_flight >= tp1->book_size) {
2631 stcb->asoc.total_flight -= tp1->book_size;
2632 if (stcb->asoc.total_flight_count > 0)
2633 stcb->asoc.total_flight_count--;
2635 stcb->asoc.total_flight = 0;
2636 stcb->asoc.total_flight_count = 0;
2644 TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) {
2645 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2648 TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue,
2650 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2653 if (audit != stcb->asoc.sent_queue_retran_cnt) {
2654 printf("**Local Audit finds cnt:%d asoc cnt:%d\n",
2655 audit, stcb->asoc.sent_queue_retran_cnt);
2656 #ifndef SCTP_AUDITING_ENABLED
2657 stcb->asoc.sent_queue_retran_cnt = audit;
2665 struct sctp_tmit_chunk *asconf;
2667 TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue,
2669 if (asconf->rec.chunk_id.id == SCTP_ASCONF) {
2674 if (asconf->sent != SCTP_DATAGRAM_RESEND)
2675 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2676 asconf->sent = SCTP_DATAGRAM_RESEND;
2677 asconf->snd_count--;
2681 case SCTP_INITIATION:
2682 /* resend the INIT */
2683 stcb->asoc.dropped_special_cnt++;
2684 if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) {
2686 * If we can get it in, in a few attempts we do
2687 * this, otherwise we let the timer fire.
2689 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep,
2690 stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_24);
2691 sctp_send_initiate(stcb->sctp_ep, stcb);
2694 case SCTP_SELECTIVE_ACK:
2695 /* resend the sack */
2696 sctp_send_sack(stcb);
2698 case SCTP_HEARTBEAT_REQUEST:
2699 /* resend a demand HB */
2700 sctp_send_hb(stcb, 1, net);
2703 sctp_send_shutdown(stcb, net);
2705 case SCTP_SHUTDOWN_ACK:
2706 sctp_send_shutdown_ack(stcb, net);
2708 case SCTP_COOKIE_ECHO:
2710 struct sctp_tmit_chunk *cookie;
2713 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue,
2715 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
2720 if (cookie->sent != SCTP_DATAGRAM_RESEND)
2721 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2722 cookie->sent = SCTP_DATAGRAM_RESEND;
2723 sctp_stop_all_cookie_timers(stcb);
2727 case SCTP_COOKIE_ACK:
2728 sctp_send_cookie_ack(stcb);
2730 case SCTP_ASCONF_ACK:
2731 /* resend last asconf ack */
2732 sctp_send_asconf_ack(stcb, 1);
2734 case SCTP_FORWARD_CUM_TSN:
2735 send_forward_tsn(stcb, &stcb->asoc);
2737 /* can't do anything with these */
2738 case SCTP_PACKET_DROPPED:
2739 case SCTP_INITIATION_ACK: /* this should not happen */
2740 case SCTP_HEARTBEAT_ACK:
2741 case SCTP_ABORT_ASSOCIATION:
2742 case SCTP_OPERATION_ERROR:
2743 case SCTP_SHUTDOWN_COMPLETE:
2753 sctp_reset_in_stream(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2759 * We set things to 0xffff since this is the last delivered sequence
2760 * and we will be sending in 0 after the reset.
2763 if (number_entries) {
2764 for (i = 0; i < number_entries; i++) {
2765 temp = ntohs(list[i]);
2766 if (temp >= stcb->asoc.streamincnt) {
2769 stcb->asoc.strmin[temp].last_sequence_delivered = 0xffff;
2773 for (i = 0; i < stcb->asoc.streamincnt; i++) {
2774 stcb->asoc.strmin[i].last_sequence_delivered = 0xffff;
2777 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list);
2781 sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2785 if (number_entries == 0) {
2786 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
2787 stcb->asoc.strmout[i].next_sequence_sent = 0;
2789 } else if (number_entries) {
2790 for (i = 0; i < number_entries; i++) {
2793 temp = ntohs(list[i]);
2794 if (temp >= stcb->asoc.streamoutcnt) {
2795 /* no such stream */
2798 stcb->asoc.strmout[temp].next_sequence_sent = 0;
2801 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list);
2805 struct sctp_stream_reset_out_request *
2806 sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk)
2808 struct sctp_association *asoc;
2809 struct sctp_stream_reset_out_req *req;
2810 struct sctp_stream_reset_out_request *r;
2811 struct sctp_tmit_chunk *chk;
2815 if (TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
2818 if (stcb->asoc.str_reset == NULL) {
2821 chk = stcb->asoc.str_reset;
2822 if (chk->data == NULL) {
2826 /* he wants a copy of the chk pointer */
2829 clen = chk->send_size;
2830 req = mtod(chk->data, struct sctp_stream_reset_out_req *);
2832 if (ntohl(r->request_seq) == seq) {
2836 len = SCTP_SIZE32(ntohs(r->ph.param_length));
2837 if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) {
2838 /* move to the next one, there can only be a max of two */
2839 r = (struct sctp_stream_reset_out_request *)((caddr_t)r + len);
2840 if (ntohl(r->request_seq) == seq) {
2844 /* that seq is not here */
2849 sctp_clean_up_stream_reset(struct sctp_tcb *stcb)
2851 struct sctp_association *asoc;
2852 struct sctp_tmit_chunk *chk = stcb->asoc.str_reset;
2854 if (stcb->asoc.str_reset == NULL) {
2859 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_25);
2860 TAILQ_REMOVE(&asoc->control_send_queue,
2864 sctp_m_freem(chk->data);
2867 asoc->ctrl_queue_cnt--;
2868 sctp_free_remote_addr(chk->whoTo);
2870 sctp_free_a_chunk(stcb, chk);
2871 stcb->asoc.str_reset = NULL;
2876 sctp_handle_stream_reset_response(struct sctp_tcb *stcb,
2877 uint32_t seq, uint32_t action,
2878 struct sctp_stream_reset_response *respin)
2882 struct sctp_association *asoc = &stcb->asoc;
2883 struct sctp_tmit_chunk *chk;
2884 struct sctp_stream_reset_out_request *srparam;
2887 if (asoc->stream_reset_outstanding == 0) {
2891 if (seq == stcb->asoc.str_reset_seq_out) {
2892 srparam = sctp_find_stream_reset(stcb, seq, &chk);
2894 stcb->asoc.str_reset_seq_out++;
2895 type = ntohs(srparam->ph.param_type);
2896 lparm_len = ntohs(srparam->ph.param_length);
2897 if (type == SCTP_STR_RESET_OUT_REQUEST) {
2898 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t);
2899 asoc->stream_reset_out_is_outstanding = 0;
2900 if (asoc->stream_reset_outstanding)
2901 asoc->stream_reset_outstanding--;
2902 if (action == SCTP_STREAM_RESET_PERFORMED) {
2904 sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams);
2906 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams);
2908 } else if (type == SCTP_STR_RESET_IN_REQUEST) {
2909 /* Answered my request */
2910 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t);
2911 if (asoc->stream_reset_outstanding)
2912 asoc->stream_reset_outstanding--;
2913 if (action != SCTP_STREAM_RESET_PERFORMED) {
2914 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, number_entries, srparam->list_of_streams);
2916 } else if (type == SCTP_STR_RESET_TSN_REQUEST) {
2918 * a) Adopt the new in tsn.
2920 * c) Adopt the new out-tsn
2922 struct sctp_stream_reset_response_tsn *resp;
2923 struct sctp_forward_tsn_chunk fwdtsn;
2926 if (respin == NULL) {
2930 if (action == SCTP_STREAM_RESET_PERFORMED) {
2931 resp = (struct sctp_stream_reset_response_tsn *)respin;
2932 asoc->stream_reset_outstanding--;
2933 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
2934 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
2935 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
2936 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
2940 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
2941 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
2942 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
2943 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
2944 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
2945 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
2947 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
2948 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
2952 /* get rid of the request and get the request flags */
2953 if (asoc->stream_reset_outstanding == 0) {
2954 sctp_clean_up_stream_reset(stcb);
2962 sctp_handle_str_reset_request_in(struct sctp_tcb *stcb,
2963 struct sctp_tmit_chunk *chk,
2964 struct sctp_stream_reset_in_request *req)
2972 * peer wants me to send a str-reset to him for my outgoing seq's if
2975 struct sctp_association *asoc = &stcb->asoc;
2977 seq = ntohl(req->request_seq);
2978 if (asoc->str_reset_seq_in == seq) {
2979 if (stcb->asoc.stream_reset_out_is_outstanding == 0) {
2980 len = ntohs(req->ph.param_length);
2981 number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t));
2982 for (i = 0; i < number_entries; i++) {
2983 temp = ntohs(req->list_of_streams[i]);
2984 req->list_of_streams[i] = temp;
2986 /* move the reset action back one */
2987 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2988 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2989 sctp_add_stream_reset_out(chk, number_entries, req->list_of_streams,
2990 asoc->str_reset_seq_out,
2991 seq, (asoc->sending_seq - 1));
2992 asoc->stream_reset_out_is_outstanding = 1;
2993 asoc->str_reset = chk;
2994 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
2995 stcb->asoc.stream_reset_outstanding++;
2997 /* Can't do it, since we have sent one out */
2998 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2999 asoc->last_reset_action[0] = SCTP_STREAM_RESET_TRY_LATER;
3000 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3002 asoc->str_reset_seq_in++;
3003 } else if (asoc->str_reset_seq_in - 1 == seq) {
3004 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3005 } else if (asoc->str_reset_seq_in - 2 == seq) {
3006 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3008 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3013 sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb,
3014 struct sctp_tmit_chunk *chk,
3015 struct sctp_stream_reset_tsn_request *req)
3017 /* reset all in and out and update the tsn */
3019 * A) reset my str-seq's on in and out. B) Select a receive next,
3020 * and set cum-ack to it. Also process this selected number as a
3021 * fwd-tsn as well. C) set in the response my next sending seq.
3023 struct sctp_forward_tsn_chunk fwdtsn;
3024 struct sctp_association *asoc = &stcb->asoc;
3028 seq = ntohl(req->request_seq);
3029 if (asoc->str_reset_seq_in == seq) {
3030 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
3031 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3032 fwdtsn.ch.chunk_flags = 0;
3033 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
3034 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
3038 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
3039 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3040 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
3041 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3042 atomic_add_int(&stcb->asoc.sending_seq, 1);
3043 /* save off historical data for retrans */
3044 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
3045 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
3046 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
3047 stcb->asoc.last_base_tsnsent[0] = stcb->asoc.mapping_array_base_tsn;
3049 sctp_add_stream_reset_result_tsn(chk,
3050 ntohl(req->request_seq),
3051 SCTP_STREAM_RESET_PERFORMED,
3052 stcb->asoc.sending_seq,
3053 stcb->asoc.mapping_array_base_tsn);
3054 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3055 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
3056 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
3057 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3059 asoc->str_reset_seq_in++;
3060 } else if (asoc->str_reset_seq_in - 1 == seq) {
3061 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0],
3062 stcb->asoc.last_sending_seq[0],
3063 stcb->asoc.last_base_tsnsent[0]
3065 } else if (asoc->str_reset_seq_in - 2 == seq) {
3066 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1],
3067 stcb->asoc.last_sending_seq[1],
3068 stcb->asoc.last_base_tsnsent[1]
3071 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3077 sctp_handle_str_reset_request_out(struct sctp_tcb *stcb,
3078 struct sctp_tmit_chunk *chk,
3079 struct sctp_stream_reset_out_request *req)
3082 int number_entries, len;
3083 struct sctp_association *asoc = &stcb->asoc;
3085 seq = ntohl(req->request_seq);
3087 /* now if its not a duplicate we process it */
3088 if (asoc->str_reset_seq_in == seq) {
3089 len = ntohs(req->ph.param_length);
3090 number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t));
3092 * the sender is resetting, handle the list issue.. we must
3093 * a) verify if we can do the reset, if so no problem b) If
3094 * we can't do the reset we must copy the request. c) queue
3095 * it, and setup the data in processor to trigger it off
3096 * when needed and dequeue all the queued data.
3098 tsn = ntohl(req->send_reset_at_tsn);
3100 /* move the reset action back one */
3101 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3102 if ((tsn == asoc->cumulative_tsn) ||
3103 (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN))) {
3104 /* we can do it now */
3105 sctp_reset_in_stream(stcb, number_entries, req->list_of_streams);
3106 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3107 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3110 * we must queue it up and thus wait for the TSN's
3111 * to arrive that are at or before tsn
3113 struct sctp_stream_reset_list *liste;
3116 siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t));
3117 SCTP_MALLOC(liste, struct sctp_stream_reset_list *,
3119 if (liste == NULL) {
3120 /* gak out of memory */
3121 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
3122 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3126 liste->number_entries = number_entries;
3127 memcpy(&liste->req, req,
3128 (sizeof(struct sctp_stream_reset_out_request) + (number_entries * sizeof(uint16_t))));
3129 TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp);
3130 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3131 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3133 asoc->str_reset_seq_in++;
3134 } else if ((asoc->str_reset_seq_in - 1) == seq) {
3136 * one seq back, just echo back last action since my
3137 * response was lost.
3139 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3140 } else if ((asoc->str_reset_seq_in - 2) == seq) {
3142 * two seq back, just echo back last action since my
3143 * response was lost.
3145 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3147 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3152 sctp_handle_stream_reset(struct sctp_tcb *stcb, struct sctp_stream_reset_out_req *sr_req)
3154 int chk_length, param_len, ptype;
3157 struct sctp_tmit_chunk *chk;
3158 struct sctp_chunkhdr *ch;
3159 struct sctp_paramhdr *ph;
3163 /* now it may be a reset or a reset-response */
3164 chk_length = ntohs(sr_req->ch.chunk_length);
3166 /* setup for adding the response */
3167 sctp_alloc_a_chunk(stcb, chk);
3171 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
3172 chk->asoc = &stcb->asoc;
3173 chk->no_fr_allowed = 0;
3174 chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr);
3175 chk->book_size_scale = 0;
3176 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
3177 if (chk->data == NULL) {
3180 sctp_m_freem(chk->data);
3183 sctp_free_a_chunk(stcb, chk);
3186 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
3188 /* setup chunk parameters */
3189 chk->sent = SCTP_DATAGRAM_UNSENT;
3191 chk->whoTo = stcb->asoc.primary_destination;
3192 atomic_add_int(&chk->whoTo->ref_count, 1);
3194 ch = mtod(chk->data, struct sctp_chunkhdr *);
3195 ch->chunk_type = SCTP_STREAM_RESET;
3196 ch->chunk_flags = 0;
3197 ch->chunk_length = htons(chk->send_size);
3198 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
3200 ph = (struct sctp_paramhdr *)&sr_req->sr_req;
3201 while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) {
3202 param_len = ntohs(ph->param_length);
3203 if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) {
3207 ptype = ntohs(ph->param_type);
3209 if (num_param > SCTP_MAX_RESET_PARAMS) {
3210 /* hit the max of parameters already sorry.. */
3213 if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
3214 struct sctp_stream_reset_out_request *req_out;
3216 req_out = (struct sctp_stream_reset_out_request *)ph;
3218 if (stcb->asoc.stream_reset_outstanding) {
3219 seq = ntohl(req_out->response_seq);
3220 if (seq == stcb->asoc.str_reset_seq_out) {
3222 sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_PERFORMED, NULL);
3225 sctp_handle_str_reset_request_out(stcb, chk, req_out);
3226 } else if (ptype == SCTP_STR_RESET_IN_REQUEST) {
3227 struct sctp_stream_reset_in_request *req_in;
3230 req_in = (struct sctp_stream_reset_in_request *)ph;
3231 sctp_handle_str_reset_request_in(stcb, chk, req_in);
3232 } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) {
3233 struct sctp_stream_reset_tsn_request *req_tsn;
3236 req_tsn = (struct sctp_stream_reset_tsn_request *)ph;
3237 if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) {
3239 goto strres_nochunk;
3243 } else if (ptype == SCTP_STR_RESET_RESPONSE) {
3244 struct sctp_stream_reset_response *resp;
3247 resp = (struct sctp_stream_reset_response *)ph;
3248 seq = ntohl(resp->response_seq);
3249 result = ntohl(resp->result);
3250 if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) {
3252 goto strres_nochunk;
3258 ph = (struct sctp_paramhdr *)((caddr_t)ph + SCTP_SIZE32(param_len));
3259 chk_length -= SCTP_SIZE32(param_len);
3262 /* we have no response free the stuff */
3263 goto strres_nochunk;
3265 /* ok we have a chunk to link in */
3266 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue,
3269 stcb->asoc.ctrl_queue_cnt++;
3274 * Handle a router or endpoints report of a packet loss, there are two ways
3275 * to handle this, either we get the whole packet and must disect it
3276 * ourselves (possibly with truncation and or corruption) or it is a summary
3277 * from a middle box that did the disectting for us.
3280 sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
3281 struct sctp_tcb *stcb, struct sctp_nets *net)
3283 uint32_t bottle_bw, on_queue;
3287 struct sctp_chunk_desc desc;
3288 struct sctp_chunkhdr *ch;
3290 chlen = ntohs(cp->ch.chunk_length);
3291 chlen -= sizeof(struct sctp_pktdrop_chunk);
3292 /* XXX possible chlen underflow */
3295 if (cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX)
3296 SCTP_STAT_INCR(sctps_pdrpbwrpt);
3298 ch = (struct sctp_chunkhdr *)(cp->data + sizeof(struct sctphdr));
3299 chlen -= sizeof(struct sctphdr);
3300 /* XXX possible chlen underflow */
3301 memset(&desc, 0, sizeof(desc));
3303 trunc_len = (uint16_t) ntohs(cp->trunc_len);
3304 /* now the chunks themselves */
3305 while ((ch != NULL) && (chlen >= sizeof(struct sctp_chunkhdr))) {
3306 desc.chunk_type = ch->chunk_type;
3307 /* get amount we need to move */
3308 at = ntohs(ch->chunk_length);
3309 if (at < sizeof(struct sctp_chunkhdr)) {
3310 /* corrupt chunk, maybe at the end? */
3311 SCTP_STAT_INCR(sctps_pdrpcrupt);
3314 if (trunc_len == 0) {
3315 /* we are supposed to have all of it */
3317 /* corrupt skip it */
3318 SCTP_STAT_INCR(sctps_pdrpcrupt);
3322 /* is there enough of it left ? */
3323 if (desc.chunk_type == SCTP_DATA) {
3324 if (chlen < (sizeof(struct sctp_data_chunk) +
3325 sizeof(desc.data_bytes))) {
3329 if (chlen < sizeof(struct sctp_chunkhdr)) {
3334 if (desc.chunk_type == SCTP_DATA) {
3335 /* can we get out the tsn? */
3336 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3337 SCTP_STAT_INCR(sctps_pdrpmbda);
3339 if (chlen >= (sizeof(struct sctp_data_chunk) + sizeof(uint32_t))) {
3341 struct sctp_data_chunk *dcp;
3345 dcp = (struct sctp_data_chunk *)ch;
3346 ddp = (uint8_t *) (dcp + 1);
3347 for (iii = 0; iii < sizeof(desc.data_bytes); iii++) {
3348 desc.data_bytes[iii] = ddp[iii];
3350 desc.tsn_ifany = dcp->dp.tsn;
3352 /* nope we are done. */
3353 SCTP_STAT_INCR(sctps_pdrpnedat);
3357 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3358 SCTP_STAT_INCR(sctps_pdrpmbct);
3361 if (process_chunk_drop(stcb, &desc, net, cp->ch.chunk_flags)) {
3362 SCTP_STAT_INCR(sctps_pdrppdbrk);
3365 if (SCTP_SIZE32(at) > chlen) {
3368 chlen -= SCTP_SIZE32(at);
3369 if (chlen < sizeof(struct sctp_chunkhdr)) {
3370 /* done, none left */
3373 ch = (struct sctp_chunkhdr *)((caddr_t)ch + SCTP_SIZE32(at));
3375 /* Now update any rwnd --- possibly */
3376 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) == 0) {
3377 /* From a peer, we get a rwnd report */
3380 SCTP_STAT_INCR(sctps_pdrpfehos);
3382 bottle_bw = ntohl(cp->bottle_bw);
3383 on_queue = ntohl(cp->current_onq);
3384 if (bottle_bw && on_queue) {
3385 /* a rwnd report is in here */
3386 if (bottle_bw > on_queue)
3387 a_rwnd = bottle_bw - on_queue;
3392 stcb->asoc.peers_rwnd = 0;
3394 if (a_rwnd > stcb->asoc.total_flight) {
3395 stcb->asoc.peers_rwnd =
3396 a_rwnd - stcb->asoc.total_flight;
3398 stcb->asoc.peers_rwnd = 0;
3400 if (stcb->asoc.peers_rwnd <
3401 stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3402 /* SWS sender side engages */
3403 stcb->asoc.peers_rwnd = 0;
3408 SCTP_STAT_INCR(sctps_pdrpfmbox);
3411 /* now middle boxes in sat networks get a cwnd bump */
3412 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) &&
3413 (stcb->asoc.sat_t3_loss_recovery == 0) &&
3414 (stcb->asoc.sat_network)) {
3416 * This is debateable but for sat networks it makes sense
3417 * Note if a T3 timer has went off, we will prohibit any
3418 * changes to cwnd until we exit the t3 loss recovery.
3423 #ifdef SCTP_CWND_MONITOR
3424 int old_cwnd = net->cwnd;
3427 /* need real RTT for this calc */
3428 rtt = ((net->lastsa >> 2) + net->lastsv) >> 1;
3429 /* get bottle neck bw */
3430 bottle_bw = ntohl(cp->bottle_bw);
3431 /* and whats on queue */
3432 on_queue = ntohl(cp->current_onq);
3434 * adjust the on-queue if our flight is more it could be
3435 * that the router has not yet gotten data "in-flight" to it
3437 if (on_queue < net->flight_size)
3438 on_queue = net->flight_size;
3440 /* calculate the available space */
3441 bw_avail = (bottle_bw * rtt) / 1000;
3442 if (bw_avail > bottle_bw) {
3444 * Cap the growth to no more than the bottle neck.
3445 * This can happen as RTT slides up due to queues.
3446 * It also means if you have more than a 1 second
3447 * RTT with a empty queue you will be limited to the
3448 * bottle_bw per second no matter if other points
3449 * have 1/2 the RTT and you could get more out...
3451 bw_avail = bottle_bw;
3453 if (on_queue > bw_avail) {
3455 * No room for anything else don't allow anything
3456 * else to be "added to the fire".
3458 int seg_inflight, seg_onqueue, my_portion;
3460 net->partial_bytes_acked = 0;
3462 /* how much are we over queue size? */
3463 incr = on_queue - bw_avail;
3464 if (stcb->asoc.seen_a_sack_this_pkt) {
3466 * undo any cwnd adjustment that the sack
3469 net->cwnd = net->prev_cwnd;
3471 /* Now how much of that is mine? */
3472 seg_inflight = net->flight_size / net->mtu;
3473 seg_onqueue = on_queue / net->mtu;
3474 my_portion = (incr * seg_inflight) / seg_onqueue;
3476 /* Have I made an adjustment already */
3477 if (net->cwnd > net->flight_size) {
3479 * for this flight I made an adjustment we
3480 * need to decrease the portion by a share
3481 * our previous adjustment.
3485 diff_adj = net->cwnd - net->flight_size;
3486 if (diff_adj > my_portion)
3489 my_portion -= diff_adj;
3492 * back down to the previous cwnd (assume we have
3493 * had a sack before this packet). minus what ever
3494 * portion of the overage is my fault.
3496 net->cwnd -= my_portion;
3498 /* we will NOT back down more than 1 MTU */
3499 if (net->cwnd <= net->mtu) {
3500 net->cwnd = net->mtu;
3503 net->ssthresh = net->cwnd - 1;
3506 * Take 1/4 of the space left or max burst up ..
3507 * whichever is less.
3509 incr = min((bw_avail - on_queue) >> 2,
3510 (int)stcb->asoc.max_burst * (int)net->mtu);
3513 if (net->cwnd > bw_avail) {
3514 /* We can't exceed the pipe size */
3515 net->cwnd = bw_avail;
3517 if (net->cwnd < net->mtu) {
3518 /* We always have 1 MTU */
3519 net->cwnd = net->mtu;
3521 #ifdef SCTP_CWND_MONITOR
3522 if (net->cwnd - old_cwnd != 0) {
3523 /* log only changes */
3524 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd),
3525 SCTP_CWND_LOG_FROM_SAT);
3532 * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to
3533 * still contain IP/SCTP header - stcb: is the tcb found for this packet -
3534 * offset: offset into the mbuf chain to first chunkhdr - length: is the
3535 * length of the complete packet outputs: - length: modified to remaining
3536 * length after control processing - netp: modified to new sctp_nets after
3537 * cookie-echo processing - return NULL to discard the packet (ie. no asoc,
3538 * bad packet,...) otherwise return the tcb for this packet
3540 static struct sctp_tcb *
3541 sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
3542 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp,
3543 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen)
3545 struct sctp_association *asoc;
3547 int num_chunks = 0; /* number of control chunks processed */
3550 int abort_no_unlock = 0;
3553 * How big should this be, and should it be alloc'd? Lets try the
3554 * d-mtu-ceiling for now (2k) and that should hopefully work ...
3555 * until we get into jumbo grams and such..
3557 uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE];
3558 struct sctp_tcb *locked_tcb = stcb;
3560 uint32_t auth_offset = 0, auth_len = 0;
3561 int auth_skipped = 0;
3564 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
3565 printf("sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n",
3566 iphlen, *offset, length, stcb);
3568 #endif /* SCTP_DEBUG */
3570 /* validate chunk header length... */
3571 if (ntohs(ch->chunk_length) < sizeof(*ch)) {
3575 * validate the verification tag
3577 vtag_in = ntohl(sh->v_tag);
3580 SCTP_TCB_LOCK_ASSERT(locked_tcb);
3582 if (ch->chunk_type == SCTP_INITIATION) {
3584 /* protocol error- silently discard... */
3585 SCTP_STAT_INCR(sctps_badvtag);
3587 SCTP_TCB_UNLOCK(locked_tcb);
3590 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
3592 * If there is no stcb, skip the AUTH chunk and process
3593 * later after a stcb is found (to validate the lookup was
3596 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
3597 (stcb == NULL) && !sctp_auth_disable) {
3598 /* save this chunk for later processing */
3600 auth_offset = *offset;
3601 auth_len = ntohs(ch->chunk_length);
3603 /* (temporarily) move past this chunk */
3604 *offset += SCTP_SIZE32(auth_len);
3605 if (*offset >= length) {
3606 /* no more data left in the mbuf chain */
3610 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3611 sizeof(struct sctp_chunkhdr), chunk_buf);
3613 if (ch->chunk_type == SCTP_COOKIE_ECHO) {
3614 goto process_control_chunks;
3617 * first check if it's an ASCONF with an unknown src addr we
3618 * need to look inside to find the association
3620 if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) {
3621 /* inp's refcount may be reduced */
3622 SCTP_INP_INCR_REF(inp);
3624 stcb = sctp_findassociation_ep_asconf(m, iphlen,
3625 *offset, sh, &inp, netp);
3628 * reduce inp's refcount if not reduced in
3629 * sctp_findassociation_ep_asconf().
3631 SCTP_INP_DECR_REF(inp);
3633 /* now go back and verify any auth chunk to be sure */
3634 if (auth_skipped && (stcb != NULL)) {
3635 struct sctp_auth_chunk *auth;
3637 auth = (struct sctp_auth_chunk *)
3638 sctp_m_getptr(m, auth_offset,
3639 auth_len, chunk_buf);
3642 if (sctp_handle_auth(stcb, auth, m,
3644 /* auth HMAC failed so dump it */
3648 /* remaining chunks are HMAC checked */
3649 stcb->asoc.authenticated = 1;
3654 /* no association, so it's out of the blue... */
3655 sctp_handle_ootb(m, iphlen, *offset, sh, inp, NULL);
3658 SCTP_TCB_UNLOCK(locked_tcb);
3662 /* ABORT and SHUTDOWN can use either v_tag... */
3663 if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) ||
3664 (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) ||
3665 (ch->chunk_type == SCTP_PACKET_DROPPED)) {
3666 if ((vtag_in == asoc->my_vtag) ||
3667 ((ch->chunk_flags & SCTP_HAD_NO_TCB) &&
3668 (vtag_in == asoc->peer_vtag))) {
3671 /* drop this packet... */
3672 SCTP_STAT_INCR(sctps_badvtag);
3674 SCTP_TCB_UNLOCK(locked_tcb);
3677 } else if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
3678 if (vtag_in != asoc->my_vtag) {
3680 * this could be a stale SHUTDOWN-ACK or the
3681 * peer never got the SHUTDOWN-COMPLETE and
3682 * is still hung; we have started a new asoc
3683 * but it won't complete until the shutdown
3687 SCTP_TCB_UNLOCK(locked_tcb);
3688 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
3693 /* for all other chunks, vtag must match */
3694 if (vtag_in != asoc->my_vtag) {
3695 /* invalid vtag... */
3697 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3698 printf("invalid vtag: %xh, expect %xh\n", vtag_in, asoc->my_vtag);
3700 #endif /* SCTP_DEBUG */
3701 SCTP_STAT_INCR(sctps_badvtag);
3703 SCTP_TCB_UNLOCK(locked_tcb);
3708 } /* end if !SCTP_COOKIE_ECHO */
3710 * process all control chunks...
3712 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
3713 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
3714 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
3715 /* implied cookie-ack.. we must have lost the ack */
3716 stcb->asoc.overall_error_count = 0;
3717 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
3720 process_control_chunks:
3722 while (IS_SCTP_CONTROL(ch)) {
3723 /* validate chunk length */
3724 chk_length = ntohs(ch->chunk_length);
3726 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
3727 printf("sctp_process_control: processing a chunk type=%u, len=%u\n",
3728 ch->chunk_type, chk_length);
3730 #endif /* SCTP_DEBUG */
3731 if ((size_t)chk_length < sizeof(*ch) ||
3732 (*offset + chk_length) > length) {
3735 SCTP_TCB_UNLOCK(locked_tcb);
3738 SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks);
3740 * INIT-ACK only gets the init ack "header" portion only
3741 * because we don't have to process the peer's COOKIE. All
3742 * others get a complete chunk.
3744 if (ch->chunk_type == SCTP_INITIATION_ACK) {
3745 /* get an init-ack chunk */
3746 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3747 sizeof(struct sctp_init_ack_chunk), chunk_buf);
3751 SCTP_TCB_UNLOCK(locked_tcb);
3755 /* get a complete chunk... */
3756 if ((size_t)chk_length > sizeof(chunk_buf)) {
3758 struct sctp_paramhdr *phdr;
3761 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
3762 0, M_DONTWAIT, 1, MT_DATA);
3764 /* pre-reserve some space */
3765 SCTP_BUF_RESV_UF(oper, sizeof(struct sctp_chunkhdr));
3766 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr);
3767 phdr = mtod(oper, struct sctp_paramhdr *);
3768 phdr->param_type = htons(SCTP_CAUSE_OUT_OF_RESC);
3769 phdr->param_length = htons(sizeof(struct sctp_paramhdr));
3770 sctp_queue_op_err(stcb, oper);
3773 SCTP_TCB_UNLOCK(locked_tcb);
3776 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3777 chk_length, chunk_buf);
3779 printf("sctp_process_control: Can't get the all data....\n");
3782 SCTP_TCB_UNLOCK(locked_tcb);
3787 /* Save off the last place we got a control from */
3789 if ((*netp != NULL) || (ch->chunk_type == SCTP_ASCONF)) {
3791 * allow last_control to be NULL if
3792 * ASCONF... ASCONF processing will find the
3795 stcb->asoc.last_control_chunk_from = *netp;
3798 #ifdef SCTP_AUDITING_ENABLED
3799 sctp_audit_log(0xB0, ch->chunk_type);
3802 /* check to see if this chunk required auth, but isn't */
3803 if ((stcb != NULL) && !sctp_auth_disable &&
3804 sctp_auth_is_required_chunk(ch->chunk_type,
3805 stcb->asoc.local_auth_chunks) &&
3806 !stcb->asoc.authenticated) {
3807 /* "silently" ignore */
3808 SCTP_STAT_INCR(sctps_recvauthmissing);
3811 switch (ch->chunk_type) {
3812 case SCTP_INITIATION:
3813 /* must be first and only chunk */
3815 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3816 printf("SCTP_INIT\n");
3818 #endif /* SCTP_DEBUG */
3819 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3820 /* We are not interested anymore? */
3821 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3823 * collision case where we are
3824 * sending to them too
3829 SCTP_TCB_UNLOCK(locked_tcb);
3834 if ((num_chunks > 1) ||
3835 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3838 SCTP_TCB_UNLOCK(locked_tcb);
3841 if ((stcb != NULL) &&
3842 (SCTP_GET_STATE(&stcb->asoc) ==
3843 SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3844 sctp_send_shutdown_ack(stcb,
3845 stcb->asoc.primary_destination);
3847 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3849 SCTP_TCB_UNLOCK(locked_tcb);
3852 sctp_handle_init(m, iphlen, *offset, sh,
3853 (struct sctp_init_chunk *)ch, inp, stcb, *netp, &abort_no_unlock);
3854 if (abort_no_unlock)
3859 SCTP_TCB_UNLOCK(locked_tcb);
3862 case SCTP_INITIATION_ACK:
3863 /* must be first and only chunk */
3865 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3866 printf("SCTP_INIT-ACK\n");
3868 #endif /* SCTP_DEBUG */
3869 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3870 /* We are not interested anymore */
3871 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3875 SCTP_TCB_UNLOCK(locked_tcb);
3878 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_26);
3883 if ((num_chunks > 1) ||
3884 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3887 SCTP_TCB_UNLOCK(locked_tcb);
3890 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
3891 (struct sctp_init_ack_chunk *)ch, stcb, *netp, &abort_no_unlock);
3893 * Special case, I must call the output routine to
3894 * get the cookie echoed
3896 if (abort_no_unlock)
3899 if ((stcb) && ret == 0)
3900 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3903 SCTP_TCB_UNLOCK(locked_tcb);
3906 case SCTP_SELECTIVE_ACK:
3908 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3909 printf("SCTP_SACK\n");
3911 #endif /* SCTP_DEBUG */
3912 SCTP_STAT_INCR(sctps_recvsacks);
3914 struct sctp_sack_chunk *sack;
3916 uint32_t a_rwnd, cum_ack;
3920 sack = (struct sctp_sack_chunk *)ch;
3922 nonce_sum_flag = ch->chunk_flags & SCTP_SACK_NONCE_SUM;
3923 cum_ack = ntohl(sack->sack.cum_tsn_ack);
3924 num_seg = ntohs(sack->sack.num_gap_ack_blks);
3925 a_rwnd = (uint32_t) ntohl(sack->sack.a_rwnd);
3926 stcb->asoc.seen_a_sack_this_pkt = 1;
3927 if ((stcb->asoc.pr_sctp_cnt == 0) &&
3929 ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) ||
3930 (cum_ack == stcb->asoc.last_acked_seq)) &&
3931 (stcb->asoc.saw_sack_with_frags == 0) &&
3932 (!TAILQ_EMPTY(&stcb->asoc.sent_queue))
3935 * We have a SIMPLE sack having no
3936 * prior segments and data on sent
3937 * queue to be acked.. Use the
3938 * faster path sack processing. We
3939 * also allow window update sacks
3940 * with no missing segments to go
3943 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag, &abort_now);
3945 sctp_handle_sack(sack, stcb, *netp, &abort_now);
3948 /* ABORT signal from sack processing */
3954 case SCTP_HEARTBEAT_REQUEST:
3956 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3957 printf("SCTP_HEARTBEAT\n");
3959 #endif /* SCTP_DEBUG */
3960 SCTP_STAT_INCR(sctps_recvheartbeat);
3961 sctp_send_heartbeat_ack(stcb, m, *offset, chk_length,
3964 /* He's alive so give him credit */
3965 stcb->asoc.overall_error_count = 0;
3967 case SCTP_HEARTBEAT_ACK:
3969 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3970 printf("SCTP_HEARTBEAT-ACK\n");
3972 #endif /* SCTP_DEBUG */
3974 /* He's alive so give him credit */
3975 stcb->asoc.overall_error_count = 0;
3976 SCTP_STAT_INCR(sctps_recvheartbeatack);
3977 sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch,
3980 case SCTP_ABORT_ASSOCIATION:
3982 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3983 printf("SCTP_ABORT\n");
3985 #endif /* SCTP_DEBUG */
3986 sctp_handle_abort((struct sctp_abort_chunk *)ch,
3993 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3994 printf("SCTP_SHUTDOWN\n");
3996 #endif /* SCTP_DEBUG */
4000 sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch,
4001 stcb, *netp, &abort_flag);
4008 case SCTP_SHUTDOWN_ACK:
4010 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4011 printf("SCTP_SHUTDOWN-ACK\n");
4013 #endif /* SCTP_DEBUG */
4014 sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp);
4018 case SCTP_OPERATION_ERROR:
4020 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4021 printf("SCTP_OP-ERR\n");
4023 #endif /* SCTP_DEBUG */
4024 if (sctp_handle_error(ch, stcb, *netp) < 0) {
4029 case SCTP_COOKIE_ECHO:
4031 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4032 printf("SCTP_COOKIE-ECHO stcb is %p\n", stcb);
4034 #endif /* SCTP_DEBUG */
4035 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4038 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) &&
4040 /* We are not interested anymore */
4046 * First are we accepting? We do this again here
4047 * since it is possible that a previous endpoint WAS
4048 * listening responded to a INIT-ACK and then
4049 * closed. We opened and bound.. and are now no
4052 if (inp->sctp_socket->so_qlimit == 0) {
4053 if ((stcb) && (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
4055 * special case, is this a retran'd
4056 * COOKIE-ECHO or a restarting assoc
4057 * that is a peeled off or
4058 * one-to-one style socket.
4060 goto process_cookie_anyway;
4062 sctp_abort_association(inp, stcb, m, iphlen, sh,
4066 } else if (inp->sctp_socket->so_qlimit) {
4067 /* we are accepting so check limits like TCP */
4068 if (inp->sctp_socket->so_qlen >
4069 inp->sctp_socket->so_qlimit) {
4072 struct sctp_paramhdr *phdr;
4074 if (sctp_abort_if_one_2_one_hits_limit) {
4076 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4077 0, M_DONTWAIT, 1, MT_DATA);
4079 SCTP_BUF_LEN(oper) =
4080 sizeof(struct sctp_paramhdr);
4082 struct sctp_paramhdr *);
4084 htons(SCTP_CAUSE_OUT_OF_RESC);
4085 phdr->param_length =
4086 htons(sizeof(struct sctp_paramhdr));
4088 sctp_abort_association(inp, stcb, m,
4095 process_cookie_anyway:
4097 struct mbuf *ret_buf;
4098 struct sctp_inpcb *linp;
4106 SCTP_ASOC_CREATE_LOCK(linp);
4108 sctp_handle_cookie_echo(m, iphlen,
4110 (struct sctp_cookie_echo_chunk *)ch,
4117 SCTP_ASOC_CREATE_UNLOCK(linp);
4118 if (ret_buf == NULL) {
4120 SCTP_TCB_UNLOCK(locked_tcb);
4123 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4124 printf("GAK, null buffer\n");
4126 #endif /* SCTP_DEBUG */
4131 /* if AUTH skipped, see if it verified... */
4136 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) {
4138 * Restart the timer if we have
4141 struct sctp_tmit_chunk *chk;
4143 chk = TAILQ_FIRST(&stcb->asoc.sent_queue);
4145 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4146 stcb->sctp_ep, stcb,
4152 case SCTP_COOKIE_ACK:
4154 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4155 printf("SCTP_COOKIE-ACK\n");
4157 #endif /* SCTP_DEBUG */
4159 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4160 /* We are not interested anymore */
4161 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4164 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27);
4169 /* He's alive so give him credit */
4170 stcb->asoc.overall_error_count = 0;
4171 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
4175 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4176 printf("SCTP_ECN-ECHO\n");
4178 #endif /* SCTP_DEBUG */
4179 /* He's alive so give him credit */
4180 stcb->asoc.overall_error_count = 0;
4181 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
4186 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4187 printf("SCTP_ECN-CWR\n");
4189 #endif /* SCTP_DEBUG */
4190 /* He's alive so give him credit */
4191 stcb->asoc.overall_error_count = 0;
4193 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
4195 case SCTP_SHUTDOWN_COMPLETE:
4197 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4198 printf("SCTP_SHUTDOWN-COMPLETE\n");
4200 #endif /* SCTP_DEBUG */
4201 /* must be first and only chunk */
4202 if ((num_chunks > 1) ||
4203 (length - *offset > SCTP_SIZE32(chk_length))) {
4206 SCTP_TCB_UNLOCK(locked_tcb);
4210 sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch,
4217 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4218 printf("SCTP_ASCONF\n");
4220 #endif /* SCTP_DEBUG */
4221 /* He's alive so give him credit */
4222 stcb->asoc.overall_error_count = 0;
4224 sctp_handle_asconf(m, *offset,
4225 (struct sctp_asconf_chunk *)ch, stcb);
4227 case SCTP_ASCONF_ACK:
4229 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4230 printf("SCTP_ASCONF-ACK\n");
4232 #endif /* SCTP_DEBUG */
4233 /* He's alive so give him credit */
4234 stcb->asoc.overall_error_count = 0;
4236 sctp_handle_asconf_ack(m, *offset,
4237 (struct sctp_asconf_ack_chunk *)ch, stcb, *netp);
4239 case SCTP_FORWARD_CUM_TSN:
4241 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4242 printf("SCTP_FWD-TSN\n");
4244 #endif /* SCTP_DEBUG */
4245 /* He's alive so give him credit */
4249 stcb->asoc.overall_error_count = 0;
4251 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4252 /* We are not interested anymore */
4253 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_28);
4257 sctp_handle_forward_tsn(stcb,
4258 (struct sctp_forward_tsn_chunk *)ch, &abort_flag);
4263 stcb->asoc.overall_error_count = 0;
4268 case SCTP_STREAM_RESET:
4270 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4271 printf("SCTP_STREAM_RESET\n");
4273 #endif /* SCTP_DEBUG */
4274 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4275 chk_length, chunk_buf);
4276 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4277 /* We are not interested anymore */
4278 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_29);
4282 if (stcb->asoc.peer_supports_strreset == 0) {
4284 * hmm, peer should have announced this, but
4285 * we will turn it on since he is sending us
4288 stcb->asoc.peer_supports_strreset = 1;
4290 if (sctp_handle_stream_reset(stcb, (struct sctp_stream_reset_out_req *)ch)) {
4291 /* stop processing */
4296 case SCTP_PACKET_DROPPED:
4298 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4299 printf("SCTP_PACKET_DROPPED\n");
4301 #endif /* SCTP_DEBUG */
4302 /* re-get it all please */
4303 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4304 chk_length, chunk_buf);
4306 sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch,
4311 case SCTP_AUTHENTICATION:
4313 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4314 printf("SCTP_AUTHENTICATION\n");
4316 #endif /* SCTP_DEBUG */
4317 if (sctp_auth_disable)
4321 /* save the first AUTH for later processing */
4322 if (auth_skipped == 0) {
4323 auth_offset = *offset;
4324 auth_len = chk_length;
4327 /* skip this chunk (temporarily) */
4330 if (got_auth == 1) {
4331 /* skip this chunk... it's already auth'd */
4334 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4335 chk_length, chunk_buf);
4337 if (sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch,
4339 /* auth HMAC failed so dump the packet */
4343 /* remaining chunks are HMAC checked */
4344 stcb->asoc.authenticated = 1;
4350 /* it's an unknown chunk! */
4351 if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
4353 struct sctp_paramhdr *phd;
4355 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4356 0, M_DONTWAIT, 1, MT_DATA);
4358 phd = mtod(mm, struct sctp_paramhdr *);
4360 * We cheat and use param type since
4361 * we did not bother to define a
4362 * error cause struct. They are the
4363 * same basic format with different
4366 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
4367 phd->param_length = htons(chk_length + sizeof(*phd));
4368 SCTP_BUF_LEN(mm) = sizeof(*phd);
4369 SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, SCTP_SIZE32(chk_length),
4371 if (SCTP_BUF_NEXT(mm)) {
4372 sctp_queue_op_err(stcb, mm);
4378 if ((ch->chunk_type & 0x80) == 0) {
4379 /* discard this packet */
4382 } /* else skip this bad chunk and continue... */
4384 } /* switch (ch->chunk_type) */
4388 /* get the next chunk */
4389 *offset += SCTP_SIZE32(chk_length);
4390 if (*offset >= length) {
4391 /* no more data left in the mbuf chain */
4394 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4395 sizeof(struct sctp_chunkhdr), chunk_buf);
4398 SCTP_TCB_UNLOCK(locked_tcb);
4408 * Process the ECN bits we have something set so we must look to see if it is
4409 * ECN(0) or ECN(1) or CE
4411 static __inline void
4412 sctp_process_ecn_marked_a(struct sctp_tcb *stcb, struct sctp_nets *net,
4415 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4417 } else if ((ecn_bits & SCTP_ECT1_BIT) == SCTP_ECT1_BIT) {
4419 * we only add to the nonce sum for ECT1, ECT0 does not
4420 * change the NS bit (that we have yet to find a way to send
4424 /* ECN Nonce stuff */
4425 stcb->asoc.receiver_nonce_sum++;
4426 stcb->asoc.receiver_nonce_sum &= SCTP_SACK_NONCE_SUM;
4429 * Drag up the last_echo point if cumack is larger since we
4430 * don't want the point falling way behind by more than
4431 * 2^^31 and then having it be incorrect.
4433 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4434 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4435 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4437 } else if ((ecn_bits & SCTP_ECT0_BIT) == SCTP_ECT0_BIT) {
4439 * Drag up the last_echo point if cumack is larger since we
4440 * don't want the point falling way behind by more than
4441 * 2^^31 and then having it be incorrect.
4443 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4444 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4445 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4450 static __inline void
4451 sctp_process_ecn_marked_b(struct sctp_tcb *stcb, struct sctp_nets *net,
4452 uint32_t high_tsn, uint8_t ecn_bits)
4454 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4456 * we possibly must notify the sender that a congestion
4457 * window reduction is in order. We do this by adding a ECNE
4458 * chunk to the output chunk queue. The incoming CWR will
4459 * remove this chunk.
4461 if (compare_with_wrap(high_tsn, stcb->asoc.last_echo_tsn,
4463 /* Yep, we need to add a ECNE */
4464 sctp_send_ecn_echo(stcb, net, high_tsn);
4465 stcb->asoc.last_echo_tsn = high_tsn;
4471 * common input chunk processing (v4 and v6)
4474 sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
4475 int length, struct sctphdr *sh, struct sctp_chunkhdr *ch,
4476 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
4480 * Control chunk processing
4483 int fwd_tsn_seen = 0, data_processed = 0;
4484 struct mbuf *m = *mm;
4488 SCTP_STAT_INCR(sctps_recvdatagrams);
4489 #ifdef SCTP_AUDITING_ENABLED
4490 sctp_audit_log(0xE0, 1);
4491 sctp_auditing(0, inp, stcb, net);
4495 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4496 printf("Ok, Common input processing called, m:%p iphlen:%d offset:%d\n",
4499 #endif /* SCTP_DEBUG */
4502 /* always clear this before beginning a packet */
4503 stcb->asoc.authenticated = 0;
4504 stcb->asoc.seen_a_sack_this_pkt = 0;
4506 if (IS_SCTP_CONTROL(ch)) {
4507 /* process the control portion of the SCTP packet */
4508 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
4509 inp, stcb, &net, &fwd_tsn_seen);
4512 * This covers us if the cookie-echo was there and
4513 * it changes our INP.
4515 inp = stcb->sctp_ep;
4519 * no control chunks, so pre-process DATA chunks (these
4520 * checks are taken care of by control processing)
4524 * if DATA only packet, and auth is required, then punt...
4525 * can't have authenticated without any AUTH (control)
4528 if ((stcb != NULL) && !sctp_auth_disable &&
4529 sctp_auth_is_required_chunk(SCTP_DATA,
4530 stcb->asoc.local_auth_chunks)) {
4531 /* "silently" ignore */
4532 SCTP_STAT_INCR(sctps_recvauthmissing);
4533 SCTP_TCB_UNLOCK(stcb);
4537 /* out of the blue DATA chunk */
4538 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4541 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) {
4542 /* v_tag mismatch! */
4543 SCTP_STAT_INCR(sctps_badvtag);
4544 SCTP_TCB_UNLOCK(stcb);
4551 * no valid TCB for this packet, or we found it's a bad
4552 * packet while processing control, or we're done with this
4553 * packet (done or skip rest of data), so we drop it...
4558 * DATA chunk processing
4560 /* plow through the data chunks while length > offset */
4563 * Rest should be DATA only. Check authentication state if AUTH for
4566 if ((length > offset) && (stcb != NULL) && !sctp_auth_disable &&
4567 sctp_auth_is_required_chunk(SCTP_DATA,
4568 stcb->asoc.local_auth_chunks) &&
4569 !stcb->asoc.authenticated) {
4570 /* "silently" ignore */
4571 SCTP_STAT_INCR(sctps_recvauthmissing);
4573 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
4574 printf("Data chunk requires AUTH, skipped\n");
4578 if (length > offset) {
4582 * First check to make sure our state is correct. We would
4583 * not get here unless we really did have a tag, so we don't
4584 * abort if this happens, just dump the chunk silently.
4586 switch (SCTP_GET_STATE(&stcb->asoc)) {
4587 case SCTP_STATE_COOKIE_ECHOED:
4589 * we consider data with valid tags in this state
4590 * shows us the cookie-ack was lost. Imply it was
4593 stcb->asoc.overall_error_count = 0;
4594 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
4596 case SCTP_STATE_COOKIE_WAIT:
4598 * We consider OOTB any data sent during asoc setup.
4600 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4601 SCTP_TCB_UNLOCK(stcb);
4604 case SCTP_STATE_EMPTY: /* should not happen */
4605 case SCTP_STATE_INUSE: /* should not happen */
4606 case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */
4607 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4609 SCTP_TCB_UNLOCK(stcb);
4612 case SCTP_STATE_OPEN:
4613 case SCTP_STATE_SHUTDOWN_SENT:
4616 /* take care of ECN, part 1. */
4617 if (stcb->asoc.ecn_allowed &&
4618 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4619 sctp_process_ecn_marked_a(stcb, net, ecn_bits);
4621 /* plow through the data chunks while length > offset */
4622 retval = sctp_process_data(mm, iphlen, &offset, length, sh,
4623 inp, stcb, net, &high_tsn);
4626 * The association aborted, NO UNLOCK needed since
4627 * the association is destroyed.
4633 /* take care of ecn part 2. */
4634 if (stcb->asoc.ecn_allowed &&
4635 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4636 sctp_process_ecn_marked_b(stcb, net, high_tsn,
4641 * Anything important needs to have been m_copy'ed in
4645 if ((data_processed == 0) && (fwd_tsn_seen)) {
4648 if (compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
4649 stcb->asoc.cumulative_tsn, MAX_TSN)) {
4650 /* there was a gap before this data was processed */
4653 sctp_sack_check(stcb, 1, was_a_gap, &abort_flag);
4655 /* Again, we aborted so NO UNLOCK needed */
4659 /* trigger send of any chunks in queue... */
4661 #ifdef SCTP_AUDITING_ENABLED
4662 sctp_audit_log(0xE0, 2);
4663 sctp_auditing(1, inp, stcb, net);
4666 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4667 printf("Check for chunk output prw:%d tqe:%d tf=%d\n",
4668 stcb->asoc.peers_rwnd,
4669 TAILQ_EMPTY(&stcb->asoc.control_send_queue),
4670 stcb->asoc.total_flight);
4673 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight);
4675 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue) ||
4677 (stcb->asoc.peers_rwnd > 0 ||
4678 (stcb->asoc.peers_rwnd <= 0 && stcb->asoc.total_flight == 0)))) {
4680 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4681 printf("Calling chunk OUTPUT\n");
4684 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
4686 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4687 printf("chunk OUTPUT returns\n");
4691 #ifdef SCTP_AUDITING_ENABLED
4692 sctp_audit_log(0xE0, 3);
4693 sctp_auditing(2, inp, stcb, net);
4695 SCTP_TCB_UNLOCK(stcb);
4702 sctp_input(i_pak, off)
4707 #ifdef SCTP_MBUF_LOGGING
4717 struct sctp_inpcb *inp = NULL;
4719 uint32_t check, calc_check;
4720 struct sctp_nets *net;
4721 struct sctp_tcb *stcb = NULL;
4722 struct sctp_chunkhdr *ch;
4723 int refcount_up = 0;
4724 int length, mlen, offset;
4726 vrf_id = SCTP_DEFAULT_VRFID;
4727 mlen = SCTP_HEADER_LEN(i_pak);
4729 m = SCTP_HEADER_TO_CHAIN(i_pak);
4731 SCTP_STAT_INCR(sctps_recvpackets);
4732 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
4734 #ifdef SCTP_MBUF_LOGGING
4735 /* Log in any input mbufs */
4738 if (SCTP_BUF_IS_EXTENDED(mat)) {
4739 sctp_log_mb(mat, SCTP_MBUF_INPUT);
4741 mat = SCTP_BUF_NEXT(mat);
4746 * Get IP, SCTP, and first chunk header together in first mbuf.
4748 ip = mtod(m, struct ip *);
4749 offset = iphlen + sizeof(*sh) + sizeof(*ch);
4750 if (SCTP_BUF_LEN(m) < offset) {
4751 if ((m = m_pullup(m, offset)) == 0) {
4752 SCTP_STAT_INCR(sctps_hdrops);
4755 ip = mtod(m, struct ip *);
4757 sh = (struct sctphdr *)((caddr_t)ip + iphlen);
4758 ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(*sh));
4760 /* SCTP does not allow broadcasts or multicasts */
4761 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
4764 if (SCTP_IS_IT_BROADCAST(ip->ip_dst, m)) {
4766 * We only look at broadcast if its a front state, All
4767 * others we will not have a tcb for anyway.
4771 /* validate SCTP checksum */
4772 if ((sctp_no_csum_on_loopback == 0) || !SCTP_IS_IT_LOOPBACK(m)) {
4774 * we do NOT validate things from the loopback if the sysctl
4777 check = sh->checksum; /* save incoming checksum */
4778 if ((check == 0) && (sctp_no_csum_on_loopback)) {
4780 * special hook for where we got a local address
4781 * somehow routed across a non IFT_LOOP type
4784 if (ip->ip_src.s_addr == ip->ip_dst.s_addr)
4785 goto sctp_skip_csum_4;
4787 sh->checksum = 0; /* prepare for calc */
4788 calc_check = sctp_calculate_sum(m, &mlen, iphlen);
4789 if (calc_check != check) {
4791 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4792 printf("Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n",
4793 calc_check, check, m, mlen, iphlen);
4797 stcb = sctp_findassociation_addr(m, iphlen,
4798 offset - sizeof(*ch),
4799 sh, ch, &inp, &net, vrf_id);
4800 if ((inp) && (stcb)) {
4801 sctp_send_packet_dropped(stcb, net, m, iphlen, 1);
4802 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR);
4803 } else if ((inp != NULL) && (stcb == NULL)) {
4806 SCTP_STAT_INCR(sctps_badsum);
4807 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors);
4810 sh->checksum = calc_check;
4813 /* destination port of 0 is illegal, based on RFC2960. */
4814 if (sh->dest_port == 0) {
4815 SCTP_STAT_INCR(sctps_hdrops);
4818 /* validate mbuf chain length with IP payload length */
4819 if (mlen < (ip->ip_len - iphlen)) {
4820 SCTP_STAT_INCR(sctps_hdrops);
4824 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants
4825 * IP/SCTP/first chunk header...
4827 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch),
4828 sh, ch, &inp, &net, vrf_id);
4829 /* inp's ref-count increased && stcb locked */
4831 struct sctp_init_chunk *init_chk, chunk_buf;
4833 SCTP_STAT_INCR(sctps_noport);
4836 * we use the bandwidth limiting to protect against sending
4837 * too many ABORTS all at once. In this case these count the
4838 * same as an ICMP message.
4840 if (badport_bandlim(0) < 0)
4842 #endif /* ICMP_BANDLIM */
4844 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4845 printf("Sending a ABORT from packet entry!\n");
4848 if (ch->chunk_type == SCTP_INITIATION) {
4850 * we do a trick here to get the INIT tag, dig in
4851 * and get the tag from the INIT and put it in the
4854 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m,
4855 iphlen + sizeof(*sh), sizeof(*init_chk),
4856 (uint8_t *) & chunk_buf);
4857 if (init_chk != NULL)
4858 sh->v_tag = init_chk->init.initiate_tag;
4860 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
4861 sctp_send_shutdown_complete2(m, iphlen, sh);
4864 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
4867 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
4868 sctp_send_abort(m, iphlen, sh, 0, NULL);
4870 } else if (stcb == NULL) {
4875 * I very much doubt any of the IPSEC stuff will work but I have no
4876 * idea, so I will leave it in place.
4879 if (inp && ipsec4_in_reject(m, &inp->ip_inp.inp)) {
4880 ipsecstat.in_polvio++;
4881 SCTP_STAT_INCR(sctps_hdrops);
4889 * common chunk processing
4891 length = ip->ip_len + iphlen;
4892 offset -= sizeof(struct sctp_chunkhdr);
4894 ecn_bits = ip->ip_tos;
4896 sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
4897 inp, stcb, net, ecn_bits);
4898 /* inp's ref-count reduced && stcb unlocked */
4902 if ((inp) && (refcount_up)) {
4903 /* reduce ref-count */
4904 SCTP_INP_WLOCK(inp);
4905 SCTP_INP_DECR_REF(inp);
4906 SCTP_INP_WUNLOCK(inp);
4911 SCTP_TCB_UNLOCK(stcb);
4913 if ((inp) && (refcount_up)) {
4914 /* reduce ref-count */
4915 SCTP_INP_WLOCK(inp);
4916 SCTP_INP_DECR_REF(inp);
4917 SCTP_INP_WUNLOCK(inp);
projects / FreeBSD / FreeBSD.git / blob