2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_indata.h>
45 #include <netinet/sctp_uio.h>
46 #include <netinet/sctp_timer.h>
50 * NOTES: On the outbound side of things I need to check the sack timer to
51 * see if I should generate a sack into the chunk queue (if I have data to
52 * send that is and will be sending it .. for bundling.
54 * The callback in sctp_usrreq.c will get called when the socket is read from.
55 * This will cause sctp_service_queues() to get called on the top entry in
60 sctp_set_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
62 asoc->my_rwnd = sctp_calc_rwnd(stcb, asoc);
65 /* Calculate what the rwnd would be */
67 sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
72 * This is really set wrong with respect to a 1-2-m socket. Since
73 * the sb_cc is the count that everyone as put up. When we re-write
74 * sctp_soreceive then we will fix this so that ONLY this
75 * associations data is taken into account.
77 if (stcb->sctp_socket == NULL)
80 if (stcb->asoc.sb_cc == 0 &&
81 asoc->size_on_reasm_queue == 0 &&
82 asoc->size_on_all_streams == 0) {
83 /* Full rwnd granted */
84 calc = max(SCTP_SB_LIMIT_RCV(stcb->sctp_socket), SCTP_MINIMAL_RWND);
87 /* get actual space */
88 calc = (uint32_t) sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv);
91 * take out what has NOT been put on socket queue and we yet hold
94 calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_reasm_queue +
95 asoc->cnt_on_reasm_queue * MSIZE));
96 calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_all_streams +
97 asoc->cnt_on_all_streams * MSIZE));
103 /* what is the overhead of all these rwnd's */
104 calc = sctp_sbspace_sub(calc, stcb->asoc.my_rwnd_control_len);
106 * If the window gets too small due to ctrl-stuff, reduce it to 1,
107 * even it is 0. SWS engaged
109 if (calc < stcb->asoc.my_rwnd_control_len) {
118 * Build out our readq entry based on the incoming packet.
120 struct sctp_queued_to_read *
121 sctp_build_readq_entry(struct sctp_tcb *stcb,
122 struct sctp_nets *net,
123 uint32_t tsn, uint32_t ppid,
124 uint32_t context, uint16_t stream_no,
125 uint16_t stream_seq, uint8_t flags,
128 struct sctp_queued_to_read *read_queue_e = NULL;
130 sctp_alloc_a_readq(stcb, read_queue_e);
131 if (read_queue_e == NULL) {
134 read_queue_e->sinfo_stream = stream_no;
135 read_queue_e->sinfo_ssn = stream_seq;
136 read_queue_e->sinfo_flags = (flags << 8);
137 read_queue_e->sinfo_ppid = ppid;
138 read_queue_e->sinfo_context = context;
139 read_queue_e->sinfo_timetolive = 0;
140 read_queue_e->sinfo_tsn = tsn;
141 read_queue_e->sinfo_cumtsn = tsn;
142 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
143 read_queue_e->whoFrom = net;
144 read_queue_e->length = 0;
145 atomic_add_int(&net->ref_count, 1);
146 read_queue_e->data = dm;
147 read_queue_e->spec_flags = 0;
148 read_queue_e->tail_mbuf = NULL;
149 read_queue_e->aux_data = NULL;
150 read_queue_e->stcb = stcb;
151 read_queue_e->port_from = stcb->rport;
152 read_queue_e->do_not_ref_stcb = 0;
153 read_queue_e->end_added = 0;
154 read_queue_e->some_taken = 0;
155 read_queue_e->pdapi_aborted = 0;
157 return (read_queue_e);
162 * Build out our readq entry based on the incoming packet.
164 static struct sctp_queued_to_read *
165 sctp_build_readq_entry_chk(struct sctp_tcb *stcb,
166 struct sctp_tmit_chunk *chk)
168 struct sctp_queued_to_read *read_queue_e = NULL;
170 sctp_alloc_a_readq(stcb, read_queue_e);
171 if (read_queue_e == NULL) {
174 read_queue_e->sinfo_stream = chk->rec.data.stream_number;
175 read_queue_e->sinfo_ssn = chk->rec.data.stream_seq;
176 read_queue_e->sinfo_flags = (chk->rec.data.rcv_flags << 8);
177 read_queue_e->sinfo_ppid = chk->rec.data.payloadtype;
178 read_queue_e->sinfo_context = stcb->asoc.context;
179 read_queue_e->sinfo_timetolive = 0;
180 read_queue_e->sinfo_tsn = chk->rec.data.TSN_seq;
181 read_queue_e->sinfo_cumtsn = chk->rec.data.TSN_seq;
182 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
183 read_queue_e->whoFrom = chk->whoTo;
184 read_queue_e->aux_data = NULL;
185 read_queue_e->length = 0;
186 atomic_add_int(&chk->whoTo->ref_count, 1);
187 read_queue_e->data = chk->data;
188 read_queue_e->tail_mbuf = NULL;
189 read_queue_e->stcb = stcb;
190 read_queue_e->port_from = stcb->rport;
191 read_queue_e->spec_flags = 0;
192 read_queue_e->do_not_ref_stcb = 0;
193 read_queue_e->end_added = 0;
194 read_queue_e->some_taken = 0;
195 read_queue_e->pdapi_aborted = 0;
197 return (read_queue_e);
202 sctp_build_ctl_nchunk(struct sctp_inpcb *inp, struct sctp_sndrcvinfo *sinfo)
204 struct sctp_extrcvinfo *seinfo;
205 struct sctp_sndrcvinfo *outinfo;
206 struct sctp_rcvinfo *rcvinfo;
207 struct sctp_nxtinfo *nxtinfo;
214 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) &&
215 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) &&
216 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) {
217 /* user does not want any ancillary data */
221 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
222 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
224 seinfo = (struct sctp_extrcvinfo *)sinfo;
225 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO) &&
226 (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_AVAIL)) {
228 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
232 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
233 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) {
235 len += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
238 len += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
244 ret = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
249 SCTP_BUF_LEN(ret) = 0;
251 /* We need a CMSG header followed by the struct */
252 cmh = mtod(ret, struct cmsghdr *);
254 * Make sure that there is no un-initialized padding between the
255 * cmsg header and cmsg data and after the cmsg data.
258 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
259 cmh->cmsg_level = IPPROTO_SCTP;
260 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo));
261 cmh->cmsg_type = SCTP_RCVINFO;
262 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmh);
263 rcvinfo->rcv_sid = sinfo->sinfo_stream;
264 rcvinfo->rcv_ssn = sinfo->sinfo_ssn;
265 rcvinfo->rcv_flags = sinfo->sinfo_flags;
266 rcvinfo->rcv_ppid = sinfo->sinfo_ppid;
267 rcvinfo->rcv_tsn = sinfo->sinfo_tsn;
268 rcvinfo->rcv_cumtsn = sinfo->sinfo_cumtsn;
269 rcvinfo->rcv_context = sinfo->sinfo_context;
270 rcvinfo->rcv_assoc_id = sinfo->sinfo_assoc_id;
271 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_rcvinfo)));
272 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
275 cmh->cmsg_level = IPPROTO_SCTP;
276 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_nxtinfo));
277 cmh->cmsg_type = SCTP_NXTINFO;
278 nxtinfo = (struct sctp_nxtinfo *)CMSG_DATA(cmh);
279 nxtinfo->nxt_sid = seinfo->sreinfo_next_stream;
280 nxtinfo->nxt_flags = 0;
281 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_IS_UNORDERED) {
282 nxtinfo->nxt_flags |= SCTP_UNORDERED;
284 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_IS_NOTIFICATION) {
285 nxtinfo->nxt_flags |= SCTP_NOTIFICATION;
287 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_ISCOMPLETE) {
288 nxtinfo->nxt_flags |= SCTP_COMPLETE;
290 nxtinfo->nxt_ppid = seinfo->sreinfo_next_ppid;
291 nxtinfo->nxt_length = seinfo->sreinfo_next_length;
292 nxtinfo->nxt_assoc_id = seinfo->sreinfo_next_aid;
293 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_nxtinfo)));
294 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_nxtinfo));
296 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
297 cmh->cmsg_level = IPPROTO_SCTP;
298 outinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmh);
300 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_extrcvinfo));
301 cmh->cmsg_type = SCTP_EXTRCV;
302 memcpy(outinfo, sinfo, sizeof(struct sctp_extrcvinfo));
303 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
305 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
306 cmh->cmsg_type = SCTP_SNDRCV;
308 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
316 sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn)
318 uint32_t gap, i, cumackp1;
321 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
324 cumackp1 = asoc->cumulative_tsn + 1;
325 if (SCTP_TSN_GT(cumackp1, tsn)) {
327 * this tsn is behind the cum ack and thus we don't need to
328 * worry about it being moved from one to the other.
332 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
333 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
334 SCTP_PRINTF("gap:%x tsn:%x\n", gap, tsn);
335 sctp_print_mapping_array(asoc);
337 panic("Things are really messed up now!!");
340 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
341 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
342 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
343 asoc->highest_tsn_inside_nr_map = tsn;
345 if (tsn == asoc->highest_tsn_inside_map) {
346 /* We must back down to see what the new highest is */
347 for (i = tsn - 1; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
348 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
349 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
350 asoc->highest_tsn_inside_map = i;
356 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
363 * We are delivering currently from the reassembly queue. We must continue to
364 * deliver until we either: 1) run out of space. 2) run out of sequential
365 * TSN's 3) hit the SCTP_DATA_LAST_FRAG flag.
368 sctp_service_reassembly(struct sctp_tcb *stcb, struct sctp_association *asoc)
370 struct sctp_tmit_chunk *chk, *nchk;
375 struct sctp_queued_to_read *control, *ctl, *nctl;
380 cntDel = stream_no = 0;
381 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
382 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
383 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
384 /* socket above is long gone or going.. */
386 asoc->fragmented_delivery_inprogress = 0;
387 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
388 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
389 asoc->size_on_reasm_queue -= chk->send_size;
390 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
392 * Lose the data pointer, since its in the socket
396 sctp_m_freem(chk->data);
399 /* Now free the address and data */
400 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
401 /* sa_ignore FREED_MEMORY */
405 SCTP_TCB_LOCK_ASSERT(stcb);
406 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
407 if (chk->rec.data.TSN_seq != (asoc->tsn_last_delivered + 1)) {
408 /* Can't deliver more :< */
411 stream_no = chk->rec.data.stream_number;
412 nxt_todel = asoc->strmin[stream_no].last_sequence_delivered + 1;
413 if (nxt_todel != chk->rec.data.stream_seq &&
414 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
416 * Not the next sequence to deliver in its stream OR
421 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
423 control = sctp_build_readq_entry_chk(stcb, chk);
424 if (control == NULL) {
428 /* save it off for our future deliveries */
429 stcb->asoc.control_pdapi = control;
430 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
434 sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq);
435 sctp_add_to_readq(stcb->sctp_ep,
436 stcb, control, &stcb->sctp_socket->so_rcv, end,
437 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
440 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
444 sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq);
445 if (sctp_append_to_readq(stcb->sctp_ep, stcb,
446 stcb->asoc.control_pdapi,
447 chk->data, end, chk->rec.data.TSN_seq,
448 &stcb->sctp_socket->so_rcv)) {
450 * something is very wrong, either
451 * control_pdapi is NULL, or the tail_mbuf
452 * is corrupt, or there is a EOM already on
455 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
459 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
460 panic("This should not happen control_pdapi NULL?");
462 /* if we did not panic, it was a EOM */
463 panic("Bad chunking ??");
465 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
466 SCTP_PRINTF("This should not happen control_pdapi NULL?\n");
468 SCTP_PRINTF("Bad chunking ??\n");
469 SCTP_PRINTF("Dumping re-assembly queue this will probably hose the association\n");
477 /* pull it we did it */
478 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
479 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
480 asoc->fragmented_delivery_inprogress = 0;
481 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
482 asoc->strmin[stream_no].last_sequence_delivered++;
484 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
485 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
487 } else if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
489 * turn the flag back on since we just delivered
492 asoc->fragmented_delivery_inprogress = 1;
494 asoc->tsn_of_pdapi_last_delivered = chk->rec.data.TSN_seq;
495 asoc->last_flags_delivered = chk->rec.data.rcv_flags;
496 asoc->last_strm_seq_delivered = chk->rec.data.stream_seq;
497 asoc->last_strm_no_delivered = chk->rec.data.stream_number;
499 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
500 asoc->size_on_reasm_queue -= chk->send_size;
501 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
502 /* free up the chk */
504 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
506 if (asoc->fragmented_delivery_inprogress == 0) {
508 * Now lets see if we can deliver the next one on
511 struct sctp_stream_in *strm;
513 strm = &asoc->strmin[stream_no];
514 nxt_todel = strm->last_sequence_delivered + 1;
515 TAILQ_FOREACH_SAFE(ctl, &strm->inqueue, next, nctl) {
516 /* Deliver more if we can. */
517 if (nxt_todel == ctl->sinfo_ssn) {
518 TAILQ_REMOVE(&strm->inqueue, ctl, next);
519 asoc->size_on_all_streams -= ctl->length;
520 sctp_ucount_decr(asoc->cnt_on_all_streams);
521 strm->last_sequence_delivered++;
522 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
523 sctp_add_to_readq(stcb->sctp_ep, stcb,
525 &stcb->sctp_socket->so_rcv, 1,
526 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
530 nxt_todel = strm->last_sequence_delivered + 1;
538 * Queue the chunk either right into the socket buffer if it is the next one
539 * to go OR put it in the correct place in the delivery queue. If we do
540 * append to the so_buf, keep doing so until we are out of order. One big
541 * question still remains, what to do when the socket buffer is FULL??
544 sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc,
545 struct sctp_queued_to_read *control, int *abort_flag)
548 * FIX-ME maybe? What happens when the ssn wraps? If we are getting
549 * all the data in one stream this could happen quite rapidly. One
550 * could use the TSN to keep track of things, but this scheme breaks
551 * down in the other type of stream useage that could occur. Send a
552 * single msg to stream 0, send 4Billion messages to stream 1, now
553 * send a message to stream 0. You have a situation where the TSN
554 * has wrapped but not in the stream. Is this worth worrying about
555 * or should we just change our queue sort at the bottom to be by
558 * Could it also be legal for a peer to send ssn 1 with TSN 2 and ssn 2
559 * with TSN 1? If the peer is doing some sort of funky TSN/SSN
560 * assignment this could happen... and I don't see how this would be
561 * a violation. So for now I am undecided an will leave the sort by
562 * SSN alone. Maybe a hybred approach is the answer
565 struct sctp_stream_in *strm;
566 struct sctp_queued_to_read *at;
572 asoc->size_on_all_streams += control->length;
573 sctp_ucount_incr(asoc->cnt_on_all_streams);
574 strm = &asoc->strmin[control->sinfo_stream];
575 nxt_todel = strm->last_sequence_delivered + 1;
576 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
577 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INTO_STRD);
579 SCTPDBG(SCTP_DEBUG_INDATA1,
580 "queue to stream called for ssn:%u lastdel:%u nxt:%u\n",
581 (uint32_t) control->sinfo_stream,
582 (uint32_t) strm->last_sequence_delivered,
583 (uint32_t) nxt_todel);
584 if (SCTP_SSN_GE(strm->last_sequence_delivered, control->sinfo_ssn)) {
585 /* The incoming sseq is behind where we last delivered? */
586 SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ:%d delivered:%d from peer, Abort association\n",
587 control->sinfo_ssn, strm->last_sequence_delivered);
590 * throw it in the stream so it gets cleaned up in
591 * association destruction
593 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
594 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
595 0, M_NOWAIT, 1, MT_DATA);
597 struct sctp_paramhdr *ph;
600 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
601 (sizeof(uint32_t) * 3);
602 ph = mtod(oper, struct sctp_paramhdr *);
603 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
604 ph->param_length = htons(SCTP_BUF_LEN(oper));
605 ippp = (uint32_t *) (ph + 1);
606 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_1);
608 *ippp = control->sinfo_tsn;
610 *ippp = ((control->sinfo_stream << 16) | control->sinfo_ssn);
612 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1;
613 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
618 if (nxt_todel == control->sinfo_ssn) {
619 /* can be delivered right away? */
620 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
621 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_IMMED_DEL);
623 /* EY it wont be queued if it could be delivered directly */
625 asoc->size_on_all_streams -= control->length;
626 sctp_ucount_decr(asoc->cnt_on_all_streams);
627 strm->last_sequence_delivered++;
629 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
630 sctp_add_to_readq(stcb->sctp_ep, stcb,
632 &stcb->sctp_socket->so_rcv, 1,
633 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
634 TAILQ_FOREACH_SAFE(control, &strm->inqueue, next, at) {
636 nxt_todel = strm->last_sequence_delivered + 1;
637 if (nxt_todel == control->sinfo_ssn) {
638 TAILQ_REMOVE(&strm->inqueue, control, next);
639 asoc->size_on_all_streams -= control->length;
640 sctp_ucount_decr(asoc->cnt_on_all_streams);
641 strm->last_sequence_delivered++;
643 * We ignore the return of deliver_data here
644 * since we always can hold the chunk on the
645 * d-queue. And we have a finite number that
646 * can be delivered from the strq.
648 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
649 sctp_log_strm_del(control, NULL,
650 SCTP_STR_LOG_FROM_IMMED_DEL);
652 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
653 sctp_add_to_readq(stcb->sctp_ep, stcb,
655 &stcb->sctp_socket->so_rcv, 1,
656 SCTP_READ_LOCK_NOT_HELD,
665 * Ok, we did not deliver this guy, find the correct place
666 * to put it on the queue.
668 if (SCTP_TSN_GE(asoc->cumulative_tsn, control->sinfo_tsn)) {
671 if (TAILQ_EMPTY(&strm->inqueue)) {
673 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
674 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INSERT_HD);
676 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
678 TAILQ_FOREACH(at, &strm->inqueue, next) {
679 if (SCTP_SSN_GT(at->sinfo_ssn, control->sinfo_ssn)) {
681 * one in queue is bigger than the
682 * new one, insert before this one
684 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
685 sctp_log_strm_del(control, at,
686 SCTP_STR_LOG_FROM_INSERT_MD);
688 TAILQ_INSERT_BEFORE(at, control, next);
690 } else if (at->sinfo_ssn == control->sinfo_ssn) {
692 * Gak, He sent me a duplicate str
696 * foo bar, I guess I will just free
697 * this new guy, should we abort
698 * too? FIX ME MAYBE? Or it COULD be
699 * that the SSN's have wrapped.
700 * Maybe I should compare to TSN
701 * somehow... sigh for now just blow
706 sctp_m_freem(control->data);
707 control->data = NULL;
708 asoc->size_on_all_streams -= control->length;
709 sctp_ucount_decr(asoc->cnt_on_all_streams);
710 if (control->whoFrom) {
711 sctp_free_remote_addr(control->whoFrom);
712 control->whoFrom = NULL;
714 sctp_free_a_readq(stcb, control);
717 if (TAILQ_NEXT(at, next) == NULL) {
719 * We are at the end, insert
722 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
723 sctp_log_strm_del(control, at,
724 SCTP_STR_LOG_FROM_INSERT_TL);
726 TAILQ_INSERT_AFTER(&strm->inqueue,
737 * Returns two things: You get the total size of the deliverable parts of the
738 * first fragmented message on the reassembly queue. And you get a 1 back if
739 * all of the message is ready or a 0 back if the message is still incomplete
742 sctp_is_all_msg_on_reasm(struct sctp_association *asoc, uint32_t * t_size)
744 struct sctp_tmit_chunk *chk;
748 chk = TAILQ_FIRST(&asoc->reasmqueue);
750 /* nothing on the queue */
753 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
754 /* Not a first on the queue */
757 tsn = chk->rec.data.TSN_seq;
758 TAILQ_FOREACH(chk, &asoc->reasmqueue, sctp_next) {
759 if (tsn != chk->rec.data.TSN_seq) {
762 *t_size += chk->send_size;
763 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
772 sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc)
774 struct sctp_tmit_chunk *chk;
776 uint32_t tsize, pd_point;
779 chk = TAILQ_FIRST(&asoc->reasmqueue);
782 asoc->size_on_reasm_queue = 0;
783 asoc->cnt_on_reasm_queue = 0;
786 if (asoc->fragmented_delivery_inprogress == 0) {
788 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
789 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
790 (nxt_todel == chk->rec.data.stream_seq ||
791 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
793 * Yep the first one is here and its ok to deliver
796 if (stcb->sctp_socket) {
797 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket) >> SCTP_PARTIAL_DELIVERY_SHIFT,
798 stcb->sctp_ep->partial_delivery_point);
800 pd_point = stcb->sctp_ep->partial_delivery_point;
802 if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) {
804 * Yes, we setup to start reception, by
805 * backing down the TSN just in case we
806 * can't deliver. If we
808 asoc->fragmented_delivery_inprogress = 1;
809 asoc->tsn_last_delivered =
810 chk->rec.data.TSN_seq - 1;
812 chk->rec.data.stream_number;
813 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
814 asoc->pdapi_ppid = chk->rec.data.payloadtype;
815 asoc->fragment_flags = chk->rec.data.rcv_flags;
816 sctp_service_reassembly(stcb, asoc);
821 * Service re-assembly will deliver stream data queued at
822 * the end of fragmented delivery.. but it wont know to go
823 * back and call itself again... we do that here with the
826 sctp_service_reassembly(stcb, asoc);
827 if (asoc->fragmented_delivery_inprogress == 0) {
829 * finished our Fragmented delivery, could be more
838 * Dump onto the re-assembly queue, in its proper place. After dumping on the
839 * queue, see if anthing can be delivered. If so pull it off (or as much as
840 * we can. If we run out of space then we must dump what we can and set the
841 * appropriate flag to say we queued what we could.
844 sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struct sctp_association *asoc,
845 struct sctp_tmit_chunk *chk, int *abort_flag)
848 uint32_t cum_ackp1, prev_tsn, post_tsn;
849 struct sctp_tmit_chunk *at, *prev, *next;
852 cum_ackp1 = asoc->tsn_last_delivered + 1;
853 if (TAILQ_EMPTY(&asoc->reasmqueue)) {
854 /* This is the first one on the queue */
855 TAILQ_INSERT_HEAD(&asoc->reasmqueue, chk, sctp_next);
857 * we do not check for delivery of anything when only one
860 asoc->size_on_reasm_queue = chk->send_size;
861 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
862 if (chk->rec.data.TSN_seq == cum_ackp1) {
863 if (asoc->fragmented_delivery_inprogress == 0 &&
864 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) !=
865 SCTP_DATA_FIRST_FRAG) {
867 * An empty queue, no delivery inprogress,
868 * we hit the next one and it does NOT have
869 * a FIRST fragment mark.
871 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not first, no fragmented delivery in progress\n");
872 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
873 0, M_NOWAIT, 1, MT_DATA);
876 struct sctp_paramhdr *ph;
880 sizeof(struct sctp_paramhdr) +
881 (sizeof(uint32_t) * 3);
882 ph = mtod(oper, struct sctp_paramhdr *);
884 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
885 ph->param_length = htons(SCTP_BUF_LEN(oper));
886 ippp = (uint32_t *) (ph + 1);
887 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_2);
889 *ippp = chk->rec.data.TSN_seq;
891 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
894 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2;
895 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
897 } else if (asoc->fragmented_delivery_inprogress &&
898 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
900 * We are doing a partial delivery and the
901 * NEXT chunk MUST be either the LAST or
902 * MIDDLE fragment NOT a FIRST
904 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS a first and fragmented delivery in progress\n");
905 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
906 0, M_NOWAIT, 1, MT_DATA);
908 struct sctp_paramhdr *ph;
912 sizeof(struct sctp_paramhdr) +
913 (3 * sizeof(uint32_t));
914 ph = mtod(oper, struct sctp_paramhdr *);
916 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
917 ph->param_length = htons(SCTP_BUF_LEN(oper));
918 ippp = (uint32_t *) (ph + 1);
919 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_3);
921 *ippp = chk->rec.data.TSN_seq;
923 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
925 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3;
926 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
928 } else if (asoc->fragmented_delivery_inprogress) {
930 * Here we are ok with a MIDDLE or LAST
933 if (chk->rec.data.stream_number !=
934 asoc->str_of_pdapi) {
935 /* Got to be the right STR No */
936 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream number %d vs %d\n",
937 chk->rec.data.stream_number,
939 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
940 0, M_NOWAIT, 1, MT_DATA);
942 struct sctp_paramhdr *ph;
946 sizeof(struct sctp_paramhdr) +
947 (sizeof(uint32_t) * 3);
949 struct sctp_paramhdr *);
951 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
953 htons(SCTP_BUF_LEN(oper));
954 ippp = (uint32_t *) (ph + 1);
955 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_4);
957 *ippp = chk->rec.data.TSN_seq;
959 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
961 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_4;
962 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
964 } else if ((asoc->fragment_flags & SCTP_DATA_UNORDERED) !=
965 SCTP_DATA_UNORDERED &&
966 chk->rec.data.stream_seq != asoc->ssn_of_pdapi) {
967 /* Got to be the right STR Seq */
968 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream seq %d vs %d\n",
969 chk->rec.data.stream_seq,
971 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
972 0, M_NOWAIT, 1, MT_DATA);
974 struct sctp_paramhdr *ph;
978 sizeof(struct sctp_paramhdr) +
979 (3 * sizeof(uint32_t));
981 struct sctp_paramhdr *);
983 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
985 htons(SCTP_BUF_LEN(oper));
986 ippp = (uint32_t *) (ph + 1);
987 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_5);
989 *ippp = chk->rec.data.TSN_seq;
991 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
994 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_5;
995 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1002 /* Find its place */
1003 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1004 if (SCTP_TSN_GT(at->rec.data.TSN_seq, chk->rec.data.TSN_seq)) {
1006 * one in queue is bigger than the new one, insert
1010 asoc->size_on_reasm_queue += chk->send_size;
1011 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1013 TAILQ_INSERT_BEFORE(at, chk, sctp_next);
1015 } else if (at->rec.data.TSN_seq == chk->rec.data.TSN_seq) {
1016 /* Gak, He sent me a duplicate str seq number */
1018 * foo bar, I guess I will just free this new guy,
1019 * should we abort too? FIX ME MAYBE? Or it COULD be
1020 * that the SSN's have wrapped. Maybe I should
1021 * compare to TSN somehow... sigh for now just blow
1025 sctp_m_freem(chk->data);
1028 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
1032 if (TAILQ_NEXT(at, sctp_next) == NULL) {
1034 * We are at the end, insert it after this
1037 /* check it first */
1038 asoc->size_on_reasm_queue += chk->send_size;
1039 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1040 TAILQ_INSERT_AFTER(&asoc->reasmqueue, at, chk, sctp_next);
1045 /* Now the audits */
1047 prev_tsn = chk->rec.data.TSN_seq - 1;
1048 if (prev_tsn == prev->rec.data.TSN_seq) {
1050 * Ok the one I am dropping onto the end is the
1051 * NEXT. A bit of valdiation here.
1053 if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1054 SCTP_DATA_FIRST_FRAG ||
1055 (prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1056 SCTP_DATA_MIDDLE_FRAG) {
1058 * Insert chk MUST be a MIDDLE or LAST
1061 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1062 SCTP_DATA_FIRST_FRAG) {
1063 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - It can be a midlle or last but not a first\n");
1064 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it's a FIRST!\n");
1065 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1066 0, M_NOWAIT, 1, MT_DATA);
1068 struct sctp_paramhdr *ph;
1071 SCTP_BUF_LEN(oper) =
1072 sizeof(struct sctp_paramhdr) +
1073 (3 * sizeof(uint32_t));
1075 struct sctp_paramhdr *);
1077 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1079 htons(SCTP_BUF_LEN(oper));
1080 ippp = (uint32_t *) (ph + 1);
1081 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_6);
1083 *ippp = chk->rec.data.TSN_seq;
1085 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1088 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_6;
1089 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1093 if (chk->rec.data.stream_number !=
1094 prev->rec.data.stream_number) {
1096 * Huh, need the correct STR here,
1097 * they must be the same.
1099 SCTP_PRINTF("Prev check - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1100 chk->rec.data.stream_number,
1101 prev->rec.data.stream_number);
1102 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1103 0, M_NOWAIT, 1, MT_DATA);
1105 struct sctp_paramhdr *ph;
1108 SCTP_BUF_LEN(oper) =
1109 sizeof(struct sctp_paramhdr) +
1110 (3 * sizeof(uint32_t));
1112 struct sctp_paramhdr *);
1114 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1116 htons(SCTP_BUF_LEN(oper));
1117 ippp = (uint32_t *) (ph + 1);
1118 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_7);
1120 *ippp = chk->rec.data.TSN_seq;
1122 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1124 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_7;
1125 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1129 if ((prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1130 chk->rec.data.stream_seq !=
1131 prev->rec.data.stream_seq) {
1133 * Huh, need the correct STR here,
1134 * they must be the same.
1136 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1137 chk->rec.data.stream_seq,
1138 prev->rec.data.stream_seq);
1139 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1140 0, M_NOWAIT, 1, MT_DATA);
1142 struct sctp_paramhdr *ph;
1145 SCTP_BUF_LEN(oper) =
1146 sizeof(struct sctp_paramhdr) +
1147 (3 * sizeof(uint32_t));
1149 struct sctp_paramhdr *);
1151 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1153 htons(SCTP_BUF_LEN(oper));
1154 ippp = (uint32_t *) (ph + 1);
1155 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_8);
1157 *ippp = chk->rec.data.TSN_seq;
1159 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1161 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_8;
1162 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1166 } else if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1167 SCTP_DATA_LAST_FRAG) {
1168 /* Insert chk MUST be a FIRST */
1169 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1170 SCTP_DATA_FIRST_FRAG) {
1171 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, evil plot, its not FIRST and it must be!\n");
1172 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1173 0, M_NOWAIT, 1, MT_DATA);
1175 struct sctp_paramhdr *ph;
1178 SCTP_BUF_LEN(oper) =
1179 sizeof(struct sctp_paramhdr) +
1180 (3 * sizeof(uint32_t));
1182 struct sctp_paramhdr *);
1184 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1186 htons(SCTP_BUF_LEN(oper));
1187 ippp = (uint32_t *) (ph + 1);
1188 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
1190 *ippp = chk->rec.data.TSN_seq;
1192 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1195 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_9;
1196 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1204 post_tsn = chk->rec.data.TSN_seq + 1;
1205 if (post_tsn == next->rec.data.TSN_seq) {
1207 * Ok the one I am inserting ahead of is my NEXT
1208 * one. A bit of valdiation here.
1210 if (next->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
1211 /* Insert chk MUST be a last fragment */
1212 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK)
1213 != SCTP_DATA_LAST_FRAG) {
1214 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is FIRST, we must be LAST\n");
1215 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not a last!\n");
1216 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1217 0, M_NOWAIT, 1, MT_DATA);
1219 struct sctp_paramhdr *ph;
1222 SCTP_BUF_LEN(oper) =
1223 sizeof(struct sctp_paramhdr) +
1224 (3 * sizeof(uint32_t));
1226 struct sctp_paramhdr *);
1228 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1230 htons(SCTP_BUF_LEN(oper));
1231 ippp = (uint32_t *) (ph + 1);
1232 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_10);
1234 *ippp = chk->rec.data.TSN_seq;
1236 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1238 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_10;
1239 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1243 } else if ((next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1244 SCTP_DATA_MIDDLE_FRAG ||
1245 (next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1246 SCTP_DATA_LAST_FRAG) {
1248 * Insert chk CAN be MIDDLE or FIRST NOT
1251 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1252 SCTP_DATA_LAST_FRAG) {
1253 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is a MIDDLE/LAST\n");
1254 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, new prev chunk is a LAST\n");
1255 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1256 0, M_NOWAIT, 1, MT_DATA);
1258 struct sctp_paramhdr *ph;
1261 SCTP_BUF_LEN(oper) =
1262 sizeof(struct sctp_paramhdr) +
1263 (3 * sizeof(uint32_t));
1265 struct sctp_paramhdr *);
1267 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1269 htons(SCTP_BUF_LEN(oper));
1270 ippp = (uint32_t *) (ph + 1);
1271 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_11);
1273 *ippp = chk->rec.data.TSN_seq;
1275 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1278 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_11;
1279 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1283 if (chk->rec.data.stream_number !=
1284 next->rec.data.stream_number) {
1286 * Huh, need the correct STR here,
1287 * they must be the same.
1289 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1290 chk->rec.data.stream_number,
1291 next->rec.data.stream_number);
1292 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1293 0, M_NOWAIT, 1, MT_DATA);
1295 struct sctp_paramhdr *ph;
1298 SCTP_BUF_LEN(oper) =
1299 sizeof(struct sctp_paramhdr) +
1300 (3 * sizeof(uint32_t));
1302 struct sctp_paramhdr *);
1304 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1306 htons(SCTP_BUF_LEN(oper));
1307 ippp = (uint32_t *) (ph + 1);
1308 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_12);
1310 *ippp = chk->rec.data.TSN_seq;
1312 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1315 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_12;
1316 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1320 if ((next->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1321 chk->rec.data.stream_seq !=
1322 next->rec.data.stream_seq) {
1324 * Huh, need the correct STR here,
1325 * they must be the same.
1327 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1328 chk->rec.data.stream_seq,
1329 next->rec.data.stream_seq);
1330 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1331 0, M_NOWAIT, 1, MT_DATA);
1333 struct sctp_paramhdr *ph;
1336 SCTP_BUF_LEN(oper) =
1337 sizeof(struct sctp_paramhdr) +
1338 (3 * sizeof(uint32_t));
1340 struct sctp_paramhdr *);
1342 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1344 htons(SCTP_BUF_LEN(oper));
1345 ippp = (uint32_t *) (ph + 1);
1346 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
1348 *ippp = chk->rec.data.TSN_seq;
1350 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1352 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_13;
1353 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1360 /* Do we need to do some delivery? check */
1361 sctp_deliver_reasm_check(stcb, asoc);
1365 * This is an unfortunate routine. It checks to make sure a evil guy is not
1366 * stuffing us full of bad packet fragments. A broken peer could also do this
1367 * but this is doubtful. It is to bad I must worry about evil crackers sigh
1371 sctp_does_tsn_belong_to_reasm(struct sctp_association *asoc,
1374 struct sctp_tmit_chunk *at;
1377 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1378 if (SCTP_TSN_GT(TSN_seq, at->rec.data.TSN_seq)) {
1379 /* is it one bigger? */
1380 tsn_est = at->rec.data.TSN_seq + 1;
1381 if (tsn_est == TSN_seq) {
1382 /* yep. It better be a last then */
1383 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1384 SCTP_DATA_LAST_FRAG) {
1386 * Ok this guy belongs next to a guy
1387 * that is NOT last, it should be a
1388 * middle/last, not a complete
1394 * This guy is ok since its a LAST
1395 * and the new chunk is a fully
1396 * self- contained one.
1401 } else if (TSN_seq == at->rec.data.TSN_seq) {
1402 /* Software error since I have a dup? */
1406 * Ok, 'at' is larger than new chunk but does it
1407 * need to be right before it.
1409 tsn_est = TSN_seq + 1;
1410 if (tsn_est == at->rec.data.TSN_seq) {
1411 /* Yep, It better be a first */
1412 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1413 SCTP_DATA_FIRST_FRAG) {
1425 sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc,
1426 struct mbuf **m, int offset, struct sctp_data_chunk *ch, int chk_length,
1427 struct sctp_nets *net, uint32_t * high_tsn, int *abort_flag,
1428 int *break_flag, int last_chunk)
1430 /* Process a data chunk */
1431 /* struct sctp_tmit_chunk *chk; */
1432 struct sctp_tmit_chunk *chk;
1436 int need_reasm_check = 0;
1437 uint16_t strmno, strmseq;
1439 struct sctp_queued_to_read *control;
1441 uint32_t protocol_id;
1442 uint8_t chunk_flags;
1443 struct sctp_stream_reset_list *liste;
1446 tsn = ntohl(ch->dp.tsn);
1447 chunk_flags = ch->ch.chunk_flags;
1448 if ((chunk_flags & SCTP_DATA_SACK_IMMEDIATELY) == SCTP_DATA_SACK_IMMEDIATELY) {
1449 asoc->send_sack = 1;
1451 protocol_id = ch->dp.protocol_id;
1452 ordered = ((chunk_flags & SCTP_DATA_UNORDERED) == 0);
1453 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
1454 sctp_log_map(tsn, asoc->cumulative_tsn, asoc->highest_tsn_inside_map, SCTP_MAP_TSN_ENTERS);
1459 SCTP_LTRACE_CHK(stcb->sctp_ep, stcb, ch->ch.chunk_type, tsn);
1460 if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) {
1461 /* It is a duplicate */
1462 SCTP_STAT_INCR(sctps_recvdupdata);
1463 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1464 /* Record a dup for the next outbound sack */
1465 asoc->dup_tsns[asoc->numduptsns] = tsn;
1468 asoc->send_sack = 1;
1471 /* Calculate the number of TSN's between the base and this TSN */
1472 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
1473 if (gap >= (SCTP_MAPPING_ARRAY << 3)) {
1474 /* Can't hold the bit in the mapping at max array, toss it */
1477 if (gap >= (uint32_t) (asoc->mapping_array_size << 3)) {
1478 SCTP_TCB_LOCK_ASSERT(stcb);
1479 if (sctp_expand_mapping_array(asoc, gap)) {
1480 /* Can't expand, drop it */
1484 if (SCTP_TSN_GT(tsn, *high_tsn)) {
1487 /* See if we have received this one already */
1488 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap) ||
1489 SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, gap)) {
1490 SCTP_STAT_INCR(sctps_recvdupdata);
1491 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1492 /* Record a dup for the next outbound sack */
1493 asoc->dup_tsns[asoc->numduptsns] = tsn;
1496 asoc->send_sack = 1;
1500 * Check to see about the GONE flag, duplicates would cause a sack
1501 * to be sent up above
1503 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
1504 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
1505 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET))
1508 * wait a minute, this guy is gone, there is no longer a
1509 * receiver. Send peer an ABORT!
1511 struct mbuf *op_err;
1513 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1514 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
1519 * Now before going further we see if there is room. If NOT then we
1520 * MAY let one through only IF this TSN is the one we are waiting
1521 * for on a partial delivery API.
1524 /* now do the tests */
1525 if (((asoc->cnt_on_all_streams +
1526 asoc->cnt_on_reasm_queue +
1527 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) ||
1528 (((int)asoc->my_rwnd) <= 0)) {
1530 * When we have NO room in the rwnd we check to make sure
1531 * the reader is doing its job...
1533 if (stcb->sctp_socket->so_rcv.sb_cc) {
1534 /* some to read, wake-up */
1535 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1538 so = SCTP_INP_SO(stcb->sctp_ep);
1539 atomic_add_int(&stcb->asoc.refcnt, 1);
1540 SCTP_TCB_UNLOCK(stcb);
1541 SCTP_SOCKET_LOCK(so, 1);
1542 SCTP_TCB_LOCK(stcb);
1543 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1544 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1545 /* assoc was freed while we were unlocked */
1546 SCTP_SOCKET_UNLOCK(so, 1);
1550 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
1551 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1552 SCTP_SOCKET_UNLOCK(so, 1);
1555 /* now is it in the mapping array of what we have accepted? */
1556 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map) &&
1557 SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1558 /* Nope not in the valid range dump it */
1559 sctp_set_rwnd(stcb, asoc);
1560 if ((asoc->cnt_on_all_streams +
1561 asoc->cnt_on_reasm_queue +
1562 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) {
1563 SCTP_STAT_INCR(sctps_datadropchklmt);
1565 SCTP_STAT_INCR(sctps_datadroprwnd);
1571 strmno = ntohs(ch->dp.stream_id);
1572 if (strmno >= asoc->streamincnt) {
1573 struct sctp_paramhdr *phdr;
1576 mb = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) * 2),
1577 0, M_NOWAIT, 1, MT_DATA);
1579 /* add some space up front so prepend will work well */
1580 SCTP_BUF_RESV_UF(mb, sizeof(struct sctp_chunkhdr));
1581 phdr = mtod(mb, struct sctp_paramhdr *);
1583 * Error causes are just param's and this one has
1584 * two back to back phdr, one with the error type
1585 * and size, the other with the streamid and a rsvd
1587 SCTP_BUF_LEN(mb) = (sizeof(struct sctp_paramhdr) * 2);
1588 phdr->param_type = htons(SCTP_CAUSE_INVALID_STREAM);
1589 phdr->param_length =
1590 htons(sizeof(struct sctp_paramhdr) * 2);
1592 /* We insert the stream in the type field */
1593 phdr->param_type = ch->dp.stream_id;
1594 /* And set the length to 0 for the rsvd field */
1595 phdr->param_length = 0;
1596 sctp_queue_op_err(stcb, mb);
1598 SCTP_STAT_INCR(sctps_badsid);
1599 SCTP_TCB_LOCK_ASSERT(stcb);
1600 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1601 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1602 asoc->highest_tsn_inside_nr_map = tsn;
1604 if (tsn == (asoc->cumulative_tsn + 1)) {
1605 /* Update cum-ack */
1606 asoc->cumulative_tsn = tsn;
1611 * Before we continue lets validate that we are not being fooled by
1612 * an evil attacker. We can only have 4k chunks based on our TSN
1613 * spread allowed by the mapping array 512 * 8 bits, so there is no
1614 * way our stream sequence numbers could have wrapped. We of course
1615 * only validate the FIRST fragment so the bit must be set.
1617 strmseq = ntohs(ch->dp.stream_sequence);
1618 #ifdef SCTP_ASOCLOG_OF_TSNS
1619 SCTP_TCB_LOCK_ASSERT(stcb);
1620 if (asoc->tsn_in_at >= SCTP_TSN_LOG_SIZE) {
1621 asoc->tsn_in_at = 0;
1622 asoc->tsn_in_wrapped = 1;
1624 asoc->in_tsnlog[asoc->tsn_in_at].tsn = tsn;
1625 asoc->in_tsnlog[asoc->tsn_in_at].strm = strmno;
1626 asoc->in_tsnlog[asoc->tsn_in_at].seq = strmseq;
1627 asoc->in_tsnlog[asoc->tsn_in_at].sz = chk_length;
1628 asoc->in_tsnlog[asoc->tsn_in_at].flgs = chunk_flags;
1629 asoc->in_tsnlog[asoc->tsn_in_at].stcb = (void *)stcb;
1630 asoc->in_tsnlog[asoc->tsn_in_at].in_pos = asoc->tsn_in_at;
1631 asoc->in_tsnlog[asoc->tsn_in_at].in_out = 1;
1634 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) &&
1635 (TAILQ_EMPTY(&asoc->resetHead)) &&
1636 (chunk_flags & SCTP_DATA_UNORDERED) == 0 &&
1637 SCTP_SSN_GE(asoc->strmin[strmno].last_sequence_delivered, strmseq)) {
1638 /* The incoming sseq is behind where we last delivered? */
1639 SCTPDBG(SCTP_DEBUG_INDATA1, "EVIL/Broken-Dup S-SEQ:%d delivered:%d from peer, Abort!\n",
1640 strmseq, asoc->strmin[strmno].last_sequence_delivered);
1641 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1642 0, M_NOWAIT, 1, MT_DATA);
1644 struct sctp_paramhdr *ph;
1647 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
1648 (3 * sizeof(uint32_t));
1649 ph = mtod(oper, struct sctp_paramhdr *);
1650 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1651 ph->param_length = htons(SCTP_BUF_LEN(oper));
1652 ippp = (uint32_t *) (ph + 1);
1653 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_14);
1657 *ippp = ((strmno << 16) | strmseq);
1660 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14;
1661 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1665 /************************************
1666 * From here down we may find ch-> invalid
1667 * so its a good idea NOT to use it.
1668 *************************************/
1670 the_len = (chk_length - sizeof(struct sctp_data_chunk));
1671 if (last_chunk == 0) {
1672 dmbuf = SCTP_M_COPYM(*m,
1673 (offset + sizeof(struct sctp_data_chunk)),
1675 #ifdef SCTP_MBUF_LOGGING
1676 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
1679 for (mat = dmbuf; mat; mat = SCTP_BUF_NEXT(mat)) {
1680 if (SCTP_BUF_IS_EXTENDED(mat)) {
1681 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
1687 /* We can steal the last chunk */
1691 /* lop off the top part */
1692 m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk)));
1693 if (SCTP_BUF_NEXT(dmbuf) == NULL) {
1694 l_len = SCTP_BUF_LEN(dmbuf);
1697 * need to count up the size hopefully does not hit
1703 for (lat = dmbuf; lat; lat = SCTP_BUF_NEXT(lat)) {
1704 l_len += SCTP_BUF_LEN(lat);
1707 if (l_len > the_len) {
1708 /* Trim the end round bytes off too */
1709 m_adj(dmbuf, -(l_len - the_len));
1712 if (dmbuf == NULL) {
1713 SCTP_STAT_INCR(sctps_nomem);
1716 if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG &&
1717 asoc->fragmented_delivery_inprogress == 0 &&
1718 TAILQ_EMPTY(&asoc->resetHead) &&
1720 ((uint16_t) (asoc->strmin[strmno].last_sequence_delivered + 1) == strmseq &&
1721 TAILQ_EMPTY(&asoc->strmin[strmno].inqueue)))) {
1722 /* Candidate for express delivery */
1724 * Its not fragmented, No PD-API is up, Nothing in the
1725 * delivery queue, Its un-ordered OR ordered and the next to
1726 * deliver AND nothing else is stuck on the stream queue,
1727 * And there is room for it in the socket buffer. Lets just
1728 * stuff it up the buffer....
1731 /* It would be nice to avoid this copy if we could :< */
1732 sctp_alloc_a_readq(stcb, control);
1733 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1738 if (control == NULL) {
1739 goto failed_express_del;
1741 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1742 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1743 asoc->highest_tsn_inside_nr_map = tsn;
1745 sctp_add_to_readq(stcb->sctp_ep, stcb,
1746 control, &stcb->sctp_socket->so_rcv,
1747 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
1749 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1750 /* for ordered, bump what we delivered */
1751 asoc->strmin[strmno].last_sequence_delivered++;
1753 SCTP_STAT_INCR(sctps_recvexpress);
1754 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
1755 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno,
1756 SCTP_STR_LOG_FROM_EXPRS_DEL);
1760 goto finish_express_del;
1763 /* If we reach here this is a new chunk */
1766 /* Express for fragmented delivery? */
1767 if ((asoc->fragmented_delivery_inprogress) &&
1768 (stcb->asoc.control_pdapi) &&
1769 (asoc->str_of_pdapi == strmno) &&
1770 (asoc->ssn_of_pdapi == strmseq)
1772 control = stcb->asoc.control_pdapi;
1773 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
1774 /* Can't be another first? */
1775 goto failed_pdapi_express_del;
1777 if (tsn == (control->sinfo_tsn + 1)) {
1778 /* Yep, we can add it on */
1781 if (chunk_flags & SCTP_DATA_LAST_FRAG) {
1784 if (sctp_append_to_readq(stcb->sctp_ep, stcb, control, dmbuf, end,
1786 &stcb->sctp_socket->so_rcv)) {
1787 SCTP_PRINTF("Append fails end:%d\n", end);
1788 goto failed_pdapi_express_del;
1790 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1791 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1792 asoc->highest_tsn_inside_nr_map = tsn;
1794 SCTP_STAT_INCR(sctps_recvexpressm);
1795 asoc->tsn_last_delivered = tsn;
1796 asoc->fragment_flags = chunk_flags;
1797 asoc->tsn_of_pdapi_last_delivered = tsn;
1798 asoc->last_flags_delivered = chunk_flags;
1799 asoc->last_strm_seq_delivered = strmseq;
1800 asoc->last_strm_no_delivered = strmno;
1802 /* clean up the flags and such */
1803 asoc->fragmented_delivery_inprogress = 0;
1804 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1805 asoc->strmin[strmno].last_sequence_delivered++;
1807 stcb->asoc.control_pdapi = NULL;
1808 if (TAILQ_EMPTY(&asoc->reasmqueue) == 0) {
1810 * There could be another message
1813 need_reasm_check = 1;
1817 goto finish_express_del;
1820 failed_pdapi_express_del:
1822 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
1823 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1824 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1825 asoc->highest_tsn_inside_nr_map = tsn;
1828 SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap);
1829 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map)) {
1830 asoc->highest_tsn_inside_map = tsn;
1833 if ((chunk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) {
1834 sctp_alloc_a_chunk(stcb, chk);
1836 /* No memory so we drop the chunk */
1837 SCTP_STAT_INCR(sctps_nomem);
1838 if (last_chunk == 0) {
1839 /* we copied it, free the copy */
1840 sctp_m_freem(dmbuf);
1844 chk->rec.data.TSN_seq = tsn;
1845 chk->no_fr_allowed = 0;
1846 chk->rec.data.stream_seq = strmseq;
1847 chk->rec.data.stream_number = strmno;
1848 chk->rec.data.payloadtype = protocol_id;
1849 chk->rec.data.context = stcb->asoc.context;
1850 chk->rec.data.doing_fast_retransmit = 0;
1851 chk->rec.data.rcv_flags = chunk_flags;
1853 chk->send_size = the_len;
1855 atomic_add_int(&net->ref_count, 1);
1858 sctp_alloc_a_readq(stcb, control);
1859 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1864 if (control == NULL) {
1865 /* No memory so we drop the chunk */
1866 SCTP_STAT_INCR(sctps_nomem);
1867 if (last_chunk == 0) {
1868 /* we copied it, free the copy */
1869 sctp_m_freem(dmbuf);
1873 control->length = the_len;
1876 /* Mark it as received */
1877 /* Now queue it where it belongs */
1878 if (control != NULL) {
1879 /* First a sanity check */
1880 if (asoc->fragmented_delivery_inprogress) {
1882 * Ok, we have a fragmented delivery in progress if
1883 * this chunk is next to deliver OR belongs in our
1884 * view to the reassembly, the peer is evil or
1887 uint32_t estimate_tsn;
1889 estimate_tsn = asoc->tsn_last_delivered + 1;
1890 if (TAILQ_EMPTY(&asoc->reasmqueue) &&
1891 (estimate_tsn == control->sinfo_tsn)) {
1892 /* Evil/Broke peer */
1893 sctp_m_freem(control->data);
1894 control->data = NULL;
1895 if (control->whoFrom) {
1896 sctp_free_remote_addr(control->whoFrom);
1897 control->whoFrom = NULL;
1899 sctp_free_a_readq(stcb, control);
1900 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1901 0, M_NOWAIT, 1, MT_DATA);
1903 struct sctp_paramhdr *ph;
1906 SCTP_BUF_LEN(oper) =
1907 sizeof(struct sctp_paramhdr) +
1908 (3 * sizeof(uint32_t));
1909 ph = mtod(oper, struct sctp_paramhdr *);
1911 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1912 ph->param_length = htons(SCTP_BUF_LEN(oper));
1913 ippp = (uint32_t *) (ph + 1);
1914 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_15);
1918 *ippp = ((strmno << 16) | strmseq);
1920 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
1921 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1925 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1926 sctp_m_freem(control->data);
1927 control->data = NULL;
1928 if (control->whoFrom) {
1929 sctp_free_remote_addr(control->whoFrom);
1930 control->whoFrom = NULL;
1932 sctp_free_a_readq(stcb, control);
1934 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1935 0, M_NOWAIT, 1, MT_DATA);
1937 struct sctp_paramhdr *ph;
1940 SCTP_BUF_LEN(oper) =
1941 sizeof(struct sctp_paramhdr) +
1942 (3 * sizeof(uint32_t));
1944 struct sctp_paramhdr *);
1946 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1948 htons(SCTP_BUF_LEN(oper));
1949 ippp = (uint32_t *) (ph + 1);
1950 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_16);
1954 *ippp = ((strmno << 16) | strmseq);
1956 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
1957 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1963 /* No PDAPI running */
1964 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
1966 * Reassembly queue is NOT empty validate
1967 * that this tsn does not need to be in
1968 * reasembly queue. If it does then our peer
1969 * is broken or evil.
1971 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1972 sctp_m_freem(control->data);
1973 control->data = NULL;
1974 if (control->whoFrom) {
1975 sctp_free_remote_addr(control->whoFrom);
1976 control->whoFrom = NULL;
1978 sctp_free_a_readq(stcb, control);
1979 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1980 0, M_NOWAIT, 1, MT_DATA);
1982 struct sctp_paramhdr *ph;
1985 SCTP_BUF_LEN(oper) =
1986 sizeof(struct sctp_paramhdr) +
1987 (3 * sizeof(uint32_t));
1989 struct sctp_paramhdr *);
1991 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1993 htons(SCTP_BUF_LEN(oper));
1994 ippp = (uint32_t *) (ph + 1);
1995 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_17);
1999 *ippp = ((strmno << 16) | strmseq);
2001 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17;
2002 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
2008 /* ok, if we reach here we have passed the sanity checks */
2009 if (chunk_flags & SCTP_DATA_UNORDERED) {
2010 /* queue directly into socket buffer */
2011 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
2012 sctp_add_to_readq(stcb->sctp_ep, stcb,
2014 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
2017 * Special check for when streams are resetting. We
2018 * could be more smart about this and check the
2019 * actual stream to see if it is not being reset..
2020 * that way we would not create a HOLB when amongst
2021 * streams being reset and those not being reset.
2023 * We take complete messages that have a stream reset
2024 * intervening (aka the TSN is after where our
2025 * cum-ack needs to be) off and put them on a
2026 * pending_reply_queue. The reassembly ones we do
2027 * not have to worry about since they are all sorted
2028 * and proceessed by TSN order. It is only the
2029 * singletons I must worry about.
2031 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2032 SCTP_TSN_GT(tsn, liste->tsn)) {
2034 * yep its past where we need to reset... go
2035 * ahead and queue it.
2037 if (TAILQ_EMPTY(&asoc->pending_reply_queue)) {
2039 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2041 struct sctp_queued_to_read *ctlOn,
2043 unsigned char inserted = 0;
2045 TAILQ_FOREACH_SAFE(ctlOn, &asoc->pending_reply_queue, next, nctlOn) {
2046 if (SCTP_TSN_GT(control->sinfo_tsn, ctlOn->sinfo_tsn)) {
2050 TAILQ_INSERT_BEFORE(ctlOn, control, next);
2055 if (inserted == 0) {
2057 * must be put at end, use
2058 * prevP (all setup from
2059 * loop) to setup nextP.
2061 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2065 sctp_queue_data_to_stream(stcb, asoc, control, abort_flag);
2072 /* Into the re-assembly queue */
2073 sctp_queue_data_for_reasm(stcb, asoc, chk, abort_flag);
2076 * the assoc is now gone and chk was put onto the
2077 * reasm queue, which has all been freed.
2084 if (tsn == (asoc->cumulative_tsn + 1)) {
2085 /* Update cum-ack */
2086 asoc->cumulative_tsn = tsn;
2092 SCTP_STAT_INCR_COUNTER64(sctps_inorderchunks);
2094 SCTP_STAT_INCR_COUNTER64(sctps_inunorderchunks);
2096 SCTP_STAT_INCR(sctps_recvdata);
2097 /* Set it present please */
2098 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
2099 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno, SCTP_STR_LOG_FROM_MARK_TSN);
2101 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2102 sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn,
2103 asoc->highest_tsn_inside_map, SCTP_MAP_PREPARE_SLIDE);
2105 /* check the special flag for stream resets */
2106 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2107 SCTP_TSN_GE(asoc->cumulative_tsn, liste->tsn)) {
2109 * we have finished working through the backlogged TSN's now
2110 * time to reset streams. 1: call reset function. 2: free
2111 * pending_reply space 3: distribute any chunks in
2112 * pending_reply_queue.
2114 struct sctp_queued_to_read *ctl, *nctl;
2116 sctp_reset_in_stream(stcb, liste->number_entries, liste->list_of_streams);
2117 TAILQ_REMOVE(&asoc->resetHead, liste, next_resp);
2118 SCTP_FREE(liste, SCTP_M_STRESET);
2119 /* sa_ignore FREED_MEMORY */
2120 liste = TAILQ_FIRST(&asoc->resetHead);
2121 if (TAILQ_EMPTY(&asoc->resetHead)) {
2122 /* All can be removed */
2123 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2124 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2125 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2131 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2132 if (SCTP_TSN_GT(ctl->sinfo_tsn, liste->tsn)) {
2136 * if ctl->sinfo_tsn is <= liste->tsn we can
2137 * process it which is the NOT of
2138 * ctl->sinfo_tsn > liste->tsn
2140 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2141 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2148 * Now service re-assembly to pick up anything that has been
2149 * held on reassembly queue?
2151 sctp_deliver_reasm_check(stcb, asoc);
2152 need_reasm_check = 0;
2154 if (need_reasm_check) {
2155 /* Another one waits ? */
2156 sctp_deliver_reasm_check(stcb, asoc);
2161 int8_t sctp_map_lookup_tab[256] = {
2162 0, 1, 0, 2, 0, 1, 0, 3,
2163 0, 1, 0, 2, 0, 1, 0, 4,
2164 0, 1, 0, 2, 0, 1, 0, 3,
2165 0, 1, 0, 2, 0, 1, 0, 5,
2166 0, 1, 0, 2, 0, 1, 0, 3,
2167 0, 1, 0, 2, 0, 1, 0, 4,
2168 0, 1, 0, 2, 0, 1, 0, 3,
2169 0, 1, 0, 2, 0, 1, 0, 6,
2170 0, 1, 0, 2, 0, 1, 0, 3,
2171 0, 1, 0, 2, 0, 1, 0, 4,
2172 0, 1, 0, 2, 0, 1, 0, 3,
2173 0, 1, 0, 2, 0, 1, 0, 5,
2174 0, 1, 0, 2, 0, 1, 0, 3,
2175 0, 1, 0, 2, 0, 1, 0, 4,
2176 0, 1, 0, 2, 0, 1, 0, 3,
2177 0, 1, 0, 2, 0, 1, 0, 7,
2178 0, 1, 0, 2, 0, 1, 0, 3,
2179 0, 1, 0, 2, 0, 1, 0, 4,
2180 0, 1, 0, 2, 0, 1, 0, 3,
2181 0, 1, 0, 2, 0, 1, 0, 5,
2182 0, 1, 0, 2, 0, 1, 0, 3,
2183 0, 1, 0, 2, 0, 1, 0, 4,
2184 0, 1, 0, 2, 0, 1, 0, 3,
2185 0, 1, 0, 2, 0, 1, 0, 6,
2186 0, 1, 0, 2, 0, 1, 0, 3,
2187 0, 1, 0, 2, 0, 1, 0, 4,
2188 0, 1, 0, 2, 0, 1, 0, 3,
2189 0, 1, 0, 2, 0, 1, 0, 5,
2190 0, 1, 0, 2, 0, 1, 0, 3,
2191 0, 1, 0, 2, 0, 1, 0, 4,
2192 0, 1, 0, 2, 0, 1, 0, 3,
2193 0, 1, 0, 2, 0, 1, 0, 8
2198 sctp_slide_mapping_arrays(struct sctp_tcb *stcb)
2201 * Now we also need to check the mapping array in a couple of ways.
2202 * 1) Did we move the cum-ack point?
2204 * When you first glance at this you might think that all entries that
2205 * make up the postion of the cum-ack would be in the nr-mapping
2206 * array only.. i.e. things up to the cum-ack are always
2207 * deliverable. Thats true with one exception, when its a fragmented
2208 * message we may not deliver the data until some threshold (or all
2209 * of it) is in place. So we must OR the nr_mapping_array and
2210 * mapping_array to get a true picture of the cum-ack.
2212 struct sctp_association *asoc;
2215 int slide_from, slide_end, lgap, distance;
2216 uint32_t old_cumack, old_base, old_highest, highest_tsn;
2220 old_cumack = asoc->cumulative_tsn;
2221 old_base = asoc->mapping_array_base_tsn;
2222 old_highest = asoc->highest_tsn_inside_map;
2224 * We could probably improve this a small bit by calculating the
2225 * offset of the current cum-ack as the starting point.
2228 for (slide_from = 0; slide_from < stcb->asoc.mapping_array_size; slide_from++) {
2229 val = asoc->nr_mapping_array[slide_from] | asoc->mapping_array[slide_from];
2233 /* there is a 0 bit */
2234 at += sctp_map_lookup_tab[val];
2238 asoc->cumulative_tsn = asoc->mapping_array_base_tsn + (at - 1);
2240 if (SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_map) &&
2241 SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_nr_map)) {
2243 panic("huh, cumack 0x%x greater than high-tsn 0x%x in map",
2244 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2246 SCTP_PRINTF("huh, cumack 0x%x greater than high-tsn 0x%x in map - should panic?\n",
2247 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2248 sctp_print_mapping_array(asoc);
2249 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2250 sctp_log_map(0, 6, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
2252 asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2253 asoc->highest_tsn_inside_nr_map = asoc->cumulative_tsn;
2256 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2257 highest_tsn = asoc->highest_tsn_inside_nr_map;
2259 highest_tsn = asoc->highest_tsn_inside_map;
2261 if ((asoc->cumulative_tsn == highest_tsn) && (at >= 8)) {
2262 /* The complete array was completed by a single FR */
2263 /* highest becomes the cum-ack */
2271 /* clear the array */
2272 clr = ((at + 7) >> 3);
2273 if (clr > asoc->mapping_array_size) {
2274 clr = asoc->mapping_array_size;
2276 memset(asoc->mapping_array, 0, clr);
2277 memset(asoc->nr_mapping_array, 0, clr);
2279 for (i = 0; i < asoc->mapping_array_size; i++) {
2280 if ((asoc->mapping_array[i]) || (asoc->nr_mapping_array[i])) {
2281 SCTP_PRINTF("Error Mapping array's not clean at clear\n");
2282 sctp_print_mapping_array(asoc);
2286 asoc->mapping_array_base_tsn = asoc->cumulative_tsn + 1;
2287 asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2288 } else if (at >= 8) {
2289 /* we can slide the mapping array down */
2290 /* slide_from holds where we hit the first NON 0xff byte */
2293 * now calculate the ceiling of the move using our highest
2296 SCTP_CALC_TSN_TO_GAP(lgap, highest_tsn, asoc->mapping_array_base_tsn);
2297 slide_end = (lgap >> 3);
2298 if (slide_end < slide_from) {
2299 sctp_print_mapping_array(asoc);
2301 panic("impossible slide");
2303 SCTP_PRINTF("impossible slide lgap:%x slide_end:%x slide_from:%x? at:%d\n",
2304 lgap, slide_end, slide_from, at);
2308 if (slide_end > asoc->mapping_array_size) {
2310 panic("would overrun buffer");
2312 SCTP_PRINTF("Gak, would have overrun map end:%d slide_end:%d\n",
2313 asoc->mapping_array_size, slide_end);
2314 slide_end = asoc->mapping_array_size;
2317 distance = (slide_end - slide_from) + 1;
2318 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2319 sctp_log_map(old_base, old_cumack, old_highest,
2320 SCTP_MAP_PREPARE_SLIDE);
2321 sctp_log_map((uint32_t) slide_from, (uint32_t) slide_end,
2322 (uint32_t) lgap, SCTP_MAP_SLIDE_FROM);
2324 if (distance + slide_from > asoc->mapping_array_size ||
2327 * Here we do NOT slide forward the array so that
2328 * hopefully when more data comes in to fill it up
2329 * we will be able to slide it forward. Really I
2330 * don't think this should happen :-0
2333 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2334 sctp_log_map((uint32_t) distance, (uint32_t) slide_from,
2335 (uint32_t) asoc->mapping_array_size,
2336 SCTP_MAP_SLIDE_NONE);
2341 for (ii = 0; ii < distance; ii++) {
2342 asoc->mapping_array[ii] = asoc->mapping_array[slide_from + ii];
2343 asoc->nr_mapping_array[ii] = asoc->nr_mapping_array[slide_from + ii];
2346 for (ii = distance; ii < asoc->mapping_array_size; ii++) {
2347 asoc->mapping_array[ii] = 0;
2348 asoc->nr_mapping_array[ii] = 0;
2350 if (asoc->highest_tsn_inside_map + 1 == asoc->mapping_array_base_tsn) {
2351 asoc->highest_tsn_inside_map += (slide_from << 3);
2353 if (asoc->highest_tsn_inside_nr_map + 1 == asoc->mapping_array_base_tsn) {
2354 asoc->highest_tsn_inside_nr_map += (slide_from << 3);
2356 asoc->mapping_array_base_tsn += (slide_from << 3);
2357 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2358 sctp_log_map(asoc->mapping_array_base_tsn,
2359 asoc->cumulative_tsn, asoc->highest_tsn_inside_map,
2360 SCTP_MAP_SLIDE_RESULT);
2367 sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap)
2369 struct sctp_association *asoc;
2370 uint32_t highest_tsn;
2373 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2374 highest_tsn = asoc->highest_tsn_inside_nr_map;
2376 highest_tsn = asoc->highest_tsn_inside_map;
2380 * Now we need to see if we need to queue a sack or just start the
2381 * timer (if allowed).
2383 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2385 * Ok special case, in SHUTDOWN-SENT case. here we maker
2386 * sure SACK timer is off and instead send a SHUTDOWN and a
2389 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2390 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
2391 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_INDATA + SCTP_LOC_18);
2393 sctp_send_shutdown(stcb,
2394 ((stcb->asoc.alternate) ? stcb->asoc.alternate : stcb->asoc.primary_destination));
2395 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2399 /* is there a gap now ? */
2400 is_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2403 * CMT DAC algorithm: increase number of packets received
2406 stcb->asoc.cmt_dac_pkts_rcvd++;
2408 if ((stcb->asoc.send_sack == 1) || /* We need to send a
2410 ((was_a_gap) && (is_a_gap == 0)) || /* was a gap, but no
2412 (stcb->asoc.numduptsns) || /* we have dup's */
2413 (is_a_gap) || /* is still a gap */
2414 (stcb->asoc.delayed_ack == 0) || /* Delayed sack disabled */
2415 (stcb->asoc.data_pkts_seen >= stcb->asoc.sack_freq) /* hit limit of pkts */
2418 if ((stcb->asoc.sctp_cmt_on_off > 0) &&
2419 (SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) &&
2420 (stcb->asoc.send_sack == 0) &&
2421 (stcb->asoc.numduptsns == 0) &&
2422 (stcb->asoc.delayed_ack) &&
2423 (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer))) {
2426 * CMT DAC algorithm: With CMT, delay acks
2427 * even in the face of
2429 * reordering. Therefore, if acks that do not
2430 * have to be sent because of the above
2431 * reasons, will be delayed. That is, acks
2432 * that would have been sent due to gap
2433 * reports will be delayed with DAC. Start
2434 * the delayed ack timer.
2436 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2437 stcb->sctp_ep, stcb, NULL);
2440 * Ok we must build a SACK since the timer
2441 * is pending, we got our first packet OR
2442 * there are gaps or duplicates.
2444 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
2445 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2448 if (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2449 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2450 stcb->sctp_ep, stcb, NULL);
2457 sctp_service_queues(struct sctp_tcb *stcb, struct sctp_association *asoc)
2459 struct sctp_tmit_chunk *chk;
2460 uint32_t tsize, pd_point;
2463 if (asoc->fragmented_delivery_inprogress) {
2464 sctp_service_reassembly(stcb, asoc);
2466 /* Can we proceed further, i.e. the PD-API is complete */
2467 if (asoc->fragmented_delivery_inprogress) {
2472 * Now is there some other chunk I can deliver from the reassembly
2476 chk = TAILQ_FIRST(&asoc->reasmqueue);
2478 asoc->size_on_reasm_queue = 0;
2479 asoc->cnt_on_reasm_queue = 0;
2482 nxt_todel = asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
2483 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
2484 ((nxt_todel == chk->rec.data.stream_seq) ||
2485 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
2487 * Yep the first one is here. We setup to start reception,
2488 * by backing down the TSN just in case we can't deliver.
2492 * Before we start though either all of the message should
2493 * be here or the socket buffer max or nothing on the
2494 * delivery queue and something can be delivered.
2496 if (stcb->sctp_socket) {
2497 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket) >> SCTP_PARTIAL_DELIVERY_SHIFT,
2498 stcb->sctp_ep->partial_delivery_point);
2500 pd_point = stcb->sctp_ep->partial_delivery_point;
2502 if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) {
2503 asoc->fragmented_delivery_inprogress = 1;
2504 asoc->tsn_last_delivered = chk->rec.data.TSN_seq - 1;
2505 asoc->str_of_pdapi = chk->rec.data.stream_number;
2506 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
2507 asoc->pdapi_ppid = chk->rec.data.payloadtype;
2508 asoc->fragment_flags = chk->rec.data.rcv_flags;
2509 sctp_service_reassembly(stcb, asoc);
2510 if (asoc->fragmented_delivery_inprogress == 0) {
2518 sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
2519 struct sockaddr *src, struct sockaddr *dst,
2520 struct sctphdr *sh, struct sctp_inpcb *inp,
2521 struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t * high_tsn,
2522 uint8_t use_mflowid, uint32_t mflowid,
2523 uint32_t vrf_id, uint16_t port)
2525 struct sctp_data_chunk *ch, chunk_buf;
2526 struct sctp_association *asoc;
2527 int num_chunks = 0; /* number of control chunks processed */
2529 int chk_length, break_flag, last_chunk;
2530 int abort_flag = 0, was_a_gap;
2532 uint32_t highest_tsn;
2535 sctp_set_rwnd(stcb, &stcb->asoc);
2538 SCTP_TCB_LOCK_ASSERT(stcb);
2540 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2541 highest_tsn = asoc->highest_tsn_inside_nr_map;
2543 highest_tsn = asoc->highest_tsn_inside_map;
2545 was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2547 * setup where we got the last DATA packet from for any SACK that
2548 * may need to go out. Don't bump the net. This is done ONLY when a
2549 * chunk is assigned.
2551 asoc->last_data_chunk_from = net;
2554 * Now before we proceed we must figure out if this is a wasted
2555 * cluster... i.e. it is a small packet sent in and yet the driver
2556 * underneath allocated a full cluster for it. If so we must copy it
2557 * to a smaller mbuf and free up the cluster mbuf. This will help
2558 * with cluster starvation. Note for __Panda__ we don't do this
2559 * since it has clusters all the way down to 64 bytes.
2561 if (SCTP_BUF_LEN(m) < (long)MLEN && SCTP_BUF_NEXT(m) == NULL) {
2562 /* we only handle mbufs that are singletons.. not chains */
2563 m = sctp_get_mbuf_for_msg(SCTP_BUF_LEN(m), 0, M_NOWAIT, 1, MT_DATA);
2565 /* ok lets see if we can copy the data up */
2568 /* get the pointers and copy */
2569 to = mtod(m, caddr_t *);
2570 from = mtod((*mm), caddr_t *);
2571 memcpy(to, from, SCTP_BUF_LEN((*mm)));
2572 /* copy the length and free up the old */
2573 SCTP_BUF_LEN(m) = SCTP_BUF_LEN((*mm));
2575 /* sucess, back copy */
2578 /* We are in trouble in the mbuf world .. yikes */
2582 /* get pointer to the first chunk header */
2583 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2584 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2589 * process all DATA chunks...
2591 *high_tsn = asoc->cumulative_tsn;
2593 asoc->data_pkts_seen++;
2594 while (stop_proc == 0) {
2595 /* validate chunk length */
2596 chk_length = ntohs(ch->ch.chunk_length);
2597 if (length - *offset < chk_length) {
2598 /* all done, mutulated chunk */
2602 if (ch->ch.chunk_type == SCTP_DATA) {
2603 if ((size_t)chk_length < sizeof(struct sctp_data_chunk) + 1) {
2605 * Need to send an abort since we had a
2606 * invalid data chunk.
2608 struct mbuf *op_err;
2610 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 2 * sizeof(uint32_t)),
2611 0, M_NOWAIT, 1, MT_DATA);
2614 struct sctp_paramhdr *ph;
2617 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr) +
2618 (2 * sizeof(uint32_t));
2619 ph = mtod(op_err, struct sctp_paramhdr *);
2621 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
2622 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2623 ippp = (uint32_t *) (ph + 1);
2624 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_19);
2626 *ippp = asoc->cumulative_tsn;
2629 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19;
2630 sctp_abort_association(inp, stcb, m, iphlen,
2631 src, dst, sh, op_err,
2632 use_mflowid, mflowid,
2636 #ifdef SCTP_AUDITING_ENABLED
2637 sctp_audit_log(0xB1, 0);
2639 if (SCTP_SIZE32(chk_length) == (length - *offset)) {
2644 if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset, ch,
2645 chk_length, net, high_tsn, &abort_flag, &break_flag,
2654 * Set because of out of rwnd space and no
2655 * drop rep space left.
2661 /* not a data chunk in the data region */
2662 switch (ch->ch.chunk_type) {
2663 case SCTP_INITIATION:
2664 case SCTP_INITIATION_ACK:
2665 case SCTP_SELECTIVE_ACK:
2666 case SCTP_NR_SELECTIVE_ACK:
2667 case SCTP_HEARTBEAT_REQUEST:
2668 case SCTP_HEARTBEAT_ACK:
2669 case SCTP_ABORT_ASSOCIATION:
2671 case SCTP_SHUTDOWN_ACK:
2672 case SCTP_OPERATION_ERROR:
2673 case SCTP_COOKIE_ECHO:
2674 case SCTP_COOKIE_ACK:
2677 case SCTP_SHUTDOWN_COMPLETE:
2678 case SCTP_AUTHENTICATION:
2679 case SCTP_ASCONF_ACK:
2680 case SCTP_PACKET_DROPPED:
2681 case SCTP_STREAM_RESET:
2682 case SCTP_FORWARD_CUM_TSN:
2685 * Now, what do we do with KNOWN chunks that
2686 * are NOT in the right place?
2688 * For now, I do nothing but ignore them. We
2689 * may later want to add sysctl stuff to
2690 * switch out and do either an ABORT() or
2691 * possibly process them.
2693 if (SCTP_BASE_SYSCTL(sctp_strict_data_order)) {
2694 struct mbuf *op_err;
2696 op_err = sctp_generate_invmanparam(SCTP_CAUSE_PROTOCOL_VIOLATION);
2697 sctp_abort_association(inp, stcb,
2701 use_mflowid, mflowid,
2707 /* unknown chunk type, use bit rules */
2708 if (ch->ch.chunk_type & 0x40) {
2709 /* Add a error report to the queue */
2711 struct sctp_paramhdr *phd;
2713 merr = sctp_get_mbuf_for_msg(sizeof(*phd), 0, M_NOWAIT, 1, MT_DATA);
2715 phd = mtod(merr, struct sctp_paramhdr *);
2717 * We cheat and use param
2718 * type since we did not
2719 * bother to define a error
2720 * cause struct. They are
2721 * the same basic format
2722 * with different names.
2725 htons(SCTP_CAUSE_UNRECOG_CHUNK);
2727 htons(chk_length + sizeof(*phd));
2728 SCTP_BUF_LEN(merr) = sizeof(*phd);
2729 SCTP_BUF_NEXT(merr) = SCTP_M_COPYM(m, *offset, chk_length, M_NOWAIT);
2730 if (SCTP_BUF_NEXT(merr)) {
2731 if (sctp_pad_lastmbuf(SCTP_BUF_NEXT(merr), SCTP_SIZE32(chk_length) - chk_length, NULL)) {
2734 sctp_queue_op_err(stcb, merr);
2741 if ((ch->ch.chunk_type & 0x80) == 0) {
2742 /* discard the rest of this packet */
2744 } /* else skip this bad chunk and
2747 } /* switch of chunk type */
2749 *offset += SCTP_SIZE32(chk_length);
2750 if ((*offset >= length) || stop_proc) {
2751 /* no more data left in the mbuf chain */
2755 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2756 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2765 * we need to report rwnd overrun drops.
2767 sctp_send_packet_dropped(stcb, net, *mm, length, iphlen, 0);
2771 * Did we get data, if so update the time for auto-close and
2772 * give peer credit for being alive.
2774 SCTP_STAT_INCR(sctps_recvpktwithdata);
2775 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
2776 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
2777 stcb->asoc.overall_error_count,
2779 SCTP_FROM_SCTP_INDATA,
2782 stcb->asoc.overall_error_count = 0;
2783 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_last_rcvd);
2785 /* now service all of the reassm queue if needed */
2786 if (!(TAILQ_EMPTY(&asoc->reasmqueue)))
2787 sctp_service_queues(stcb, asoc);
2789 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2790 /* Assure that we ack right away */
2791 stcb->asoc.send_sack = 1;
2793 /* Start a sack timer or QUEUE a SACK for sending */
2794 sctp_sack_check(stcb, was_a_gap);
2799 sctp_process_segment_range(struct sctp_tcb *stcb, struct sctp_tmit_chunk **p_tp1, uint32_t last_tsn,
2800 uint16_t frag_strt, uint16_t frag_end, int nr_sacking,
2802 uint32_t * biggest_newly_acked_tsn,
2803 uint32_t * this_sack_lowest_newack,
2806 struct sctp_tmit_chunk *tp1;
2807 unsigned int theTSN;
2808 int j, wake_him = 0, circled = 0;
2810 /* Recover the tp1 we last saw */
2813 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2815 for (j = frag_strt; j <= frag_end; j++) {
2816 theTSN = j + last_tsn;
2818 if (tp1->rec.data.doing_fast_retransmit)
2822 * CMT: CUCv2 algorithm. For each TSN being
2823 * processed from the sent queue, track the
2824 * next expected pseudo-cumack, or
2825 * rtx_pseudo_cumack, if required. Separate
2826 * cumack trackers for first transmissions,
2827 * and retransmissions.
2829 if ((tp1->whoTo->find_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2830 (tp1->snd_count == 1)) {
2831 tp1->whoTo->pseudo_cumack = tp1->rec.data.TSN_seq;
2832 tp1->whoTo->find_pseudo_cumack = 0;
2834 if ((tp1->whoTo->find_rtx_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2835 (tp1->snd_count > 1)) {
2836 tp1->whoTo->rtx_pseudo_cumack = tp1->rec.data.TSN_seq;
2837 tp1->whoTo->find_rtx_pseudo_cumack = 0;
2839 if (tp1->rec.data.TSN_seq == theTSN) {
2840 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
2842 * must be held until
2845 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
2847 * If it is less than RESEND, it is
2848 * now no-longer in flight.
2849 * Higher values may already be set
2850 * via previous Gap Ack Blocks...
2851 * i.e. ACKED or RESEND.
2853 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2854 *biggest_newly_acked_tsn)) {
2855 *biggest_newly_acked_tsn = tp1->rec.data.TSN_seq;
2858 * CMT: SFR algo (and HTNA) - set
2859 * saw_newack to 1 for dest being
2860 * newly acked. update
2861 * this_sack_highest_newack if
2864 if (tp1->rec.data.chunk_was_revoked == 0)
2865 tp1->whoTo->saw_newack = 1;
2867 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2868 tp1->whoTo->this_sack_highest_newack)) {
2869 tp1->whoTo->this_sack_highest_newack =
2870 tp1->rec.data.TSN_seq;
2873 * CMT DAC algo: also update
2874 * this_sack_lowest_newack
2876 if (*this_sack_lowest_newack == 0) {
2877 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2878 sctp_log_sack(*this_sack_lowest_newack,
2880 tp1->rec.data.TSN_seq,
2883 SCTP_LOG_TSN_ACKED);
2885 *this_sack_lowest_newack = tp1->rec.data.TSN_seq;
2888 * CMT: CUCv2 algorithm. If (rtx-)pseudo-cumack for corresp
2889 * dest is being acked, then we have a new (rtx-)pseudo-cumack. Set
2890 * new_(rtx_)pseudo_cumack to TRUE so that the cwnd for this dest can be
2891 * updated. Also trigger search for the next expected (rtx-)pseudo-cumack.
2892 * Separate pseudo_cumack trackers for first transmissions and
2895 if (tp1->rec.data.TSN_seq == tp1->whoTo->pseudo_cumack) {
2896 if (tp1->rec.data.chunk_was_revoked == 0) {
2897 tp1->whoTo->new_pseudo_cumack = 1;
2899 tp1->whoTo->find_pseudo_cumack = 1;
2901 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
2902 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
2904 if (tp1->rec.data.TSN_seq == tp1->whoTo->rtx_pseudo_cumack) {
2905 if (tp1->rec.data.chunk_was_revoked == 0) {
2906 tp1->whoTo->new_pseudo_cumack = 1;
2908 tp1->whoTo->find_rtx_pseudo_cumack = 1;
2910 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2911 sctp_log_sack(*biggest_newly_acked_tsn,
2913 tp1->rec.data.TSN_seq,
2916 SCTP_LOG_TSN_ACKED);
2918 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
2919 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_GAP,
2920 tp1->whoTo->flight_size,
2922 (uintptr_t) tp1->whoTo,
2923 tp1->rec.data.TSN_seq);
2925 sctp_flight_size_decrease(tp1);
2926 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
2927 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
2930 sctp_total_flight_decrease(stcb, tp1);
2932 tp1->whoTo->net_ack += tp1->send_size;
2933 if (tp1->snd_count < 2) {
2935 * True non-retransmited chunk
2937 tp1->whoTo->net_ack2 += tp1->send_size;
2945 sctp_calculate_rto(stcb,
2948 &tp1->sent_rcv_time,
2949 sctp_align_safe_nocopy,
2950 SCTP_RTT_FROM_DATA);
2953 if (tp1->whoTo->rto_needed == 0) {
2954 tp1->whoTo->rto_needed = 1;
2960 if (tp1->sent <= SCTP_DATAGRAM_RESEND) {
2961 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2962 stcb->asoc.this_sack_highest_gap)) {
2963 stcb->asoc.this_sack_highest_gap =
2964 tp1->rec.data.TSN_seq;
2966 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
2967 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt);
2968 #ifdef SCTP_AUDITING_ENABLED
2969 sctp_audit_log(0xB2,
2970 (stcb->asoc.sent_queue_retran_cnt & 0x000000ff));
2975 * All chunks NOT UNSENT fall through here and are marked
2976 * (leave PR-SCTP ones that are to skip alone though)
2978 if ((tp1->sent != SCTP_FORWARD_TSN_SKIP) &&
2979 (tp1->sent != SCTP_DATAGRAM_NR_ACKED)) {
2980 tp1->sent = SCTP_DATAGRAM_MARKED;
2982 if (tp1->rec.data.chunk_was_revoked) {
2983 /* deflate the cwnd */
2984 tp1->whoTo->cwnd -= tp1->book_size;
2985 tp1->rec.data.chunk_was_revoked = 0;
2987 /* NR Sack code here */
2989 (tp1->sent != SCTP_DATAGRAM_NR_ACKED)) {
2990 if (stcb->asoc.strmout[tp1->rec.data.stream_number].chunks_on_queues > 0) {
2991 stcb->asoc.strmout[tp1->rec.data.stream_number].chunks_on_queues--;
2994 panic("No chunks on the queues for sid %u.", tp1->rec.data.stream_number);
2997 tp1->sent = SCTP_DATAGRAM_NR_ACKED;
3003 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1);
3004 sctp_m_freem(tp1->data);
3011 } /* if (tp1->TSN_seq == theTSN) */
3012 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, theTSN)) {
3015 tp1 = TAILQ_NEXT(tp1, sctp_next);
3016 if ((tp1 == NULL) && (circled == 0)) {
3018 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3020 } /* end while (tp1) */
3023 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3025 /* In case the fragments were not in order we must reset */
3026 } /* end for (j = fragStart */
3028 return (wake_him); /* Return value only used for nr-sack */
3033 sctp_handle_segments(struct mbuf *m, int *offset, struct sctp_tcb *stcb, struct sctp_association *asoc,
3034 uint32_t last_tsn, uint32_t * biggest_tsn_acked,
3035 uint32_t * biggest_newly_acked_tsn, uint32_t * this_sack_lowest_newack,
3036 int num_seg, int num_nr_seg, int *rto_ok)
3038 struct sctp_gap_ack_block *frag, block;
3039 struct sctp_tmit_chunk *tp1;
3044 uint16_t frag_strt, frag_end, prev_frag_end;
3046 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3050 for (i = 0; i < (num_seg + num_nr_seg); i++) {
3053 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3055 frag = (struct sctp_gap_ack_block *)sctp_m_getptr(m, *offset,
3056 sizeof(struct sctp_gap_ack_block), (uint8_t *) & block);
3057 *offset += sizeof(block);
3059 return (chunk_freed);
3061 frag_strt = ntohs(frag->start);
3062 frag_end = ntohs(frag->end);
3064 if (frag_strt > frag_end) {
3065 /* This gap report is malformed, skip it. */
3068 if (frag_strt <= prev_frag_end) {
3069 /* This gap report is not in order, so restart. */
3070 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3072 if (SCTP_TSN_GT((last_tsn + frag_end), *biggest_tsn_acked)) {
3073 *biggest_tsn_acked = last_tsn + frag_end;
3080 if (sctp_process_segment_range(stcb, &tp1, last_tsn, frag_strt, frag_end,
3081 non_revocable, &num_frs, biggest_newly_acked_tsn,
3082 this_sack_lowest_newack, rto_ok)) {
3085 prev_frag_end = frag_end;
3087 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3089 sctp_log_fr(*biggest_tsn_acked,
3090 *biggest_newly_acked_tsn,
3091 last_tsn, SCTP_FR_LOG_BIGGEST_TSNS);
3093 return (chunk_freed);
3097 sctp_check_for_revoked(struct sctp_tcb *stcb,
3098 struct sctp_association *asoc, uint32_t cumack,
3099 uint32_t biggest_tsn_acked)
3101 struct sctp_tmit_chunk *tp1;
3103 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3104 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, cumack)) {
3106 * ok this guy is either ACK or MARKED. If it is
3107 * ACKED it has been previously acked but not this
3108 * time i.e. revoked. If it is MARKED it was ACK'ed
3111 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, biggest_tsn_acked)) {
3114 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
3115 /* it has been revoked */
3116 tp1->sent = SCTP_DATAGRAM_SENT;
3117 tp1->rec.data.chunk_was_revoked = 1;
3119 * We must add this stuff back in to assure
3120 * timers and such get started.
3122 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3123 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
3124 tp1->whoTo->flight_size,
3126 (uintptr_t) tp1->whoTo,
3127 tp1->rec.data.TSN_seq);
3129 sctp_flight_size_increase(tp1);
3130 sctp_total_flight_increase(stcb, tp1);
3132 * We inflate the cwnd to compensate for our
3133 * artificial inflation of the flight_size.
3135 tp1->whoTo->cwnd += tp1->book_size;
3136 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3137 sctp_log_sack(asoc->last_acked_seq,
3139 tp1->rec.data.TSN_seq,
3142 SCTP_LOG_TSN_REVOKED);
3144 } else if (tp1->sent == SCTP_DATAGRAM_MARKED) {
3145 /* it has been re-acked in this SACK */
3146 tp1->sent = SCTP_DATAGRAM_ACKED;
3149 if (tp1->sent == SCTP_DATAGRAM_UNSENT)
3156 sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
3157 uint32_t biggest_tsn_acked, uint32_t biggest_tsn_newly_acked, uint32_t this_sack_lowest_newack, int accum_moved)
3159 struct sctp_tmit_chunk *tp1;
3160 int strike_flag = 0;
3162 int tot_retrans = 0;
3163 uint32_t sending_seq;
3164 struct sctp_nets *net;
3165 int num_dests_sacked = 0;
3168 * select the sending_seq, this is either the next thing ready to be
3169 * sent but not transmitted, OR, the next seq we assign.
3171 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue);
3173 sending_seq = asoc->sending_seq;
3175 sending_seq = tp1->rec.data.TSN_seq;
3178 /* CMT DAC algo: finding out if SACK is a mixed SACK */
3179 if ((asoc->sctp_cmt_on_off > 0) &&
3180 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3181 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3182 if (net->saw_newack)
3186 if (stcb->asoc.peer_supports_prsctp) {
3187 (void)SCTP_GETTIME_TIMEVAL(&now);
3189 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3191 if (tp1->no_fr_allowed) {
3192 /* this one had a timeout or something */
3195 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3196 if (tp1->sent < SCTP_DATAGRAM_RESEND)
3197 sctp_log_fr(biggest_tsn_newly_acked,
3198 tp1->rec.data.TSN_seq,
3200 SCTP_FR_LOG_CHECK_STRIKE);
3202 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, biggest_tsn_acked) ||
3203 tp1->sent == SCTP_DATAGRAM_UNSENT) {
3207 if (stcb->asoc.peer_supports_prsctp) {
3208 if ((PR_SCTP_TTL_ENABLED(tp1->flags)) && tp1->sent < SCTP_DATAGRAM_ACKED) {
3209 /* Is it expired? */
3210 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3211 /* Yes so drop it */
3212 if (tp1->data != NULL) {
3213 (void)sctp_release_pr_sctp_chunk(stcb, tp1, 1,
3214 SCTP_SO_NOT_LOCKED);
3220 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, asoc->this_sack_highest_gap)) {
3221 /* we are beyond the tsn in the sack */
3224 if (tp1->sent >= SCTP_DATAGRAM_RESEND) {
3225 /* either a RESEND, ACKED, or MARKED */
3227 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3228 /* Continue strikin FWD-TSN chunks */
3229 tp1->rec.data.fwd_tsn_cnt++;
3234 * CMT : SFR algo (covers part of DAC and HTNA as well)
3236 if (tp1->whoTo && tp1->whoTo->saw_newack == 0) {
3238 * No new acks were receieved for data sent to this
3239 * dest. Therefore, according to the SFR algo for
3240 * CMT, no data sent to this dest can be marked for
3241 * FR using this SACK.
3244 } else if (tp1->whoTo && SCTP_TSN_GT(tp1->rec.data.TSN_seq,
3245 tp1->whoTo->this_sack_highest_newack)) {
3247 * CMT: New acks were receieved for data sent to
3248 * this dest. But no new acks were seen for data
3249 * sent after tp1. Therefore, according to the SFR
3250 * algo for CMT, tp1 cannot be marked for FR using
3251 * this SACK. This step covers part of the DAC algo
3252 * and the HTNA algo as well.
3257 * Here we check to see if we were have already done a FR
3258 * and if so we see if the biggest TSN we saw in the sack is
3259 * smaller than the recovery point. If so we don't strike
3260 * the tsn... otherwise we CAN strike the TSN.
3263 * @@@ JRI: Check for CMT if (accum_moved &&
3264 * asoc->fast_retran_loss_recovery && (sctp_cmt_on_off ==
3267 if (accum_moved && asoc->fast_retran_loss_recovery) {
3269 * Strike the TSN if in fast-recovery and cum-ack
3272 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3273 sctp_log_fr(biggest_tsn_newly_acked,
3274 tp1->rec.data.TSN_seq,
3276 SCTP_FR_LOG_STRIKE_CHUNK);
3278 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3281 if ((asoc->sctp_cmt_on_off > 0) &&
3282 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3284 * CMT DAC algorithm: If SACK flag is set to
3285 * 0, then lowest_newack test will not pass
3286 * because it would have been set to the
3287 * cumack earlier. If not already to be
3288 * rtx'd, If not a mixed sack and if tp1 is
3289 * not between two sacked TSNs, then mark by
3290 * one more. NOTE that we are marking by one
3291 * additional time since the SACK DAC flag
3292 * indicates that two packets have been
3293 * received after this missing TSN.
3295 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3296 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.TSN_seq)) {
3297 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3298 sctp_log_fr(16 + num_dests_sacked,
3299 tp1->rec.data.TSN_seq,
3301 SCTP_FR_LOG_STRIKE_CHUNK);
3306 } else if ((tp1->rec.data.doing_fast_retransmit) &&
3307 (asoc->sctp_cmt_on_off == 0)) {
3309 * For those that have done a FR we must take
3310 * special consideration if we strike. I.e the
3311 * biggest_newly_acked must be higher than the
3312 * sending_seq at the time we did the FR.
3315 #ifdef SCTP_FR_TO_ALTERNATE
3317 * If FR's go to new networks, then we must only do
3318 * this for singly homed asoc's. However if the FR's
3319 * go to the same network (Armando's work) then its
3320 * ok to FR multiple times.
3328 if (SCTP_TSN_GE(biggest_tsn_newly_acked,
3329 tp1->rec.data.fast_retran_tsn)) {
3331 * Strike the TSN, since this ack is
3332 * beyond where things were when we
3335 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3336 sctp_log_fr(biggest_tsn_newly_acked,
3337 tp1->rec.data.TSN_seq,
3339 SCTP_FR_LOG_STRIKE_CHUNK);
3341 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3345 if ((asoc->sctp_cmt_on_off > 0) &&
3346 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3348 * CMT DAC algorithm: If
3349 * SACK flag is set to 0,
3350 * then lowest_newack test
3351 * will not pass because it
3352 * would have been set to
3353 * the cumack earlier. If
3354 * not already to be rtx'd,
3355 * If not a mixed sack and
3356 * if tp1 is not between two
3357 * sacked TSNs, then mark by
3358 * one more. NOTE that we
3359 * are marking by one
3360 * additional time since the
3361 * SACK DAC flag indicates
3362 * that two packets have
3363 * been received after this
3366 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
3367 (num_dests_sacked == 1) &&
3368 SCTP_TSN_GT(this_sack_lowest_newack,
3369 tp1->rec.data.TSN_seq)) {
3370 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3371 sctp_log_fr(32 + num_dests_sacked,
3372 tp1->rec.data.TSN_seq,
3374 SCTP_FR_LOG_STRIKE_CHUNK);
3376 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3384 * JRI: TODO: remove code for HTNA algo. CMT's SFR
3387 } else if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
3388 biggest_tsn_newly_acked)) {
3390 * We don't strike these: This is the HTNA
3391 * algorithm i.e. we don't strike If our TSN is
3392 * larger than the Highest TSN Newly Acked.
3396 /* Strike the TSN */
3397 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3398 sctp_log_fr(biggest_tsn_newly_acked,
3399 tp1->rec.data.TSN_seq,
3401 SCTP_FR_LOG_STRIKE_CHUNK);
3403 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3406 if ((asoc->sctp_cmt_on_off > 0) &&
3407 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3409 * CMT DAC algorithm: If SACK flag is set to
3410 * 0, then lowest_newack test will not pass
3411 * because it would have been set to the
3412 * cumack earlier. If not already to be
3413 * rtx'd, If not a mixed sack and if tp1 is
3414 * not between two sacked TSNs, then mark by
3415 * one more. NOTE that we are marking by one
3416 * additional time since the SACK DAC flag
3417 * indicates that two packets have been
3418 * received after this missing TSN.
3420 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3421 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.TSN_seq)) {
3422 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3423 sctp_log_fr(48 + num_dests_sacked,
3424 tp1->rec.data.TSN_seq,
3426 SCTP_FR_LOG_STRIKE_CHUNK);
3432 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3433 struct sctp_nets *alt;
3435 /* fix counts and things */
3436 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3437 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND,
3438 (tp1->whoTo ? (tp1->whoTo->flight_size) : 0),
3440 (uintptr_t) tp1->whoTo,
3441 tp1->rec.data.TSN_seq);
3444 tp1->whoTo->net_ack++;
3445 sctp_flight_size_decrease(tp1);
3446 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3447 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3451 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
3452 sctp_log_rwnd(SCTP_INCREASE_PEER_RWND,
3453 asoc->peers_rwnd, tp1->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3455 /* add back to the rwnd */
3456 asoc->peers_rwnd += (tp1->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3458 /* remove from the total flight */
3459 sctp_total_flight_decrease(stcb, tp1);
3461 if ((stcb->asoc.peer_supports_prsctp) &&
3462 (PR_SCTP_RTX_ENABLED(tp1->flags))) {
3464 * Has it been retransmitted tv_sec times? -
3465 * we store the retran count there.
3467 if (tp1->snd_count > tp1->rec.data.timetodrop.tv_sec) {
3468 /* Yes, so drop it */
3469 if (tp1->data != NULL) {
3470 (void)sctp_release_pr_sctp_chunk(stcb, tp1, 1,
3471 SCTP_SO_NOT_LOCKED);
3473 /* Make sure to flag we had a FR */
3474 tp1->whoTo->net_ack++;
3479 * SCTP_PRINTF("OK, we are now ready to FR this
3482 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3483 sctp_log_fr(tp1->rec.data.TSN_seq, tp1->snd_count,
3487 /* This is a subsequent FR */
3488 SCTP_STAT_INCR(sctps_sendmultfastretrans);
3490 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3491 if (asoc->sctp_cmt_on_off > 0) {
3493 * CMT: Using RTX_SSTHRESH policy for CMT.
3494 * If CMT is being used, then pick dest with
3495 * largest ssthresh for any retransmission.
3497 tp1->no_fr_allowed = 1;
3499 /* sa_ignore NO_NULL_CHK */
3500 if (asoc->sctp_cmt_pf > 0) {
3502 * JRS 5/18/07 - If CMT PF is on,
3503 * use the PF version of
3506 alt = sctp_find_alternate_net(stcb, alt, 2);
3509 * JRS 5/18/07 - If only CMT is on,
3510 * use the CMT version of
3513 /* sa_ignore NO_NULL_CHK */
3514 alt = sctp_find_alternate_net(stcb, alt, 1);
3520 * CUCv2: If a different dest is picked for
3521 * the retransmission, then new
3522 * (rtx-)pseudo_cumack needs to be tracked
3523 * for orig dest. Let CUCv2 track new (rtx-)
3524 * pseudo-cumack always.
3527 tp1->whoTo->find_pseudo_cumack = 1;
3528 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3530 } else {/* CMT is OFF */
3532 #ifdef SCTP_FR_TO_ALTERNATE
3533 /* Can we find an alternate? */
3534 alt = sctp_find_alternate_net(stcb, tp1->whoTo, 0);
3537 * default behavior is to NOT retransmit
3538 * FR's to an alternate. Armando Caro's
3539 * paper details why.
3545 tp1->rec.data.doing_fast_retransmit = 1;
3547 /* mark the sending seq for possible subsequent FR's */
3549 * SCTP_PRINTF("Marking TSN for FR new value %x\n",
3550 * (uint32_t)tpi->rec.data.TSN_seq);
3552 if (TAILQ_EMPTY(&asoc->send_queue)) {
3554 * If the queue of send is empty then its
3555 * the next sequence number that will be
3556 * assigned so we subtract one from this to
3557 * get the one we last sent.
3559 tp1->rec.data.fast_retran_tsn = sending_seq;
3562 * If there are chunks on the send queue
3563 * (unsent data that has made it from the
3564 * stream queues but not out the door, we
3565 * take the first one (which will have the
3566 * lowest TSN) and subtract one to get the
3569 struct sctp_tmit_chunk *ttt;
3571 ttt = TAILQ_FIRST(&asoc->send_queue);
3572 tp1->rec.data.fast_retran_tsn =
3573 ttt->rec.data.TSN_seq;
3578 * this guy had a RTO calculation pending on
3581 if ((tp1->whoTo != NULL) &&
3582 (tp1->whoTo->rto_needed == 0)) {
3583 tp1->whoTo->rto_needed = 1;
3587 if (alt != tp1->whoTo) {
3588 /* yes, there is an alternate. */
3589 sctp_free_remote_addr(tp1->whoTo);
3590 /* sa_ignore FREED_MEMORY */
3592 atomic_add_int(&alt->ref_count, 1);
3598 struct sctp_tmit_chunk *
3599 sctp_try_advance_peer_ack_point(struct sctp_tcb *stcb,
3600 struct sctp_association *asoc)
3602 struct sctp_tmit_chunk *tp1, *tp2, *a_adv = NULL;
3606 if (asoc->peer_supports_prsctp == 0) {
3609 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3610 if (tp1->sent != SCTP_FORWARD_TSN_SKIP &&
3611 tp1->sent != SCTP_DATAGRAM_RESEND &&
3612 tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
3613 /* no chance to advance, out of here */
3616 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
3617 if ((tp1->sent == SCTP_FORWARD_TSN_SKIP) ||
3618 (tp1->sent == SCTP_DATAGRAM_NR_ACKED)) {
3619 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
3620 asoc->advanced_peer_ack_point,
3621 tp1->rec.data.TSN_seq, 0, 0);
3624 if (!PR_SCTP_ENABLED(tp1->flags)) {
3626 * We can't fwd-tsn past any that are reliable aka
3627 * retransmitted until the asoc fails.
3632 (void)SCTP_GETTIME_TIMEVAL(&now);
3636 * now we got a chunk which is marked for another
3637 * retransmission to a PR-stream but has run out its chances
3638 * already maybe OR has been marked to skip now. Can we skip
3639 * it if its a resend?
3641 if (tp1->sent == SCTP_DATAGRAM_RESEND &&
3642 (PR_SCTP_TTL_ENABLED(tp1->flags))) {
3644 * Now is this one marked for resend and its time is
3647 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3648 /* Yes so drop it */
3650 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3651 1, SCTP_SO_NOT_LOCKED);
3655 * No, we are done when hit one for resend
3656 * whos time as not expired.
3662 * Ok now if this chunk is marked to drop it we can clean up
3663 * the chunk, advance our peer ack point and we can check
3666 if ((tp1->sent == SCTP_FORWARD_TSN_SKIP) ||
3667 (tp1->sent == SCTP_DATAGRAM_NR_ACKED)) {
3668 /* advance PeerAckPoint goes forward */
3669 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, asoc->advanced_peer_ack_point)) {
3670 asoc->advanced_peer_ack_point = tp1->rec.data.TSN_seq;
3672 } else if (tp1->rec.data.TSN_seq == asoc->advanced_peer_ack_point) {
3673 /* No update but we do save the chk */
3678 * If it is still in RESEND we can advance no
3688 sctp_fs_audit(struct sctp_association *asoc)
3690 struct sctp_tmit_chunk *chk;
3691 int inflight = 0, resend = 0, inbetween = 0, acked = 0, above = 0;
3692 int entry_flight, entry_cnt, ret;
3694 entry_flight = asoc->total_flight;
3695 entry_cnt = asoc->total_flight_count;
3698 if (asoc->pr_sctp_cnt >= asoc->sent_queue_cnt)
3701 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
3702 if (chk->sent < SCTP_DATAGRAM_RESEND) {
3703 SCTP_PRINTF("Chk TSN:%u size:%d inflight cnt:%d\n",
3704 chk->rec.data.TSN_seq,
3708 } else if (chk->sent == SCTP_DATAGRAM_RESEND) {
3710 } else if (chk->sent < SCTP_DATAGRAM_ACKED) {
3712 } else if (chk->sent > SCTP_DATAGRAM_ACKED) {
3719 if ((inflight > 0) || (inbetween > 0)) {
3721 panic("Flight size-express incorrect? \n");
3723 SCTP_PRINTF("asoc->total_flight:%d cnt:%d\n",
3724 entry_flight, entry_cnt);
3726 SCTP_PRINTF("Flight size-express incorrect F:%d I:%d R:%d Ab:%d ACK:%d\n",
3727 inflight, inbetween, resend, above, acked);
3736 sctp_window_probe_recovery(struct sctp_tcb *stcb,
3737 struct sctp_association *asoc,
3738 struct sctp_tmit_chunk *tp1)
3740 tp1->window_probe = 0;
3741 if ((tp1->sent >= SCTP_DATAGRAM_ACKED) || (tp1->data == NULL)) {
3742 /* TSN's skipped we do NOT move back. */
3743 sctp_misc_ints(SCTP_FLIGHT_LOG_DWN_WP_FWD,
3744 tp1->whoTo->flight_size,
3746 (uintptr_t) tp1->whoTo,
3747 tp1->rec.data.TSN_seq);
3750 /* First setup this by shrinking flight */
3751 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3752 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3755 sctp_flight_size_decrease(tp1);
3756 sctp_total_flight_decrease(stcb, tp1);
3757 /* Now mark for resend */
3758 tp1->sent = SCTP_DATAGRAM_RESEND;
3759 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
3761 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3762 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_WP,
3763 tp1->whoTo->flight_size,
3765 (uintptr_t) tp1->whoTo,
3766 tp1->rec.data.TSN_seq);
3771 sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
3772 uint32_t rwnd, int *abort_now, int ecne_seen)
3774 struct sctp_nets *net;
3775 struct sctp_association *asoc;
3776 struct sctp_tmit_chunk *tp1, *tp2;
3778 int win_probe_recovery = 0;
3779 int win_probe_recovered = 0;
3780 int j, done_once = 0;
3783 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
3784 sctp_misc_ints(SCTP_SACK_LOG_EXPRESS, cumack,
3785 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
3787 SCTP_TCB_LOCK_ASSERT(stcb);
3788 #ifdef SCTP_ASOCLOG_OF_TSNS
3789 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cumack;
3790 stcb->asoc.cumack_log_at++;
3791 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
3792 stcb->asoc.cumack_log_at = 0;
3796 old_rwnd = asoc->peers_rwnd;
3797 if (SCTP_TSN_GT(asoc->last_acked_seq, cumack)) {
3800 } else if (asoc->last_acked_seq == cumack) {
3801 /* Window update sack */
3802 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
3803 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
3804 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3805 /* SWS sender side engages */
3806 asoc->peers_rwnd = 0;
3808 if (asoc->peers_rwnd > old_rwnd) {
3813 /* First setup for CC stuff */
3814 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3815 if (SCTP_TSN_GT(cumack, net->cwr_window_tsn)) {
3816 /* Drag along the window_tsn for cwr's */
3817 net->cwr_window_tsn = cumack;
3819 net->prev_cwnd = net->cwnd;
3824 * CMT: Reset CUC and Fast recovery algo variables before
3827 net->new_pseudo_cumack = 0;
3828 net->will_exit_fast_recovery = 0;
3829 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
3830 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
3833 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
3836 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
3837 tp1 = TAILQ_LAST(&asoc->sent_queue,
3838 sctpchunk_listhead);
3839 send_s = tp1->rec.data.TSN_seq + 1;
3841 send_s = asoc->sending_seq;
3843 if (SCTP_TSN_GE(cumack, send_s)) {
3849 panic("Impossible sack 1");
3854 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3855 0, M_NOWAIT, 1, MT_DATA);
3857 struct sctp_paramhdr *ph;
3860 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
3862 ph = mtod(oper, struct sctp_paramhdr *);
3863 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
3864 ph->param_length = htons(SCTP_BUF_LEN(oper));
3865 ippp = (uint32_t *) (ph + 1);
3866 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
3868 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
3869 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
3874 asoc->this_sack_highest_gap = cumack;
3875 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
3876 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
3877 stcb->asoc.overall_error_count,
3879 SCTP_FROM_SCTP_INDATA,
3882 stcb->asoc.overall_error_count = 0;
3883 if (SCTP_TSN_GT(cumack, asoc->last_acked_seq)) {
3884 /* process the new consecutive TSN first */
3885 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3886 if (SCTP_TSN_GE(cumack, tp1->rec.data.TSN_seq)) {
3887 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
3888 SCTP_PRINTF("Warning, an unsent is now acked?\n");
3890 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
3892 * If it is less than ACKED, it is
3893 * now no-longer in flight. Higher
3894 * values may occur during marking
3896 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3897 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3898 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
3899 tp1->whoTo->flight_size,
3901 (uintptr_t) tp1->whoTo,
3902 tp1->rec.data.TSN_seq);
3904 sctp_flight_size_decrease(tp1);
3905 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3906 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3909 /* sa_ignore NO_NULL_CHK */
3910 sctp_total_flight_decrease(stcb, tp1);
3912 tp1->whoTo->net_ack += tp1->send_size;
3913 if (tp1->snd_count < 2) {
3915 * True non-retransmited
3918 tp1->whoTo->net_ack2 +=
3921 /* update RTO too? */
3930 sctp_calculate_rto(stcb,
3932 &tp1->sent_rcv_time,
3933 sctp_align_safe_nocopy,
3934 SCTP_RTT_FROM_DATA);
3937 if (tp1->whoTo->rto_needed == 0) {
3938 tp1->whoTo->rto_needed = 1;
3944 * CMT: CUCv2 algorithm. From the
3945 * cumack'd TSNs, for each TSN being
3946 * acked for the first time, set the
3947 * following variables for the
3948 * corresp destination.
3949 * new_pseudo_cumack will trigger a
3951 * find_(rtx_)pseudo_cumack will
3952 * trigger search for the next
3953 * expected (rtx-)pseudo-cumack.
3955 tp1->whoTo->new_pseudo_cumack = 1;
3956 tp1->whoTo->find_pseudo_cumack = 1;
3957 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3959 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
3960 /* sa_ignore NO_NULL_CHK */
3961 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
3964 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3965 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
3967 if (tp1->rec.data.chunk_was_revoked) {
3968 /* deflate the cwnd */
3969 tp1->whoTo->cwnd -= tp1->book_size;
3970 tp1->rec.data.chunk_was_revoked = 0;
3972 if (tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
3973 if (asoc->strmout[tp1->rec.data.stream_number].chunks_on_queues > 0) {
3974 asoc->strmout[tp1->rec.data.stream_number].chunks_on_queues--;
3977 panic("No chunks on the queues for sid %u.", tp1->rec.data.stream_number);
3981 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
3983 /* sa_ignore NO_NULL_CHK */
3984 sctp_free_bufspace(stcb, asoc, tp1, 1);
3985 sctp_m_freem(tp1->data);
3988 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3989 sctp_log_sack(asoc->last_acked_seq,
3991 tp1->rec.data.TSN_seq,
3994 SCTP_LOG_FREE_SENT);
3996 asoc->sent_queue_cnt--;
3997 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4004 /* sa_ignore NO_NULL_CHK */
4005 if (stcb->sctp_socket) {
4006 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4010 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4011 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4012 /* sa_ignore NO_NULL_CHK */
4013 sctp_wakeup_log(stcb, 1, SCTP_WAKESND_FROM_SACK);
4015 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4016 so = SCTP_INP_SO(stcb->sctp_ep);
4017 atomic_add_int(&stcb->asoc.refcnt, 1);
4018 SCTP_TCB_UNLOCK(stcb);
4019 SCTP_SOCKET_LOCK(so, 1);
4020 SCTP_TCB_LOCK(stcb);
4021 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4022 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4023 /* assoc was freed while we were unlocked */
4024 SCTP_SOCKET_UNLOCK(so, 1);
4028 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4029 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4030 SCTP_SOCKET_UNLOCK(so, 1);
4033 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4034 sctp_wakeup_log(stcb, 1, SCTP_NOWAKE_FROM_SACK);
4038 /* JRS - Use the congestion control given in the CC module */
4039 if ((asoc->last_acked_seq != cumack) && (ecne_seen == 0)) {
4040 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4041 if (net->net_ack2 > 0) {
4043 * Karn's rule applies to clearing error
4044 * count, this is optional.
4046 net->error_count = 0;
4047 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4048 /* addr came good */
4049 net->dest_state |= SCTP_ADDR_REACHABLE;
4050 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4051 0, (void *)net, SCTP_SO_NOT_LOCKED);
4053 if (net == stcb->asoc.primary_destination) {
4054 if (stcb->asoc.alternate) {
4056 * release the alternate,
4059 sctp_free_remote_addr(stcb->asoc.alternate);
4060 stcb->asoc.alternate = NULL;
4063 if (net->dest_state & SCTP_ADDR_PF) {
4064 net->dest_state &= ~SCTP_ADDR_PF;
4065 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
4066 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4067 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4068 /* Done with this net */
4071 /* restore any doubled timers */
4072 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4073 if (net->RTO < stcb->asoc.minrto) {
4074 net->RTO = stcb->asoc.minrto;
4076 if (net->RTO > stcb->asoc.maxrto) {
4077 net->RTO = stcb->asoc.maxrto;
4081 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, 1, 0, 0);
4083 asoc->last_acked_seq = cumack;
4085 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4086 /* nothing left in-flight */
4087 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4088 net->flight_size = 0;
4089 net->partial_bytes_acked = 0;
4091 asoc->total_flight = 0;
4092 asoc->total_flight_count = 0;
4095 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
4096 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
4097 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4098 /* SWS sender side engages */
4099 asoc->peers_rwnd = 0;
4101 if (asoc->peers_rwnd > old_rwnd) {
4102 win_probe_recovery = 1;
4104 /* Now assure a timer where data is queued at */
4107 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4110 if (win_probe_recovery && (net->window_probe)) {
4111 win_probe_recovered = 1;
4113 * Find first chunk that was used with window probe
4114 * and clear the sent
4116 /* sa_ignore FREED_MEMORY */
4117 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4118 if (tp1->window_probe) {
4119 /* move back to data send queue */
4120 sctp_window_probe_recovery(stcb, asoc, tp1);
4125 if (net->RTO == 0) {
4126 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto);
4128 to_ticks = MSEC_TO_TICKS(net->RTO);
4130 if (net->flight_size) {
4132 (void)SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4133 sctp_timeout_handler, &net->rxt_timer);
4134 if (net->window_probe) {
4135 net->window_probe = 0;
4138 if (net->window_probe) {
4140 * In window probes we must assure a timer
4141 * is still running there
4143 net->window_probe = 0;
4144 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4145 SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4146 sctp_timeout_handler, &net->rxt_timer);
4148 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4149 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4151 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
4156 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
4157 (asoc->sent_queue_retran_cnt == 0) &&
4158 (win_probe_recovered == 0) &&
4161 * huh, this should not happen unless all packets are
4162 * PR-SCTP and marked to skip of course.
4164 if (sctp_fs_audit(asoc)) {
4165 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4166 net->flight_size = 0;
4168 asoc->total_flight = 0;
4169 asoc->total_flight_count = 0;
4170 asoc->sent_queue_retran_cnt = 0;
4171 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4172 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4173 sctp_flight_size_increase(tp1);
4174 sctp_total_flight_increase(stcb, tp1);
4175 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4176 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
4183 /**********************************/
4184 /* Now what about shutdown issues */
4185 /**********************************/
4186 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4187 /* nothing left on sendqueue.. consider done */
4189 if ((asoc->stream_queue_cnt == 1) &&
4190 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4191 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4192 (asoc->locked_on_sending)
4194 struct sctp_stream_queue_pending *sp;
4197 * I may be in a state where we got all across.. but
4198 * cannot write more due to a shutdown... we abort
4199 * since the user did not indicate EOR in this case.
4200 * The sp will be cleaned during free of the asoc.
4202 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4204 if ((sp) && (sp->length == 0)) {
4205 /* Let cleanup code purge it */
4206 if (sp->msg_is_complete) {
4207 asoc->stream_queue_cnt--;
4209 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4210 asoc->locked_on_sending = NULL;
4211 asoc->stream_queue_cnt--;
4215 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4216 (asoc->stream_queue_cnt == 0)) {
4217 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4218 /* Need to abort here */
4224 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4225 0, M_NOWAIT, 1, MT_DATA);
4227 struct sctp_paramhdr *ph;
4229 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr);
4230 ph = mtod(oper, struct sctp_paramhdr *);
4231 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4232 ph->param_length = htons(SCTP_BUF_LEN(oper));
4234 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
4235 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
4237 struct sctp_nets *netp;
4239 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4240 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4241 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4243 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4244 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4245 sctp_stop_timers_for_shutdown(stcb);
4246 if (asoc->alternate) {
4247 netp = asoc->alternate;
4249 netp = asoc->primary_destination;
4251 sctp_send_shutdown(stcb, netp);
4252 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4253 stcb->sctp_ep, stcb, netp);
4254 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4255 stcb->sctp_ep, stcb, netp);
4257 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4258 (asoc->stream_queue_cnt == 0)) {
4259 struct sctp_nets *netp;
4261 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4264 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4265 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4266 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4267 sctp_stop_timers_for_shutdown(stcb);
4268 if (asoc->alternate) {
4269 netp = asoc->alternate;
4271 netp = asoc->primary_destination;
4273 sctp_send_shutdown_ack(stcb, netp);
4274 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4275 stcb->sctp_ep, stcb, netp);
4278 /*********************************************/
4279 /* Here we perform PR-SCTP procedures */
4281 /*********************************************/
4282 /* C1. update advancedPeerAckPoint */
4283 if (SCTP_TSN_GT(cumack, asoc->advanced_peer_ack_point)) {
4284 asoc->advanced_peer_ack_point = cumack;
4286 /* PR-Sctp issues need to be addressed too */
4287 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
4288 struct sctp_tmit_chunk *lchk;
4289 uint32_t old_adv_peer_ack_point;
4291 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
4292 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
4293 /* C3. See if we need to send a Fwd-TSN */
4294 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cumack)) {
4296 * ISSUE with ECN, see FWD-TSN processing.
4298 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
4299 send_forward_tsn(stcb, asoc);
4301 /* try to FR fwd-tsn's that get lost too */
4302 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
4303 send_forward_tsn(stcb, asoc);
4308 /* Assure a timer is up */
4309 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4310 stcb->sctp_ep, stcb, lchk->whoTo);
4313 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
4314 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
4316 stcb->asoc.peers_rwnd,
4317 stcb->asoc.total_flight,
4318 stcb->asoc.total_output_queue_size);
4323 sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup,
4324 struct sctp_tcb *stcb,
4325 uint16_t num_seg, uint16_t num_nr_seg, uint16_t num_dup,
4326 int *abort_now, uint8_t flags,
4327 uint32_t cum_ack, uint32_t rwnd, int ecne_seen)
4329 struct sctp_association *asoc;
4330 struct sctp_tmit_chunk *tp1, *tp2;
4331 uint32_t last_tsn, biggest_tsn_acked, biggest_tsn_newly_acked, this_sack_lowest_newack;
4332 uint16_t wake_him = 0;
4333 uint32_t send_s = 0;
4335 int accum_moved = 0;
4336 int will_exit_fast_recovery = 0;
4337 uint32_t a_rwnd, old_rwnd;
4338 int win_probe_recovery = 0;
4339 int win_probe_recovered = 0;
4340 struct sctp_nets *net = NULL;
4343 uint8_t reneged_all = 0;
4344 uint8_t cmt_dac_flag;
4347 * we take any chance we can to service our queues since we cannot
4348 * get awoken when the socket is read from :<
4351 * Now perform the actual SACK handling: 1) Verify that it is not an
4352 * old sack, if so discard. 2) If there is nothing left in the send
4353 * queue (cum-ack is equal to last acked) then you have a duplicate
4354 * too, update any rwnd change and verify no timers are running.
4355 * then return. 3) Process any new consequtive data i.e. cum-ack
4356 * moved process these first and note that it moved. 4) Process any
4357 * sack blocks. 5) Drop any acked from the queue. 6) Check for any
4358 * revoked blocks and mark. 7) Update the cwnd. 8) Nothing left,
4359 * sync up flightsizes and things, stop all timers and also check
4360 * for shutdown_pending state. If so then go ahead and send off the
4361 * shutdown. If in shutdown recv, send off the shutdown-ack and
4362 * start that timer, Ret. 9) Strike any non-acked things and do FR
4363 * procedure if needed being sure to set the FR flag. 10) Do pr-sctp
4364 * procedures. 11) Apply any FR penalties. 12) Assure we will SACK
4365 * if in shutdown_recv state.
4367 SCTP_TCB_LOCK_ASSERT(stcb);
4369 this_sack_lowest_newack = 0;
4370 SCTP_STAT_INCR(sctps_slowpath_sack);
4372 cmt_dac_flag = flags & SCTP_SACK_CMT_DAC;
4373 #ifdef SCTP_ASOCLOG_OF_TSNS
4374 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cum_ack;
4375 stcb->asoc.cumack_log_at++;
4376 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
4377 stcb->asoc.cumack_log_at = 0;
4382 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
4383 sctp_misc_ints(SCTP_SACK_LOG_NORMAL, cum_ack,
4384 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
4386 old_rwnd = stcb->asoc.peers_rwnd;
4387 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4388 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4389 stcb->asoc.overall_error_count,
4391 SCTP_FROM_SCTP_INDATA,
4394 stcb->asoc.overall_error_count = 0;
4396 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4397 sctp_log_sack(asoc->last_acked_seq,
4404 if ((num_dup) && (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE)) {
4406 uint32_t *dupdata, dblock;
4408 for (i = 0; i < num_dup; i++) {
4409 dupdata = (uint32_t *) sctp_m_getptr(m, offset_dup + i * sizeof(uint32_t),
4410 sizeof(uint32_t), (uint8_t *) & dblock);
4411 if (dupdata == NULL) {
4414 sctp_log_fr(*dupdata, 0, 0, SCTP_FR_DUPED);
4417 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
4419 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
4420 tp1 = TAILQ_LAST(&asoc->sent_queue,
4421 sctpchunk_listhead);
4422 send_s = tp1->rec.data.TSN_seq + 1;
4425 send_s = asoc->sending_seq;
4427 if (SCTP_TSN_GE(cum_ack, send_s)) {
4431 * no way, we have not even sent this TSN out yet.
4432 * Peer is hopelessly messed up with us.
4434 SCTP_PRINTF("NEW cum_ack:%x send_s:%x is smaller or equal\n",
4437 SCTP_PRINTF("Got send_s from tsn:%x + 1 of tp1:%p\n",
4438 tp1->rec.data.TSN_seq, (void *)tp1);
4443 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4444 0, M_NOWAIT, 1, MT_DATA);
4446 struct sctp_paramhdr *ph;
4449 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4451 ph = mtod(oper, struct sctp_paramhdr *);
4452 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
4453 ph->param_length = htons(SCTP_BUF_LEN(oper));
4454 ippp = (uint32_t *) (ph + 1);
4455 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
4457 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
4458 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
4462 /**********************/
4463 /* 1) check the range */
4464 /**********************/
4465 if (SCTP_TSN_GT(asoc->last_acked_seq, last_tsn)) {
4466 /* acking something behind */
4469 /* update the Rwnd of the peer */
4470 if (TAILQ_EMPTY(&asoc->sent_queue) &&
4471 TAILQ_EMPTY(&asoc->send_queue) &&
4472 (asoc->stream_queue_cnt == 0)) {
4473 /* nothing left on send/sent and strmq */
4474 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4475 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4476 asoc->peers_rwnd, 0, 0, a_rwnd);
4478 asoc->peers_rwnd = a_rwnd;
4479 if (asoc->sent_queue_retran_cnt) {
4480 asoc->sent_queue_retran_cnt = 0;
4482 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4483 /* SWS sender side engages */
4484 asoc->peers_rwnd = 0;
4486 /* stop any timers */
4487 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4488 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4489 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_26);
4490 net->partial_bytes_acked = 0;
4491 net->flight_size = 0;
4493 asoc->total_flight = 0;
4494 asoc->total_flight_count = 0;
4498 * We init netAckSz and netAckSz2 to 0. These are used to track 2
4499 * things. The total byte count acked is tracked in netAckSz AND
4500 * netAck2 is used to track the total bytes acked that are un-
4501 * amibguious and were never retransmitted. We track these on a per
4502 * destination address basis.
4504 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4505 if (SCTP_TSN_GT(cum_ack, net->cwr_window_tsn)) {
4506 /* Drag along the window_tsn for cwr's */
4507 net->cwr_window_tsn = cum_ack;
4509 net->prev_cwnd = net->cwnd;
4514 * CMT: Reset CUC and Fast recovery algo variables before
4517 net->new_pseudo_cumack = 0;
4518 net->will_exit_fast_recovery = 0;
4519 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
4520 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
4523 /* process the new consecutive TSN first */
4524 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4525 if (SCTP_TSN_GE(last_tsn, tp1->rec.data.TSN_seq)) {
4526 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
4528 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
4530 * If it is less than ACKED, it is
4531 * now no-longer in flight. Higher
4532 * values may occur during marking
4534 if ((tp1->whoTo->dest_state &
4535 SCTP_ADDR_UNCONFIRMED) &&
4536 (tp1->snd_count < 2)) {
4538 * If there was no retran
4539 * and the address is
4540 * un-confirmed and we sent
4542 * sacked.. its confirmed,
4545 tp1->whoTo->dest_state &=
4546 ~SCTP_ADDR_UNCONFIRMED;
4548 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4549 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4550 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
4551 tp1->whoTo->flight_size,
4553 (uintptr_t) tp1->whoTo,
4554 tp1->rec.data.TSN_seq);
4556 sctp_flight_size_decrease(tp1);
4557 sctp_total_flight_decrease(stcb, tp1);
4558 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
4559 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
4563 tp1->whoTo->net_ack += tp1->send_size;
4565 /* CMT SFR and DAC algos */
4566 this_sack_lowest_newack = tp1->rec.data.TSN_seq;
4567 tp1->whoTo->saw_newack = 1;
4569 if (tp1->snd_count < 2) {
4571 * True non-retransmited
4574 tp1->whoTo->net_ack2 +=
4577 /* update RTO too? */
4581 sctp_calculate_rto(stcb,
4583 &tp1->sent_rcv_time,
4584 sctp_align_safe_nocopy,
4585 SCTP_RTT_FROM_DATA);
4588 if (tp1->whoTo->rto_needed == 0) {
4589 tp1->whoTo->rto_needed = 1;
4595 * CMT: CUCv2 algorithm. From the
4596 * cumack'd TSNs, for each TSN being
4597 * acked for the first time, set the
4598 * following variables for the
4599 * corresp destination.
4600 * new_pseudo_cumack will trigger a
4602 * find_(rtx_)pseudo_cumack will
4603 * trigger search for the next
4604 * expected (rtx-)pseudo-cumack.
4606 tp1->whoTo->new_pseudo_cumack = 1;
4607 tp1->whoTo->find_pseudo_cumack = 1;
4608 tp1->whoTo->find_rtx_pseudo_cumack = 1;
4611 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4612 sctp_log_sack(asoc->last_acked_seq,
4614 tp1->rec.data.TSN_seq,
4617 SCTP_LOG_TSN_ACKED);
4619 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
4620 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
4623 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4624 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
4625 #ifdef SCTP_AUDITING_ENABLED
4626 sctp_audit_log(0xB3,
4627 (asoc->sent_queue_retran_cnt & 0x000000ff));
4630 if (tp1->rec.data.chunk_was_revoked) {
4631 /* deflate the cwnd */
4632 tp1->whoTo->cwnd -= tp1->book_size;
4633 tp1->rec.data.chunk_was_revoked = 0;
4635 if (tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
4636 tp1->sent = SCTP_DATAGRAM_ACKED;
4643 biggest_tsn_newly_acked = biggest_tsn_acked = last_tsn;
4644 /* always set this up to cum-ack */
4645 asoc->this_sack_highest_gap = last_tsn;
4647 if ((num_seg > 0) || (num_nr_seg > 0)) {
4650 * CMT: SFR algo (and HTNA) - this_sack_highest_newack has
4651 * to be greater than the cumack. Also reset saw_newack to 0
4654 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4655 net->saw_newack = 0;
4656 net->this_sack_highest_newack = last_tsn;
4660 * thisSackHighestGap will increase while handling NEW
4661 * segments this_sack_highest_newack will increase while
4662 * handling NEWLY ACKED chunks. this_sack_lowest_newack is
4663 * used for CMT DAC algo. saw_newack will also change.
4665 if (sctp_handle_segments(m, &offset_seg, stcb, asoc, last_tsn, &biggest_tsn_acked,
4666 &biggest_tsn_newly_acked, &this_sack_lowest_newack,
4667 num_seg, num_nr_seg, &rto_ok)) {
4670 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
4672 * validate the biggest_tsn_acked in the gap acks if
4673 * strict adherence is wanted.
4675 if (SCTP_TSN_GE(biggest_tsn_acked, send_s)) {
4677 * peer is either confused or we are under
4678 * attack. We must abort.
4680 SCTP_PRINTF("Hopeless peer! biggest_tsn_acked:%x largest seq:%x\n",
4681 biggest_tsn_acked, send_s);
4686 /*******************************************/
4687 /* cancel ALL T3-send timer if accum moved */
4688 /*******************************************/
4689 if (asoc->sctp_cmt_on_off > 0) {
4690 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4691 if (net->new_pseudo_cumack)
4692 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4694 SCTP_FROM_SCTP_INDATA + SCTP_LOC_27);
4699 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4700 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4701 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28);
4705 /********************************************/
4706 /* drop the acked chunks from the sentqueue */
4707 /********************************************/
4708 asoc->last_acked_seq = cum_ack;
4710 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
4711 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, cum_ack)) {
4714 if (tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
4715 if (asoc->strmout[tp1->rec.data.stream_number].chunks_on_queues > 0) {
4716 asoc->strmout[tp1->rec.data.stream_number].chunks_on_queues--;
4719 panic("No chunks on the queues for sid %u.", tp1->rec.data.stream_number);
4723 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4724 if (PR_SCTP_ENABLED(tp1->flags)) {
4725 if (asoc->pr_sctp_cnt != 0)
4726 asoc->pr_sctp_cnt--;
4728 asoc->sent_queue_cnt--;
4730 /* sa_ignore NO_NULL_CHK */
4731 sctp_free_bufspace(stcb, asoc, tp1, 1);
4732 sctp_m_freem(tp1->data);
4734 if (asoc->peer_supports_prsctp && PR_SCTP_BUF_ENABLED(tp1->flags)) {
4735 asoc->sent_queue_cnt_removeable--;
4738 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4739 sctp_log_sack(asoc->last_acked_seq,
4741 tp1->rec.data.TSN_seq,
4744 SCTP_LOG_FREE_SENT);
4746 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4749 if (TAILQ_EMPTY(&asoc->sent_queue) && (asoc->total_flight > 0)) {
4751 panic("Warning flight size is postive and should be 0");
4753 SCTP_PRINTF("Warning flight size incorrect should be 0 is %d\n",
4754 asoc->total_flight);
4756 asoc->total_flight = 0;
4758 /* sa_ignore NO_NULL_CHK */
4759 if ((wake_him) && (stcb->sctp_socket)) {
4760 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4764 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4765 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4766 sctp_wakeup_log(stcb, wake_him, SCTP_WAKESND_FROM_SACK);
4768 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4769 so = SCTP_INP_SO(stcb->sctp_ep);
4770 atomic_add_int(&stcb->asoc.refcnt, 1);
4771 SCTP_TCB_UNLOCK(stcb);
4772 SCTP_SOCKET_LOCK(so, 1);
4773 SCTP_TCB_LOCK(stcb);
4774 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4775 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4776 /* assoc was freed while we were unlocked */
4777 SCTP_SOCKET_UNLOCK(so, 1);
4781 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4782 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4783 SCTP_SOCKET_UNLOCK(so, 1);
4786 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4787 sctp_wakeup_log(stcb, wake_him, SCTP_NOWAKE_FROM_SACK);
4791 if (asoc->fast_retran_loss_recovery && accum_moved) {
4792 if (SCTP_TSN_GE(asoc->last_acked_seq, asoc->fast_recovery_tsn)) {
4793 /* Setup so we will exit RFC2582 fast recovery */
4794 will_exit_fast_recovery = 1;
4798 * Check for revoked fragments:
4800 * if Previous sack - Had no frags then we can't have any revoked if
4801 * Previous sack - Had frag's then - If we now have frags aka
4802 * num_seg > 0 call sctp_check_for_revoked() to tell if peer revoked
4803 * some of them. else - The peer revoked all ACKED fragments, since
4804 * we had some before and now we have NONE.
4808 sctp_check_for_revoked(stcb, asoc, cum_ack, biggest_tsn_acked);
4809 asoc->saw_sack_with_frags = 1;
4810 } else if (asoc->saw_sack_with_frags) {
4811 int cnt_revoked = 0;
4813 /* Peer revoked all dg's marked or acked */
4814 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4815 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
4816 tp1->sent = SCTP_DATAGRAM_SENT;
4817 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4818 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
4819 tp1->whoTo->flight_size,
4821 (uintptr_t) tp1->whoTo,
4822 tp1->rec.data.TSN_seq);
4824 sctp_flight_size_increase(tp1);
4825 sctp_total_flight_increase(stcb, tp1);
4826 tp1->rec.data.chunk_was_revoked = 1;
4828 * To ensure that this increase in
4829 * flightsize, which is artificial, does not
4830 * throttle the sender, we also increase the
4831 * cwnd artificially.
4833 tp1->whoTo->cwnd += tp1->book_size;
4840 asoc->saw_sack_with_frags = 0;
4843 asoc->saw_sack_with_nr_frags = 1;
4845 asoc->saw_sack_with_nr_frags = 0;
4847 /* JRS - Use the congestion control given in the CC module */
4848 if (ecne_seen == 0) {
4849 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4850 if (net->net_ack2 > 0) {
4852 * Karn's rule applies to clearing error
4853 * count, this is optional.
4855 net->error_count = 0;
4856 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4857 /* addr came good */
4858 net->dest_state |= SCTP_ADDR_REACHABLE;
4859 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4860 0, (void *)net, SCTP_SO_NOT_LOCKED);
4862 if (net == stcb->asoc.primary_destination) {
4863 if (stcb->asoc.alternate) {
4865 * release the alternate,
4868 sctp_free_remote_addr(stcb->asoc.alternate);
4869 stcb->asoc.alternate = NULL;
4872 if (net->dest_state & SCTP_ADDR_PF) {
4873 net->dest_state &= ~SCTP_ADDR_PF;
4874 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
4875 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4876 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4877 /* Done with this net */
4880 /* restore any doubled timers */
4881 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4882 if (net->RTO < stcb->asoc.minrto) {
4883 net->RTO = stcb->asoc.minrto;
4885 if (net->RTO > stcb->asoc.maxrto) {
4886 net->RTO = stcb->asoc.maxrto;
4890 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, accum_moved, reneged_all, will_exit_fast_recovery);
4892 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4893 /* nothing left in-flight */
4894 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4895 /* stop all timers */
4896 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4897 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_30);
4898 net->flight_size = 0;
4899 net->partial_bytes_acked = 0;
4901 asoc->total_flight = 0;
4902 asoc->total_flight_count = 0;
4904 /**********************************/
4905 /* Now what about shutdown issues */
4906 /**********************************/
4907 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4908 /* nothing left on sendqueue.. consider done */
4909 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4910 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4911 asoc->peers_rwnd, 0, 0, a_rwnd);
4913 asoc->peers_rwnd = a_rwnd;
4914 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4915 /* SWS sender side engages */
4916 asoc->peers_rwnd = 0;
4919 if ((asoc->stream_queue_cnt == 1) &&
4920 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4921 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4922 (asoc->locked_on_sending)
4924 struct sctp_stream_queue_pending *sp;
4927 * I may be in a state where we got all across.. but
4928 * cannot write more due to a shutdown... we abort
4929 * since the user did not indicate EOR in this case.
4931 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4933 if ((sp) && (sp->length == 0)) {
4934 asoc->locked_on_sending = NULL;
4935 if (sp->msg_is_complete) {
4936 asoc->stream_queue_cnt--;
4938 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4939 asoc->stream_queue_cnt--;
4943 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4944 (asoc->stream_queue_cnt == 0)) {
4945 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4946 /* Need to abort here */
4952 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4953 0, M_NOWAIT, 1, MT_DATA);
4955 struct sctp_paramhdr *ph;
4957 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr);
4958 ph = mtod(oper, struct sctp_paramhdr *);
4959 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4960 ph->param_length = htons(SCTP_BUF_LEN(oper));
4962 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
4963 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
4966 struct sctp_nets *netp;
4968 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4969 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4970 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4972 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4973 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4974 sctp_stop_timers_for_shutdown(stcb);
4975 if (asoc->alternate) {
4976 netp = asoc->alternate;
4978 netp = asoc->primary_destination;
4980 sctp_send_shutdown(stcb, netp);
4981 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4982 stcb->sctp_ep, stcb, netp);
4983 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4984 stcb->sctp_ep, stcb, netp);
4987 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4988 (asoc->stream_queue_cnt == 0)) {
4989 struct sctp_nets *netp;
4991 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4994 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4995 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4996 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4997 sctp_stop_timers_for_shutdown(stcb);
4998 if (asoc->alternate) {
4999 netp = asoc->alternate;
5001 netp = asoc->primary_destination;
5003 sctp_send_shutdown_ack(stcb, netp);
5004 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
5005 stcb->sctp_ep, stcb, netp);
5010 * Now here we are going to recycle net_ack for a different use...
5013 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5018 * CMT DAC algorithm: If SACK DAC flag was 0, then no extra marking
5019 * to be done. Setting this_sack_lowest_newack to the cum_ack will
5020 * automatically ensure that.
5022 if ((asoc->sctp_cmt_on_off > 0) &&
5023 SCTP_BASE_SYSCTL(sctp_cmt_use_dac) &&
5024 (cmt_dac_flag == 0)) {
5025 this_sack_lowest_newack = cum_ack;
5027 if ((num_seg > 0) || (num_nr_seg > 0)) {
5028 sctp_strike_gap_ack_chunks(stcb, asoc, biggest_tsn_acked,
5029 biggest_tsn_newly_acked, this_sack_lowest_newack, accum_moved);
5031 /* JRS - Use the congestion control given in the CC module */
5032 asoc->cc_functions.sctp_cwnd_update_after_fr(stcb, asoc);
5034 /* Now are we exiting loss recovery ? */
5035 if (will_exit_fast_recovery) {
5036 /* Ok, we must exit fast recovery */
5037 asoc->fast_retran_loss_recovery = 0;
5039 if ((asoc->sat_t3_loss_recovery) &&
5040 SCTP_TSN_GE(asoc->last_acked_seq, asoc->sat_t3_recovery_tsn)) {
5041 /* end satellite t3 loss recovery */
5042 asoc->sat_t3_loss_recovery = 0;
5047 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5048 if (net->will_exit_fast_recovery) {
5049 /* Ok, we must exit fast recovery */
5050 net->fast_retran_loss_recovery = 0;
5054 /* Adjust and set the new rwnd value */
5055 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
5056 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
5057 asoc->peers_rwnd, asoc->total_flight, (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)), a_rwnd);
5059 asoc->peers_rwnd = sctp_sbspace_sub(a_rwnd,
5060 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
5061 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
5062 /* SWS sender side engages */
5063 asoc->peers_rwnd = 0;
5065 if (asoc->peers_rwnd > old_rwnd) {
5066 win_probe_recovery = 1;
5069 * Now we must setup so we have a timer up for anyone with
5075 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5076 if (win_probe_recovery && (net->window_probe)) {
5077 win_probe_recovered = 1;
5079 * Find first chunk that was used with
5080 * window probe and clear the event. Put
5081 * it back into the send queue as if has
5084 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5085 if (tp1->window_probe) {
5086 sctp_window_probe_recovery(stcb, asoc, tp1);
5091 if (net->flight_size) {
5093 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5094 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5095 stcb->sctp_ep, stcb, net);
5097 if (net->window_probe) {
5098 net->window_probe = 0;
5101 if (net->window_probe) {
5103 * In window probes we must assure a timer
5104 * is still running there
5106 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5107 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5108 stcb->sctp_ep, stcb, net);
5111 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5112 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
5114 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
5119 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
5120 (asoc->sent_queue_retran_cnt == 0) &&
5121 (win_probe_recovered == 0) &&
5124 * huh, this should not happen unless all packets are
5125 * PR-SCTP and marked to skip of course.
5127 if (sctp_fs_audit(asoc)) {
5128 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5129 net->flight_size = 0;
5131 asoc->total_flight = 0;
5132 asoc->total_flight_count = 0;
5133 asoc->sent_queue_retran_cnt = 0;
5134 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5135 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
5136 sctp_flight_size_increase(tp1);
5137 sctp_total_flight_increase(stcb, tp1);
5138 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
5139 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
5146 /*********************************************/
5147 /* Here we perform PR-SCTP procedures */
5149 /*********************************************/
5150 /* C1. update advancedPeerAckPoint */
5151 if (SCTP_TSN_GT(cum_ack, asoc->advanced_peer_ack_point)) {
5152 asoc->advanced_peer_ack_point = cum_ack;
5154 /* C2. try to further move advancedPeerAckPoint ahead */
5155 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
5156 struct sctp_tmit_chunk *lchk;
5157 uint32_t old_adv_peer_ack_point;
5159 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
5160 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
5161 /* C3. See if we need to send a Fwd-TSN */
5162 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cum_ack)) {
5164 * ISSUE with ECN, see FWD-TSN processing.
5166 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
5167 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
5168 0xee, cum_ack, asoc->advanced_peer_ack_point,
5169 old_adv_peer_ack_point);
5171 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
5172 send_forward_tsn(stcb, asoc);
5174 /* try to FR fwd-tsn's that get lost too */
5175 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
5176 send_forward_tsn(stcb, asoc);
5181 /* Assure a timer is up */
5182 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5183 stcb->sctp_ep, stcb, lchk->whoTo);
5186 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
5187 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
5189 stcb->asoc.peers_rwnd,
5190 stcb->asoc.total_flight,
5191 stcb->asoc.total_output_queue_size);
5196 sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp, int *abort_flag)
5199 uint32_t cum_ack, a_rwnd;
5201 cum_ack = ntohl(cp->cumulative_tsn_ack);
5202 /* Arrange so a_rwnd does NOT change */
5203 a_rwnd = stcb->asoc.peers_rwnd + stcb->asoc.total_flight;
5205 /* Now call the express sack handling */
5206 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, abort_flag, 0);
5210 sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
5211 struct sctp_stream_in *strmin)
5213 struct sctp_queued_to_read *ctl, *nctl;
5214 struct sctp_association *asoc;
5218 tt = strmin->last_sequence_delivered;
5220 * First deliver anything prior to and including the stream no that
5223 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) {
5224 if (SCTP_SSN_GE(tt, ctl->sinfo_ssn)) {
5225 /* this is deliverable now */
5226 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5227 /* subtract pending on streams */
5228 asoc->size_on_all_streams -= ctl->length;
5229 sctp_ucount_decr(asoc->cnt_on_all_streams);
5230 /* deliver it to at least the delivery-q */
5231 if (stcb->sctp_socket) {
5232 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5233 sctp_add_to_readq(stcb->sctp_ep, stcb,
5235 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5238 /* no more delivery now. */
5243 * now we must deliver things in queue the normal way if any are
5246 tt = strmin->last_sequence_delivered + 1;
5247 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) {
5248 if (tt == ctl->sinfo_ssn) {
5249 /* this is deliverable now */
5250 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5251 /* subtract pending on streams */
5252 asoc->size_on_all_streams -= ctl->length;
5253 sctp_ucount_decr(asoc->cnt_on_all_streams);
5254 /* deliver it to at least the delivery-q */
5255 strmin->last_sequence_delivered = ctl->sinfo_ssn;
5256 if (stcb->sctp_socket) {
5257 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5258 sctp_add_to_readq(stcb->sctp_ep, stcb,
5260 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5263 tt = strmin->last_sequence_delivered + 1;
5271 sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
5272 struct sctp_association *asoc,
5273 uint16_t stream, uint16_t seq)
5275 struct sctp_tmit_chunk *chk, *nchk;
5277 /* For each one on here see if we need to toss it */
5279 * For now large messages held on the reasmqueue that are complete
5280 * will be tossed too. We could in theory do more work to spin
5281 * through and stop after dumping one msg aka seeing the start of a
5282 * new msg at the head, and call the delivery function... to see if
5283 * it can be delivered... But for now we just dump everything on the
5286 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5288 * Do not toss it if on a different stream or marked for
5289 * unordered delivery in which case the stream sequence
5290 * number has no meaning.
5292 if ((chk->rec.data.stream_number != stream) ||
5293 ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == SCTP_DATA_UNORDERED)) {
5296 if (chk->rec.data.stream_seq == seq) {
5297 /* It needs to be tossed */
5298 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5299 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) {
5300 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
5301 asoc->str_of_pdapi = chk->rec.data.stream_number;
5302 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
5303 asoc->fragment_flags = chk->rec.data.rcv_flags;
5305 asoc->size_on_reasm_queue -= chk->send_size;
5306 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5308 /* Clear up any stream problem */
5309 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED &&
5310 SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) {
5312 * We must dump forward this streams
5313 * sequence number if the chunk is not
5314 * unordered that is being skipped. There is
5315 * a chance that if the peer does not
5316 * include the last fragment in its FWD-TSN
5317 * we WILL have a problem here since you
5318 * would have a partial chunk in queue that
5319 * may not be deliverable. Also if a Partial
5320 * delivery API as started the user may get
5321 * a partial chunk. The next read returning
5322 * a new chunk... really ugly but I see no
5323 * way around it! Maybe a notify??
5325 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq;
5328 sctp_m_freem(chk->data);
5331 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5332 } else if (SCTP_SSN_GT(chk->rec.data.stream_seq, seq)) {
5334 * If the stream_seq is > than the purging one, we
5344 sctp_handle_forward_tsn(struct sctp_tcb *stcb,
5345 struct sctp_forward_tsn_chunk *fwd,
5346 int *abort_flag, struct mbuf *m, int offset)
5348 /* The pr-sctp fwd tsn */
5350 * here we will perform all the data receiver side steps for
5351 * processing FwdTSN, as required in by pr-sctp draft:
5353 * Assume we get FwdTSN(x):
5355 * 1) update local cumTSN to x 2) try to further advance cumTSN to x +
5356 * others we have 3) examine and update re-ordering queue on
5357 * pr-in-streams 4) clean up re-assembly queue 5) Send a sack to
5358 * report where we are.
5360 struct sctp_association *asoc;
5361 uint32_t new_cum_tsn, gap;
5362 unsigned int i, fwd_sz, m_size;
5364 struct sctp_stream_in *strm;
5365 struct sctp_tmit_chunk *chk, *nchk;
5366 struct sctp_queued_to_read *ctl, *sv;
5369 if ((fwd_sz = ntohs(fwd->ch.chunk_length)) < sizeof(struct sctp_forward_tsn_chunk)) {
5370 SCTPDBG(SCTP_DEBUG_INDATA1,
5371 "Bad size too small/big fwd-tsn\n");
5374 m_size = (stcb->asoc.mapping_array_size << 3);
5375 /*************************************************************/
5376 /* 1. Here we update local cumTSN and shift the bitmap array */
5377 /*************************************************************/
5378 new_cum_tsn = ntohl(fwd->new_cumulative_tsn);
5380 if (SCTP_TSN_GE(asoc->cumulative_tsn, new_cum_tsn)) {
5381 /* Already got there ... */
5385 * now we know the new TSN is more advanced, let's find the actual
5388 SCTP_CALC_TSN_TO_GAP(gap, new_cum_tsn, asoc->mapping_array_base_tsn);
5389 asoc->cumulative_tsn = new_cum_tsn;
5390 if (gap >= m_size) {
5391 if ((long)gap > sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv)) {
5395 * out of range (of single byte chunks in the rwnd I
5396 * give out). This must be an attacker.
5399 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
5400 0, M_NOWAIT, 1, MT_DATA);
5402 struct sctp_paramhdr *ph;
5405 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
5406 (sizeof(uint32_t) * 3);
5407 ph = mtod(oper, struct sctp_paramhdr *);
5408 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
5409 ph->param_length = htons(SCTP_BUF_LEN(oper));
5410 ippp = (uint32_t *) (ph + 1);
5411 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_33);
5413 *ippp = asoc->highest_tsn_inside_map;
5415 *ippp = new_cum_tsn;
5417 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33;
5418 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
5421 SCTP_STAT_INCR(sctps_fwdtsn_map_over);
5423 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
5424 asoc->mapping_array_base_tsn = new_cum_tsn + 1;
5425 asoc->highest_tsn_inside_map = new_cum_tsn;
5427 memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size);
5428 asoc->highest_tsn_inside_nr_map = new_cum_tsn;
5430 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
5431 sctp_log_map(0, 3, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5434 SCTP_TCB_LOCK_ASSERT(stcb);
5435 for (i = 0; i <= gap; i++) {
5436 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, i) &&
5437 !SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, i)) {
5438 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, i);
5439 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn + i, asoc->highest_tsn_inside_nr_map)) {
5440 asoc->highest_tsn_inside_nr_map = asoc->mapping_array_base_tsn + i;
5445 /*************************************************************/
5446 /* 2. Clear up re-assembly queue */
5447 /*************************************************************/
5449 * First service it if pd-api is up, just in case we can progress it
5452 if (asoc->fragmented_delivery_inprogress) {
5453 sctp_service_reassembly(stcb, asoc);
5455 /* For each one on here see if we need to toss it */
5457 * For now large messages held on the reasmqueue that are complete
5458 * will be tossed too. We could in theory do more work to spin
5459 * through and stop after dumping one msg aka seeing the start of a
5460 * new msg at the head, and call the delivery function... to see if
5461 * it can be delivered... But for now we just dump everything on the
5464 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5465 if (SCTP_TSN_GE(new_cum_tsn, chk->rec.data.TSN_seq)) {
5466 /* It needs to be tossed */
5467 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5468 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) {
5469 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
5470 asoc->str_of_pdapi = chk->rec.data.stream_number;
5471 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
5472 asoc->fragment_flags = chk->rec.data.rcv_flags;
5474 asoc->size_on_reasm_queue -= chk->send_size;
5475 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5477 /* Clear up any stream problem */
5478 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED &&
5479 SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) {
5481 * We must dump forward this streams
5482 * sequence number if the chunk is not
5483 * unordered that is being skipped. There is
5484 * a chance that if the peer does not
5485 * include the last fragment in its FWD-TSN
5486 * we WILL have a problem here since you
5487 * would have a partial chunk in queue that
5488 * may not be deliverable. Also if a Partial
5489 * delivery API as started the user may get
5490 * a partial chunk. The next read returning
5491 * a new chunk... really ugly but I see no
5492 * way around it! Maybe a notify??
5494 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq;
5497 sctp_m_freem(chk->data);
5500 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5503 * Ok we have gone beyond the end of the fwd-tsn's
5509 /*******************************************************/
5510 /* 3. Update the PR-stream re-ordering queues and fix */
5511 /* delivery issues as needed. */
5512 /*******************************************************/
5513 fwd_sz -= sizeof(*fwd);
5516 unsigned int num_str;
5517 struct sctp_strseq *stseq, strseqbuf;
5519 offset += sizeof(*fwd);
5521 SCTP_INP_READ_LOCK(stcb->sctp_ep);
5522 num_str = fwd_sz / sizeof(struct sctp_strseq);
5523 for (i = 0; i < num_str; i++) {
5526 stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset,
5527 sizeof(struct sctp_strseq),
5528 (uint8_t *) & strseqbuf);
5529 offset += sizeof(struct sctp_strseq);
5530 if (stseq == NULL) {
5534 st = ntohs(stseq->stream);
5536 st = ntohs(stseq->sequence);
5537 stseq->sequence = st;
5542 * Ok we now look for the stream/seq on the read
5543 * queue where its not all delivered. If we find it
5544 * we transmute the read entry into a PDI_ABORTED.
5546 if (stseq->stream >= asoc->streamincnt) {
5547 /* screwed up streams, stop! */
5550 if ((asoc->str_of_pdapi == stseq->stream) &&
5551 (asoc->ssn_of_pdapi == stseq->sequence)) {
5553 * If this is the one we were partially
5554 * delivering now then we no longer are.
5555 * Note this will change with the reassembly
5558 asoc->fragmented_delivery_inprogress = 0;
5560 sctp_flush_reassm_for_str_seq(stcb, asoc, stseq->stream, stseq->sequence);
5561 TAILQ_FOREACH(ctl, &stcb->sctp_ep->read_queue, next) {
5562 if ((ctl->sinfo_stream == stseq->stream) &&
5563 (ctl->sinfo_ssn == stseq->sequence)) {
5564 str_seq = (stseq->stream << 16) | stseq->sequence;
5566 ctl->pdapi_aborted = 1;
5567 sv = stcb->asoc.control_pdapi;
5568 stcb->asoc.control_pdapi = ctl;
5569 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5571 SCTP_PARTIAL_DELIVERY_ABORTED,
5573 SCTP_SO_NOT_LOCKED);
5574 stcb->asoc.control_pdapi = sv;
5576 } else if ((ctl->sinfo_stream == stseq->stream) &&
5577 SCTP_SSN_GT(ctl->sinfo_ssn, stseq->sequence)) {
5578 /* We are past our victim SSN */
5582 strm = &asoc->strmin[stseq->stream];
5583 if (SCTP_SSN_GT(stseq->sequence, strm->last_sequence_delivered)) {
5584 /* Update the sequence number */
5585 strm->last_sequence_delivered = stseq->sequence;
5587 /* now kick the stream the new way */
5588 /* sa_ignore NO_NULL_CHK */
5589 sctp_kick_prsctp_reorder_queue(stcb, strm);
5591 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
5594 * Now slide thing forward.
5596 sctp_slide_mapping_arrays(stcb);
5598 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
5599 /* now lets kick out and check for more fragmented delivery */
5600 /* sa_ignore NO_NULL_CHK */
5601 sctp_deliver_reasm_check(stcb, &stcb->asoc);