2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_auth.h>
45 #include <netinet/sctp_indata.h>
46 #include <netinet/sctp_asconf.h>
47 #include <netinet/sctp_bsd_addr.h>
48 #include <netinet/sctp_timer.h>
49 #include <netinet/sctp_crc32.h>
50 #include <netinet/udp.h>
55 sctp_stop_all_cookie_timers(struct sctp_tcb *stcb)
57 struct sctp_nets *net;
60 * This now not only stops all cookie timers it also stops any INIT
61 * timers as well. This will make sure that the timers are stopped
62 * in all collision cases.
64 SCTP_TCB_LOCK_ASSERT(stcb);
65 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
66 if (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE) {
67 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE,
70 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_1);
71 } else if (net->rxt_timer.type == SCTP_TIMER_TYPE_INIT) {
72 sctp_timer_stop(SCTP_TIMER_TYPE_INIT,
75 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2);
82 sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
83 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
84 struct sctp_nets *net, int *abort_no_unlock, uint32_t vrf_id, uint16_t port)
86 struct sctp_init *init;
90 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n",
94 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
100 /* First are we accepting? */
101 if ((inp->sctp_socket->so_qlimit == 0) && (stcb == NULL)) {
102 SCTPDBG(SCTP_DEBUG_INPUT2,
103 "sctp_handle_init: Abort, so_qlimit:%d\n",
104 inp->sctp_socket->so_qlimit);
106 * FIX ME ?? What about TCP model and we have a
107 * match/restart case? Actually no fix is needed. the lookup
108 * will always find the existing assoc so stcb would not be
109 * NULL. It may be questionable to do this since we COULD
110 * just send back the INIT-ACK and hope that the app did
111 * accept()'s by the time the COOKIE was sent. But there is
112 * a price to pay for COOKIE generation and I don't want to
113 * pay it on the chance that the app will actually do some
114 * accepts(). The App just looses and should NOT be in this
117 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
120 *abort_no_unlock = 1;
123 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) {
125 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
126 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
129 *abort_no_unlock = 1;
132 /* validate parameters */
133 if (init->initiate_tag == 0) {
134 /* protocol error... send abort */
135 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
139 *abort_no_unlock = 1;
142 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) {
143 /* invalid parameter... send abort */
144 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
145 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
148 *abort_no_unlock = 1;
151 if (init->num_inbound_streams == 0) {
152 /* protocol error... send abort */
153 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
154 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
157 *abort_no_unlock = 1;
160 if (init->num_outbound_streams == 0) {
161 /* protocol error... send abort */
162 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
163 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
166 *abort_no_unlock = 1;
169 init_limit = offset + ntohs(cp->ch.chunk_length);
170 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp),
172 /* auth parameter(s) error... send abort */
173 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL, vrf_id, port);
175 *abort_no_unlock = 1;
178 /* send an INIT-ACK w/cookie */
179 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n");
180 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp, vrf_id, port,
181 ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED));
184 SCTP_INP_RUNLOCK(inp);
189 * process peer "INIT/INIT-ACK" chunk returns value < 0 on error
193 sctp_is_there_unsent_data(struct sctp_tcb *stcb)
196 struct sctp_stream_queue_pending *sp;
197 struct sctp_stream_out *strq;
198 struct sctp_association *asoc;
201 * This function returns the number of streams that have true unsent
202 * data on them. Note that as it looks through it will clean up any
203 * places that have old data that has been sent but left at top of
207 SCTP_TCB_SEND_LOCK(stcb);
208 if (!TAILQ_EMPTY(&asoc->out_wheel)) {
209 /* Check to see if some data queued */
210 TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) {
212 /* sa_ignore FREED_MEMORY */
213 sp = TAILQ_FIRST(&strq->outqueue);
217 if ((sp->msg_is_complete) &&
219 (sp->sender_all_done)) {
221 * We are doing differed cleanup. Last time
222 * through when we took all the data the
223 * sender_all_done was not set.
225 if (sp->put_last_out == 0) {
226 SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n");
227 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d\n",
233 atomic_subtract_int(&stcb->asoc.stream_queue_cnt, 1);
234 TAILQ_REMOVE(&strq->outqueue, sp, next);
235 sctp_free_remote_addr(sp->net);
237 sctp_m_freem(sp->data);
240 sctp_free_a_strmoq(stcb, sp);
241 goto is_there_another;
248 SCTP_TCB_SEND_UNLOCK(stcb);
249 return (unsent_data);
253 sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb,
254 struct sctp_nets *net)
256 struct sctp_init *init;
257 struct sctp_association *asoc;
258 struct sctp_nets *lnet;
263 /* save off parameters */
264 asoc->peer_vtag = ntohl(init->initiate_tag);
265 asoc->peers_rwnd = ntohl(init->a_rwnd);
266 if (TAILQ_FIRST(&asoc->nets)) {
267 /* update any ssthresh's that may have a default */
268 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
269 lnet->ssthresh = asoc->peers_rwnd;
271 if (SCTP_BASE_SYSCTL(sctp_logging_level) & (SCTP_CWND_MONITOR_ENABLE | SCTP_CWND_LOGGING_ENABLE)) {
272 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
276 SCTP_TCB_SEND_LOCK(stcb);
277 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
279 struct sctp_stream_out *outs;
280 struct sctp_stream_queue_pending *sp;
281 struct sctp_tmit_chunk *chk, *chk_next;
283 /* abandon the upper streams */
284 newcnt = ntohs(init->num_inbound_streams);
285 if (!TAILQ_EMPTY(&asoc->send_queue)) {
286 chk = TAILQ_FIRST(&asoc->send_queue);
288 chk_next = TAILQ_NEXT(chk, sctp_next);
289 if (chk->rec.data.stream_number >= newcnt) {
290 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
291 asoc->send_queue_cnt--;
292 if (chk->data != NULL) {
293 sctp_free_bufspace(stcb, asoc, chk, 1);
294 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb,
295 SCTP_NOTIFY_DATAGRAM_UNSENT, chk, SCTP_SO_NOT_LOCKED);
297 sctp_m_freem(chk->data);
301 sctp_free_a_chunk(stcb, chk);
302 /* sa_ignore FREED_MEMORY */
308 for (i = newcnt; i < asoc->pre_open_streams; i++) {
309 outs = &asoc->strmout[i];
310 sp = TAILQ_FIRST(&outs->outqueue);
312 TAILQ_REMOVE(&outs->outqueue, sp, next);
313 asoc->stream_queue_cnt--;
314 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL,
315 stcb, SCTP_NOTIFY_DATAGRAM_UNSENT,
316 sp, SCTP_SO_NOT_LOCKED);
318 sctp_m_freem(sp->data);
321 sctp_free_remote_addr(sp->net);
324 sctp_free_a_strmoq(stcb, sp);
325 /* sa_ignore FREED_MEMORY */
326 sp = TAILQ_FIRST(&outs->outqueue);
330 /* cut back the count */
331 asoc->pre_open_streams = newcnt;
333 SCTP_TCB_SEND_UNLOCK(stcb);
334 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams;
336 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
337 /* EY - nr_sack: initialize highest tsn in nr_mapping_array */
338 asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map;
339 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
340 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
342 /* This is the next one we expect */
343 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
345 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
347 * EY 05/13/08 - nr_sack: initialize nr_mapping array's base tsn
350 asoc->nr_mapping_array_base_tsn = ntohl(init->initial_tsn);
351 asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->asconf_seq_in;
352 asoc->last_echo_tsn = asoc->asconf_seq_in;
353 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
354 /* open the requested streams */
356 if (asoc->strmin != NULL) {
357 /* Free the old ones */
358 struct sctp_queued_to_read *ctl;
360 for (i = 0; i < asoc->streamincnt; i++) {
361 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
363 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
364 sctp_free_remote_addr(ctl->whoFrom);
366 sctp_m_freem(ctl->data);
368 sctp_free_a_readq(stcb, ctl);
369 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
372 SCTP_FREE(asoc->strmin, SCTP_M_STRMI);
374 asoc->streamincnt = ntohs(init->num_outbound_streams);
375 if (asoc->streamincnt > MAX_SCTP_STREAMS) {
376 asoc->streamincnt = MAX_SCTP_STREAMS;
378 SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt *
379 sizeof(struct sctp_stream_in), SCTP_M_STRMI);
380 if (asoc->strmin == NULL) {
381 /* we didn't get memory for the streams! */
382 SCTPDBG(SCTP_DEBUG_INPUT2, "process_init: couldn't get memory for the streams!\n");
385 for (i = 0; i < asoc->streamincnt; i++) {
386 asoc->strmin[i].stream_no = i;
387 asoc->strmin[i].last_sequence_delivered = 0xffff;
389 * U-stream ranges will be set when the cookie is unpacked.
390 * Or for the INIT sender they are un set (if pr-sctp not
391 * supported) when the INIT-ACK arrives.
393 TAILQ_INIT(&asoc->strmin[i].inqueue);
394 asoc->strmin[i].delivery_started = 0;
397 * load_address_from_init will put the addresses into the
398 * association when the COOKIE is processed or the INIT-ACK is
399 * processed. Both types of COOKIE's existing and new call this
400 * routine. It will remove addresses that are no longer in the
401 * association (for the restarting case where addresses are
402 * removed). Up front when the INIT arrives we will discard it if it
403 * is a restart and new addresses have been added.
405 /* sa_ignore MEMLEAK */
410 * INIT-ACK message processing/consumption returns value < 0 on error
413 sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
414 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
415 struct sctp_nets *net, int *abort_no_unlock, uint32_t vrf_id)
417 struct sctp_association *asoc;
419 int retval, abort_flag;
420 uint32_t initack_limit;
421 int nat_friendly = 0;
423 /* First verify that we have no illegal param's */
427 op_err = sctp_arethere_unrecognized_parameters(m,
428 (offset + sizeof(struct sctp_init_chunk)),
429 &abort_flag, (struct sctp_chunkhdr *)cp, &nat_friendly);
431 /* Send an abort and notify peer */
432 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_CAUSE_PROTOCOL_VIOLATION, op_err, SCTP_SO_NOT_LOCKED);
433 *abort_no_unlock = 1;
437 asoc->peer_supports_nat = (uint8_t) nat_friendly;
438 /* process the peer's parameters in the INIT-ACK */
439 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net);
443 initack_limit = offset + ntohs(cp->ch.chunk_length);
444 /* load all addresses */
445 if ((retval = sctp_load_addresses_from_init(stcb, m, iphlen,
446 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh,
448 /* Huh, we should abort */
449 SCTPDBG(SCTP_DEBUG_INPUT1,
450 "Load addresses from INIT causes an abort %d\n",
452 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
454 *abort_no_unlock = 1;
457 /* if the peer doesn't support asconf, flush the asconf queue */
458 if (asoc->peer_supports_asconf == 0) {
459 struct sctp_asconf_addr *aparam;
461 while (!TAILQ_EMPTY(&asoc->asconf_queue)) {
462 /* sa_ignore FREED_MEMORY */
463 aparam = TAILQ_FIRST(&asoc->asconf_queue);
464 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
465 SCTP_FREE(aparam, SCTP_M_ASC_ADDR);
468 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
469 stcb->asoc.local_hmacs);
471 sctp_queue_op_err(stcb, op_err);
472 /* queuing will steal away the mbuf chain to the out queue */
475 /* extract the cookie and queue it to "echo" it back... */
476 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
477 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
478 stcb->asoc.overall_error_count,
480 SCTP_FROM_SCTP_INPUT,
483 stcb->asoc.overall_error_count = 0;
484 net->error_count = 0;
487 * Cancel the INIT timer, We do this first before queueing the
488 * cookie. We always cancel at the primary to assue that we are
489 * canceling the timer started by the INIT which always goes to the
492 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb,
493 asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4);
495 /* calculate the RTO */
496 net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, sctp_align_safe_nocopy);
498 retval = sctp_send_cookie_echo(m, offset, stcb, net);
501 * No cookie, we probably should send a op error. But in any
502 * case if there is no cookie in the INIT-ACK, we can
503 * abandon the peer, its broke.
506 /* We abort with an error of missing mandatory param */
508 sctp_generate_invmanparam(SCTP_CAUSE_MISSING_PARAM);
511 * Expand beyond to include the mandatory
514 struct sctp_inv_mandatory_param *mp;
516 SCTP_BUF_LEN(op_err) =
517 sizeof(struct sctp_inv_mandatory_param);
519 struct sctp_inv_mandatory_param *);
520 /* Subtract the reserved param */
522 htons(sizeof(struct sctp_inv_mandatory_param) - 2);
523 mp->num_param = htonl(1);
524 mp->param = htons(SCTP_STATE_COOKIE);
527 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
528 sh, op_err, 0, net->port);
529 *abort_no_unlock = 1;
537 sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp,
538 struct sctp_tcb *stcb, struct sctp_nets *net)
540 struct sockaddr_storage store;
541 struct sockaddr_in *sin;
542 struct sockaddr_in6 *sin6;
543 struct sctp_nets *r_net;
547 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) {
551 sin = (struct sockaddr_in *)&store;
552 sin6 = (struct sockaddr_in6 *)&store;
554 memset(&store, 0, sizeof(store));
555 if (cp->heartbeat.hb_info.addr_family == AF_INET &&
556 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) {
557 sin->sin_family = cp->heartbeat.hb_info.addr_family;
558 sin->sin_len = cp->heartbeat.hb_info.addr_len;
559 sin->sin_port = stcb->rport;
560 memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address,
561 sizeof(sin->sin_addr));
562 } else if (cp->heartbeat.hb_info.addr_family == AF_INET6 &&
563 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) {
564 sin6->sin6_family = cp->heartbeat.hb_info.addr_family;
565 sin6->sin6_len = cp->heartbeat.hb_info.addr_len;
566 sin6->sin6_port = stcb->rport;
567 memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address,
568 sizeof(sin6->sin6_addr));
572 r_net = sctp_findnet(stcb, (struct sockaddr *)sin);
574 SCTPDBG(SCTP_DEBUG_INPUT1, "Huh? I can't find the address I sent it to, discard\n");
577 if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
578 (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) &&
579 (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) {
581 * If the its a HB and it's random value is correct when can
582 * confirm the destination.
584 r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
585 if (r_net->dest_state & SCTP_ADDR_REQ_PRIMARY) {
586 stcb->asoc.primary_destination = r_net;
587 r_net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY;
588 r_net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
589 r_net = TAILQ_FIRST(&stcb->asoc.nets);
590 if (r_net != stcb->asoc.primary_destination) {
592 * first one on the list is NOT the primary
593 * sctp_cmpaddr() is much more efficent if
594 * the primary is the first on the list,
597 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
598 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
602 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
603 stcb, 0, (void *)r_net, SCTP_SO_NOT_LOCKED);
605 r_net->error_count = 0;
606 r_net->hb_responded = 1;
607 tv.tv_sec = cp->heartbeat.hb_info.time_value_1;
608 tv.tv_usec = cp->heartbeat.hb_info.time_value_2;
609 if (r_net->dest_state & SCTP_ADDR_NOT_REACHABLE) {
610 r_net->dest_state &= ~SCTP_ADDR_NOT_REACHABLE;
611 r_net->dest_state |= SCTP_ADDR_REACHABLE;
612 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
613 SCTP_HEARTBEAT_SUCCESS, (void *)r_net, SCTP_SO_NOT_LOCKED);
614 /* now was it the primary? if so restore */
615 if (r_net->dest_state & SCTP_ADDR_WAS_PRIMARY) {
616 (void)sctp_set_primary_addr(stcb, (struct sockaddr *)NULL, r_net);
620 * JRS 5/14/07 - If CMT PF is on and the destination is in PF state,
621 * set the destination to active state and set the cwnd to one or
622 * two MTU's based on whether PF1 or PF2 is being used. If a T3
623 * timer is running, for the destination, stop the timer because a
624 * PF-heartbeat was received.
626 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) &&
627 SCTP_BASE_SYSCTL(sctp_cmt_pf) &&
628 (net->dest_state & SCTP_ADDR_PF) == SCTP_ADDR_PF) {
629 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
630 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
632 SCTP_FROM_SCTP_INPUT + SCTP_LOC_5);
634 net->dest_state &= ~SCTP_ADDR_PF;
635 net->cwnd = net->mtu * SCTP_BASE_SYSCTL(sctp_cmt_pf);
636 SCTPDBG(SCTP_DEBUG_INPUT1, "Destination %p moved from PF to reachable with cwnd %d.\n",
639 /* Now lets do a RTO with this */
640 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, sctp_align_safe_nocopy);
641 /* Mobility adaptation */
643 if ((sctp_is_mobility_feature_on(stcb->sctp_ep,
644 SCTP_MOBILITY_BASE) ||
645 sctp_is_mobility_feature_on(stcb->sctp_ep,
646 SCTP_MOBILITY_FASTHANDOFF)) &&
647 sctp_is_mobility_feature_on(stcb->sctp_ep,
648 SCTP_MOBILITY_PRIM_DELETED)) {
650 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_TIMER + SCTP_LOC_7);
651 if (sctp_is_mobility_feature_on(stcb->sctp_ep,
652 SCTP_MOBILITY_FASTHANDOFF)) {
653 sctp_assoc_immediate_retrans(stcb,
654 stcb->asoc.primary_destination);
656 if (sctp_is_mobility_feature_on(stcb->sctp_ep,
657 SCTP_MOBILITY_BASE)) {
658 sctp_move_chunks_from_deleted_prim(stcb,
659 stcb->asoc.primary_destination);
661 sctp_delete_prim_timer(stcb->sctp_ep, stcb,
662 stcb->asoc.deleted_primary);
668 sctp_handle_nat_colliding_state(struct sctp_tcb *stcb)
671 * return 0 means we want you to proceed with the abort non-zero
672 * means no abort processing
674 struct sctpasochead *head;
676 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_WAIT) {
677 /* generate a new vtag and send init */
678 LIST_REMOVE(stcb, sctp_asocs);
679 stcb->asoc.my_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1);
680 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))];
682 * put it in the bucket in the vtag hash of assoc's for the
685 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
686 sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
689 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED) {
691 * treat like a case where the cookie expired i.e.: - dump
692 * current cookie. - generate a new vtag. - resend init.
694 /* generate a new vtag and send init */
695 LIST_REMOVE(stcb, sctp_asocs);
696 stcb->asoc.state &= ~SCTP_STATE_COOKIE_ECHOED;
697 stcb->asoc.state |= SCTP_STATE_COOKIE_WAIT;
698 sctp_stop_all_cookie_timers(stcb);
699 sctp_toss_old_cookies(stcb, &stcb->asoc);
700 stcb->asoc.my_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1);
701 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))];
703 * put it in the bucket in the vtag hash of assoc's for the
706 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
707 sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
714 sctp_handle_nat_missing_state(struct sctp_tcb *stcb,
715 struct sctp_nets *net)
718 * return 0 means we want you to proceed with the abort non-zero
719 * means no abort processing
721 if (stcb->asoc.peer_supports_auth == 0) {
722 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_nat_missing_state: Peer does not support AUTH, cannot send an asconf\n");
725 sctp_asconf_send_nat_state_update(stcb, net);
731 sctp_handle_abort(struct sctp_abort_chunk *cp,
732 struct sctp_tcb *stcb, struct sctp_nets *net)
734 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
740 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: handling ABORT\n");
744 len = ntohs(cp->ch.chunk_length);
745 if (len > sizeof(struct sctp_chunkhdr)) {
747 * Need to check the cause codes for our two magic nat
748 * aborts which don't kill the assoc necessarily.
750 struct sctp_abort_chunk *cpnext;
751 struct sctp_missing_nat_state *natc;
756 natc = (struct sctp_missing_nat_state *)cpnext;
757 cause = ntohs(natc->cause);
758 if (cause == SCTP_CAUSE_NAT_COLLIDING_STATE) {
759 SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state abort flags:%x\n",
761 if (sctp_handle_nat_colliding_state(stcb)) {
764 } else if (cause == SCTP_CAUSE_NAT_MISSING_STATE) {
765 SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state abort flags:%x\n",
767 if (sctp_handle_nat_missing_state(stcb, net)) {
772 /* stop any receive timers */
773 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_6);
774 /* notify user of the abort and clean up... */
775 sctp_abort_notification(stcb, 0, SCTP_SO_NOT_LOCKED);
777 #if defined(SCTP_PANIC_ON_ABORT)
778 printf("stcb:%p state:%d rport:%d net:%p\n",
779 stcb, stcb->asoc.state, stcb->rport, net);
780 if (!(stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
781 panic("Received an ABORT");
783 printf("No panic its in state %x closed\n", stcb->asoc.state);
786 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
787 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) ||
788 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
789 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
791 #ifdef SCTP_ASOCLOG_OF_TSNS
792 sctp_print_out_track_log(stcb);
794 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
795 so = SCTP_INP_SO(stcb->sctp_ep);
796 atomic_add_int(&stcb->asoc.refcnt, 1);
797 SCTP_TCB_UNLOCK(stcb);
798 SCTP_SOCKET_LOCK(so, 1);
800 atomic_subtract_int(&stcb->asoc.refcnt, 1);
802 stcb->asoc.state |= SCTP_STATE_WAS_ABORTED;
803 (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC,
804 SCTP_FROM_SCTP_INPUT + SCTP_LOC_6);
805 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
806 SCTP_SOCKET_UNLOCK(so, 1);
808 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: finished\n");
812 sctp_handle_shutdown(struct sctp_shutdown_chunk *cp,
813 struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag)
815 struct sctp_association *asoc;
816 int some_on_streamwheel;
818 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
823 SCTPDBG(SCTP_DEBUG_INPUT2,
824 "sctp_handle_shutdown: handling SHUTDOWN\n");
828 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
829 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
832 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) {
833 /* Shutdown NOT the expected size */
836 sctp_update_acked(stcb, cp, net, abort_flag);
838 if (asoc->control_pdapi) {
840 * With a normal shutdown we assume the end of last record.
842 SCTP_INP_READ_LOCK(stcb->sctp_ep);
843 asoc->control_pdapi->end_added = 1;
844 asoc->control_pdapi->pdapi_aborted = 1;
845 asoc->control_pdapi = NULL;
846 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
847 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
848 so = SCTP_INP_SO(stcb->sctp_ep);
849 atomic_add_int(&stcb->asoc.refcnt, 1);
850 SCTP_TCB_UNLOCK(stcb);
851 SCTP_SOCKET_LOCK(so, 1);
853 atomic_subtract_int(&stcb->asoc.refcnt, 1);
854 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
855 /* assoc was freed while we were unlocked */
856 SCTP_SOCKET_UNLOCK(so, 1);
860 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
861 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
862 SCTP_SOCKET_UNLOCK(so, 1);
865 /* goto SHUTDOWN_RECEIVED state to block new requests */
866 if (stcb->sctp_socket) {
867 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
868 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT) &&
869 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
870 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_RECEIVED);
871 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
873 * notify upper layer that peer has initiated a
876 sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
879 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
882 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
884 * stop the shutdown timer, since we WILL move to
887 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_8);
889 /* Now is there unsent data on a stream somewhere? */
890 some_on_streamwheel = sctp_is_there_unsent_data(stcb);
892 if (!TAILQ_EMPTY(&asoc->send_queue) ||
893 !TAILQ_EMPTY(&asoc->sent_queue) ||
894 some_on_streamwheel) {
895 /* By returning we will push more data out */
898 /* no outstanding data to send, so move on... */
899 /* send SHUTDOWN-ACK */
900 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
901 /* move to SHUTDOWN-ACK-SENT state */
902 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
903 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
904 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
906 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
907 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
908 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net,
909 SCTP_FROM_SCTP_INPUT + SCTP_LOC_7);
910 /* start SHUTDOWN timer */
911 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep,
917 sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp,
918 struct sctp_tcb *stcb, struct sctp_nets *net)
920 struct sctp_association *asoc;
922 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
925 so = SCTP_INP_SO(stcb->sctp_ep);
927 SCTPDBG(SCTP_DEBUG_INPUT2,
928 "sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n");
933 /* process according to association state */
934 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
935 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
936 /* unexpected SHUTDOWN-ACK... so ignore... */
937 SCTP_TCB_UNLOCK(stcb);
940 if (asoc->control_pdapi) {
942 * With a normal shutdown we assume the end of last record.
944 SCTP_INP_READ_LOCK(stcb->sctp_ep);
945 asoc->control_pdapi->end_added = 1;
946 asoc->control_pdapi->pdapi_aborted = 1;
947 asoc->control_pdapi = NULL;
948 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
949 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
950 atomic_add_int(&stcb->asoc.refcnt, 1);
951 SCTP_TCB_UNLOCK(stcb);
952 SCTP_SOCKET_LOCK(so, 1);
954 atomic_subtract_int(&stcb->asoc.refcnt, 1);
955 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
956 /* assoc was freed while we were unlocked */
957 SCTP_SOCKET_UNLOCK(so, 1);
961 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
962 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
963 SCTP_SOCKET_UNLOCK(so, 1);
966 /* are the queues empty? */
967 if (!TAILQ_EMPTY(&asoc->send_queue) ||
968 !TAILQ_EMPTY(&asoc->sent_queue) ||
969 !TAILQ_EMPTY(&asoc->out_wheel)) {
970 sctp_report_all_outbound(stcb, 0, SCTP_SO_NOT_LOCKED);
973 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_9);
974 /* send SHUTDOWN-COMPLETE */
975 sctp_send_shutdown_complete(stcb, net);
976 /* notify upper layer protocol */
977 if (stcb->sctp_socket) {
978 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
979 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
980 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
981 /* Set the connected flag to disconnected */
982 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0;
985 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
986 /* free the TCB but first save off the ep */
987 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
988 atomic_add_int(&stcb->asoc.refcnt, 1);
989 SCTP_TCB_UNLOCK(stcb);
990 SCTP_SOCKET_LOCK(so, 1);
992 atomic_subtract_int(&stcb->asoc.refcnt, 1);
994 (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC,
995 SCTP_FROM_SCTP_INPUT + SCTP_LOC_10);
996 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
997 SCTP_SOCKET_UNLOCK(so, 1);
1002 * Skip past the param header and then we will find the chunk that caused the
1003 * problem. There are two possiblities ASCONF or FWD-TSN other than that and
1004 * our peer must be broken.
1007 sctp_process_unrecog_chunk(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr,
1008 struct sctp_nets *net)
1010 struct sctp_chunkhdr *chk;
1012 chk = (struct sctp_chunkhdr *)((caddr_t)phdr + sizeof(*phdr));
1013 switch (chk->chunk_type) {
1014 case SCTP_ASCONF_ACK:
1016 sctp_asconf_cleanup(stcb, net);
1018 case SCTP_FORWARD_CUM_TSN:
1019 stcb->asoc.peer_supports_prsctp = 0;
1022 SCTPDBG(SCTP_DEBUG_INPUT2,
1023 "Peer does not support chunk type %d(%x)??\n",
1024 chk->chunk_type, (uint32_t) chk->chunk_type);
1030 * Skip past the param header and then we will find the param that caused the
1031 * problem. There are a number of param's in a ASCONF OR the prsctp param
1032 * these will turn of specific features.
1035 sctp_process_unrecog_param(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr)
1037 struct sctp_paramhdr *pbad;
1040 switch (ntohs(pbad->param_type)) {
1042 case SCTP_PRSCTP_SUPPORTED:
1043 stcb->asoc.peer_supports_prsctp = 0;
1045 case SCTP_SUPPORTED_CHUNK_EXT:
1047 /* draft-ietf-tsvwg-addip-sctp */
1048 case SCTP_HAS_NAT_SUPPORT:
1049 stcb->asoc.peer_supports_nat = 0;
1051 case SCTP_ECN_NONCE_SUPPORTED:
1052 stcb->asoc.peer_supports_ecn_nonce = 0;
1053 stcb->asoc.ecn_nonce_allowed = 0;
1054 stcb->asoc.ecn_allowed = 0;
1056 case SCTP_ADD_IP_ADDRESS:
1057 case SCTP_DEL_IP_ADDRESS:
1058 case SCTP_SET_PRIM_ADDR:
1059 stcb->asoc.peer_supports_asconf = 0;
1061 case SCTP_SUCCESS_REPORT:
1062 case SCTP_ERROR_CAUSE_IND:
1063 SCTPDBG(SCTP_DEBUG_INPUT2, "Huh, the peer does not support success? or error cause?\n");
1064 SCTPDBG(SCTP_DEBUG_INPUT2,
1065 "Turning off ASCONF to this strange peer\n");
1066 stcb->asoc.peer_supports_asconf = 0;
1069 SCTPDBG(SCTP_DEBUG_INPUT2,
1070 "Peer does not support param type %d(%x)??\n",
1071 pbad->param_type, (uint32_t) pbad->param_type);
1077 sctp_handle_error(struct sctp_chunkhdr *ch,
1078 struct sctp_tcb *stcb, struct sctp_nets *net)
1081 struct sctp_paramhdr *phdr;
1082 uint16_t error_type;
1084 struct sctp_association *asoc;
1087 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1092 /* parse through all of the errors and process */
1094 phdr = (struct sctp_paramhdr *)((caddr_t)ch +
1095 sizeof(struct sctp_chunkhdr));
1096 chklen = ntohs(ch->chunk_length) - sizeof(struct sctp_chunkhdr);
1097 while ((size_t)chklen >= sizeof(struct sctp_paramhdr)) {
1098 /* Process an Error Cause */
1099 error_type = ntohs(phdr->param_type);
1100 error_len = ntohs(phdr->param_length);
1101 if ((error_len > chklen) || (error_len == 0)) {
1102 /* invalid param length for this param */
1103 SCTPDBG(SCTP_DEBUG_INPUT1, "Bogus length in error param- chunk left:%d errorlen:%d\n",
1107 switch (error_type) {
1108 case SCTP_CAUSE_INVALID_STREAM:
1109 case SCTP_CAUSE_MISSING_PARAM:
1110 case SCTP_CAUSE_INVALID_PARAM:
1111 case SCTP_CAUSE_NO_USER_DATA:
1112 SCTPDBG(SCTP_DEBUG_INPUT1, "Software error we got a %d back? We have a bug :/ (or do they?)\n",
1115 case SCTP_CAUSE_NAT_COLLIDING_STATE:
1116 SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state abort flags:%x\n",
1118 if (sctp_handle_nat_colliding_state(stcb)) {
1122 case SCTP_CAUSE_NAT_MISSING_STATE:
1123 SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state abort flags:%x\n",
1125 if (sctp_handle_nat_missing_state(stcb, net)) {
1129 case SCTP_CAUSE_STALE_COOKIE:
1131 * We only act if we have echoed a cookie and are
1134 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
1137 p = (int *)((caddr_t)phdr + sizeof(*phdr));
1138 /* Save the time doubled */
1139 asoc->cookie_preserve_req = ntohl(*p) << 1;
1140 asoc->stale_cookie_count++;
1141 if (asoc->stale_cookie_count >
1142 asoc->max_init_times) {
1143 sctp_abort_notification(stcb, 0, SCTP_SO_NOT_LOCKED);
1144 /* now free the asoc */
1145 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1146 so = SCTP_INP_SO(stcb->sctp_ep);
1147 atomic_add_int(&stcb->asoc.refcnt, 1);
1148 SCTP_TCB_UNLOCK(stcb);
1149 SCTP_SOCKET_LOCK(so, 1);
1150 SCTP_TCB_LOCK(stcb);
1151 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1153 (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC,
1154 SCTP_FROM_SCTP_INPUT + SCTP_LOC_11);
1155 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1156 SCTP_SOCKET_UNLOCK(so, 1);
1160 /* blast back to INIT state */
1161 sctp_toss_old_cookies(stcb, &stcb->asoc);
1162 asoc->state &= ~SCTP_STATE_COOKIE_ECHOED;
1163 asoc->state |= SCTP_STATE_COOKIE_WAIT;
1164 sctp_stop_all_cookie_timers(stcb);
1165 sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
1168 case SCTP_CAUSE_UNRESOLVABLE_ADDR:
1170 * Nothing we can do here, we don't do hostname
1171 * addresses so if the peer does not like my IPv6
1172 * (or IPv4 for that matter) it does not matter. If
1173 * they don't support that type of address, they can
1174 * NOT possibly get that packet type... i.e. with no
1175 * IPv6 you can't recieve a IPv6 packet. so we can
1176 * safely ignore this one. If we ever added support
1177 * for HOSTNAME Addresses, then we would need to do
1181 case SCTP_CAUSE_UNRECOG_CHUNK:
1182 sctp_process_unrecog_chunk(stcb, phdr, net);
1184 case SCTP_CAUSE_UNRECOG_PARAM:
1185 sctp_process_unrecog_param(stcb, phdr);
1187 case SCTP_CAUSE_COOKIE_IN_SHUTDOWN:
1189 * We ignore this since the timer will drive out a
1190 * new cookie anyway and there timer will drive us
1191 * to send a SHUTDOWN_COMPLETE. We can't send one
1192 * here since we don't have their tag.
1195 case SCTP_CAUSE_DELETING_LAST_ADDR:
1196 case SCTP_CAUSE_RESOURCE_SHORTAGE:
1197 case SCTP_CAUSE_DELETING_SRC_ADDR:
1199 * We should NOT get these here, but in a
1202 SCTPDBG(SCTP_DEBUG_INPUT2, "Peer sends ASCONF errors in a Operational Error?<%d>?\n",
1205 case SCTP_CAUSE_OUT_OF_RESC:
1207 * And what, pray tell do we do with the fact that
1208 * the peer is out of resources? Not really sure we
1209 * could do anything but abort. I suspect this
1210 * should have came WITH an abort instead of in a
1215 SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_handle_error: unknown error type = 0x%xh\n",
1219 adjust = SCTP_SIZE32(error_len);
1221 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust);
1227 sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset,
1228 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
1229 struct sctp_nets *net, int *abort_no_unlock, uint32_t vrf_id)
1231 struct sctp_init_ack *init_ack;
1232 struct mbuf *op_err;
1234 SCTPDBG(SCTP_DEBUG_INPUT2,
1235 "sctp_handle_init_ack: handling INIT-ACK\n");
1238 SCTPDBG(SCTP_DEBUG_INPUT2,
1239 "sctp_handle_init_ack: TCB is null\n");
1242 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) {
1243 /* Invalid length */
1244 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1245 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1246 op_err, 0, net->port);
1247 *abort_no_unlock = 1;
1250 init_ack = &cp->init;
1251 /* validate parameters */
1252 if (init_ack->initiate_tag == 0) {
1253 /* protocol error... send an abort */
1254 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1255 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1256 op_err, 0, net->port);
1257 *abort_no_unlock = 1;
1260 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) {
1261 /* protocol error... send an abort */
1262 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1263 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1264 op_err, 0, net->port);
1265 *abort_no_unlock = 1;
1268 if (init_ack->num_inbound_streams == 0) {
1269 /* protocol error... send an abort */
1270 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1271 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1272 op_err, 0, net->port);
1273 *abort_no_unlock = 1;
1276 if (init_ack->num_outbound_streams == 0) {
1277 /* protocol error... send an abort */
1278 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1279 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1280 op_err, 0, net->port);
1281 *abort_no_unlock = 1;
1284 /* process according to association state... */
1285 switch (stcb->asoc.state & SCTP_STATE_MASK) {
1286 case SCTP_STATE_COOKIE_WAIT:
1287 /* this is the expected state for this chunk */
1288 /* process the INIT-ACK parameters */
1289 if (stcb->asoc.primary_destination->dest_state &
1290 SCTP_ADDR_UNCONFIRMED) {
1292 * The primary is where we sent the INIT, we can
1293 * always consider it confirmed when the INIT-ACK is
1294 * returned. Do this before we load addresses
1297 stcb->asoc.primary_destination->dest_state &=
1298 ~SCTP_ADDR_UNCONFIRMED;
1299 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
1300 stcb, 0, (void *)stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED);
1302 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb,
1303 net, abort_no_unlock, vrf_id) < 0) {
1304 /* error in parsing parameters */
1307 /* update our state */
1308 SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n");
1309 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED);
1311 /* reset the RTO calc */
1312 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
1313 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
1314 stcb->asoc.overall_error_count,
1316 SCTP_FROM_SCTP_INPUT,
1319 stcb->asoc.overall_error_count = 0;
1320 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
1322 * collapse the init timer back in case of a exponential
1325 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep,
1328 * the send at the end of the inbound data processing will
1329 * cause the cookie to be sent
1332 case SCTP_STATE_SHUTDOWN_SENT:
1333 /* incorrect state... discard */
1335 case SCTP_STATE_COOKIE_ECHOED:
1336 /* incorrect state... discard */
1338 case SCTP_STATE_OPEN:
1339 /* incorrect state... discard */
1341 case SCTP_STATE_EMPTY:
1342 case SCTP_STATE_INUSE:
1344 /* incorrect state... discard */
1348 SCTPDBG(SCTP_DEBUG_INPUT1, "Leaving handle-init-ack end\n");
1352 static struct sctp_tcb *
1353 sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
1354 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1355 struct sctp_inpcb *inp, struct sctp_nets **netp,
1356 struct sockaddr *init_src, int *notification,
1357 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
1358 uint32_t vrf_id, uint16_t port);
1362 * handle a state cookie for an existing association m: input packet mbuf
1363 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a
1364 * "split" mbuf and the cookie signature does not exist offset: offset into
1365 * mbuf to the cookie-echo chunk
1367 static struct sctp_tcb *
1368 sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
1369 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1370 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets **netp,
1371 struct sockaddr *init_src, int *notification, sctp_assoc_t * sac_assoc_id,
1372 uint32_t vrf_id, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, uint16_t port)
1374 struct sctp_association *asoc;
1375 struct sctp_init_chunk *init_cp, init_buf;
1376 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1377 struct sctp_nets *net;
1378 struct mbuf *op_err;
1379 struct sctp_paramhdr *ph;
1381 int init_offset, initack_offset, i;
1387 /* I know that the TCB is non-NULL from the caller */
1389 for (how_indx = 0; how_indx < sizeof(asoc->cookie_how); how_indx++) {
1390 if (asoc->cookie_how[how_indx] == 0)
1393 if (how_indx < sizeof(asoc->cookie_how)) {
1394 asoc->cookie_how[how_indx] = 1;
1396 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
1397 /* SHUTDOWN came in after sending INIT-ACK */
1398 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
1399 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
1400 0, M_DONTWAIT, 1, MT_DATA);
1401 if (op_err == NULL) {
1406 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr);
1407 ph = mtod(op_err, struct sctp_paramhdr *);
1408 ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN);
1409 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1410 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag,
1412 if (how_indx < sizeof(asoc->cookie_how))
1413 asoc->cookie_how[how_indx] = 2;
1417 * find and validate the INIT chunk in the cookie (peer's info) the
1418 * INIT should start after the cookie-echo header struct (chunk
1419 * header, state cookie header struct)
1421 init_offset = offset += sizeof(struct sctp_cookie_echo_chunk);
1423 init_cp = (struct sctp_init_chunk *)
1424 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1425 (uint8_t *) & init_buf);
1426 if (init_cp == NULL) {
1427 /* could not pull a INIT chunk in cookie */
1430 chk_length = ntohs(init_cp->ch.chunk_length);
1431 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1435 * find and validate the INIT-ACK chunk in the cookie (my info) the
1436 * INIT-ACK follows the INIT chunk
1438 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1439 initack_cp = (struct sctp_init_ack_chunk *)
1440 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1441 (uint8_t *) & initack_buf);
1442 if (initack_cp == NULL) {
1443 /* could not pull INIT-ACK chunk in cookie */
1446 chk_length = ntohs(initack_cp->ch.chunk_length);
1447 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1450 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1451 (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) {
1453 * case D in Section 5.2.4 Table 2: MMAA process accordingly
1454 * to get into the OPEN state
1456 if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) {
1458 * Opps, this means that we somehow generated two vtag's
1459 * the same. I.e. we did:
1461 * <---INIT(tag=a)------
1462 * ----INIT-ACK(tag=t)-->
1463 * ----INIT(tag=t)------> *1
1464 * <---INIT-ACK(tag=a)---
1465 * <----CE(tag=t)------------- *2
1467 * At point *1 we should be generating a different
1468 * tag t'. Which means we would throw away the CE and send
1469 * ours instead. Basically this is case C (throw away side).
1471 if (how_indx < sizeof(asoc->cookie_how))
1472 asoc->cookie_how[how_indx] = 17;
1476 switch SCTP_GET_STATE
1478 case SCTP_STATE_COOKIE_WAIT:
1479 case SCTP_STATE_COOKIE_ECHOED:
1481 * INIT was sent but got a COOKIE_ECHO with the
1482 * correct tags... just accept it...but we must
1483 * process the init so that we can make sure we have
1484 * the right seq no's.
1486 /* First we must process the INIT !! */
1487 retval = sctp_process_init(init_cp, stcb, net);
1489 if (how_indx < sizeof(asoc->cookie_how))
1490 asoc->cookie_how[how_indx] = 3;
1493 /* we have already processed the INIT so no problem */
1494 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb,
1495 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_12);
1496 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_13);
1497 /* update current state */
1498 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)
1499 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1501 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1503 SCTP_SET_STATE(asoc, SCTP_STATE_OPEN);
1504 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1505 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1506 stcb->sctp_ep, stcb, asoc->primary_destination);
1508 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1509 sctp_stop_all_cookie_timers(stcb);
1510 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1511 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1512 (inp->sctp_socket->so_qlimit == 0)
1514 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1519 * Here is where collision would go if we
1520 * did a connect() and instead got a
1521 * init/init-ack/cookie done before the
1522 * init-ack came back..
1524 stcb->sctp_ep->sctp_flags |=
1525 SCTP_PCB_FLAGS_CONNECTED;
1526 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1527 so = SCTP_INP_SO(stcb->sctp_ep);
1528 atomic_add_int(&stcb->asoc.refcnt, 1);
1529 SCTP_TCB_UNLOCK(stcb);
1530 SCTP_SOCKET_LOCK(so, 1);
1531 SCTP_TCB_LOCK(stcb);
1532 atomic_add_int(&stcb->asoc.refcnt, -1);
1533 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1534 SCTP_SOCKET_UNLOCK(so, 1);
1538 soisconnected(stcb->sctp_socket);
1539 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1540 SCTP_SOCKET_UNLOCK(so, 1);
1543 /* notify upper layer */
1544 *notification = SCTP_NOTIFY_ASSOC_UP;
1546 * since we did not send a HB make sure we don't
1549 net->hb_responded = 1;
1550 net->RTO = sctp_calculate_rto(stcb, asoc, net,
1551 &cookie->time_entered, sctp_align_unsafe_makecopy);
1553 if (stcb->asoc.sctp_autoclose_ticks &&
1554 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) {
1555 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
1561 * we're in the OPEN state (or beyond), so peer must
1562 * have simply lost the COOKIE-ACK
1566 sctp_stop_all_cookie_timers(stcb);
1568 * We ignore the return code here.. not sure if we should
1569 * somehow abort.. but we do have an existing asoc. This
1570 * really should not fail.
1572 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1573 init_offset + sizeof(struct sctp_init_chunk),
1574 initack_offset, sh, init_src)) {
1575 if (how_indx < sizeof(asoc->cookie_how))
1576 asoc->cookie_how[how_indx] = 4;
1579 /* respond with a COOKIE-ACK */
1580 sctp_toss_old_cookies(stcb, asoc);
1581 sctp_send_cookie_ack(stcb);
1582 if (how_indx < sizeof(asoc->cookie_how))
1583 asoc->cookie_how[how_indx] = 5;
1586 if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1587 ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag &&
1588 cookie->tie_tag_my_vtag == 0 &&
1589 cookie->tie_tag_peer_vtag == 0) {
1591 * case C in Section 5.2.4 Table 2: XMOO silently discard
1593 if (how_indx < sizeof(asoc->cookie_how))
1594 asoc->cookie_how[how_indx] = 6;
1598 * If nat support, and the below and stcb is established, send back
1599 * a ABORT(colliding state) if we are established.
1601 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) &&
1602 (asoc->peer_supports_nat) &&
1603 ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1604 ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) ||
1605 (asoc->peer_vtag == 0)))) {
1607 * Special case - Peer's support nat. We may have two init's
1608 * that we gave out the same tag on since one was not
1609 * established.. i.e. we get INIT from host-1 behind the nat
1610 * and we respond tag-a, we get a INIT from host-2 behind
1611 * the nat and we get tag-a again. Then we bring up host-1
1612 * (or 2's) assoc, Then comes the cookie from hsot-2 (or 1).
1613 * Now we have colliding state. We must send an abort here
1614 * with colliding state indication.
1616 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
1617 0, M_DONTWAIT, 1, MT_DATA);
1618 if (op_err == NULL) {
1622 /* pre-reserve some space */
1624 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
1626 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
1628 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
1629 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
1631 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr);
1632 ph = mtod(op_err, struct sctp_paramhdr *);
1633 ph->param_type = htons(SCTP_CAUSE_NAT_COLLIDING_STATE);
1634 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1635 sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);
1638 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1639 ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) ||
1640 (asoc->peer_vtag == 0))) {
1642 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info
1643 * should be ok, re-accept peer info
1645 if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) {
1647 * Extension of case C. If we hit this, then the
1648 * random number generator returned the same vtag
1649 * when we first sent our INIT-ACK and when we later
1650 * sent our INIT. The side with the seq numbers that
1651 * are different will be the one that normnally
1652 * would have hit case C. This in effect "extends"
1653 * our vtags in this collision case to be 64 bits.
1654 * The same collision could occur aka you get both
1655 * vtag and seq number the same twice in a row.. but
1656 * is much less likely. If it did happen then we
1657 * would proceed through and bring up the assoc.. we
1658 * may end up with the wrong stream setup however..
1659 * which would be bad.. but there is no way to
1660 * tell.. until we send on a stream that does not
1663 if (how_indx < sizeof(asoc->cookie_how))
1664 asoc->cookie_how[how_indx] = 7;
1668 if (how_indx < sizeof(asoc->cookie_how))
1669 asoc->cookie_how[how_indx] = 8;
1670 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_14);
1671 sctp_stop_all_cookie_timers(stcb);
1673 * since we did not send a HB make sure we don't double
1676 net->hb_responded = 1;
1677 if (stcb->asoc.sctp_autoclose_ticks &&
1678 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1679 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1682 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1683 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1685 /* Note last_cwr_tsn? where is this used? */
1686 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1687 if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) {
1689 * Ok the peer probably discarded our data (if we
1690 * echoed a cookie+data). So anything on the
1691 * sent_queue should be marked for retransmit, we
1692 * may not get something to kick us so it COULD
1693 * still take a timeout to move these.. but it can't
1694 * hurt to mark them.
1696 struct sctp_tmit_chunk *chk;
1698 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
1699 if (chk->sent < SCTP_DATAGRAM_RESEND) {
1700 chk->sent = SCTP_DATAGRAM_RESEND;
1701 sctp_flight_size_decrease(chk);
1702 sctp_total_flight_decrease(stcb, chk);
1703 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1709 /* process the INIT info (peer's info) */
1710 retval = sctp_process_init(init_cp, stcb, net);
1712 if (how_indx < sizeof(asoc->cookie_how))
1713 asoc->cookie_how[how_indx] = 9;
1716 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1717 init_offset + sizeof(struct sctp_init_chunk),
1718 initack_offset, sh, init_src)) {
1719 if (how_indx < sizeof(asoc->cookie_how))
1720 asoc->cookie_how[how_indx] = 10;
1723 if ((asoc->state & SCTP_STATE_COOKIE_WAIT) ||
1724 (asoc->state & SCTP_STATE_COOKIE_ECHOED)) {
1725 *notification = SCTP_NOTIFY_ASSOC_UP;
1727 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1728 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1729 (inp->sctp_socket->so_qlimit == 0)) {
1730 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1734 stcb->sctp_ep->sctp_flags |=
1735 SCTP_PCB_FLAGS_CONNECTED;
1736 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1737 so = SCTP_INP_SO(stcb->sctp_ep);
1738 atomic_add_int(&stcb->asoc.refcnt, 1);
1739 SCTP_TCB_UNLOCK(stcb);
1740 SCTP_SOCKET_LOCK(so, 1);
1741 SCTP_TCB_LOCK(stcb);
1742 atomic_add_int(&stcb->asoc.refcnt, -1);
1743 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1744 SCTP_SOCKET_UNLOCK(so, 1);
1748 soisconnected(stcb->sctp_socket);
1749 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1750 SCTP_SOCKET_UNLOCK(so, 1);
1753 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)
1754 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1756 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1757 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1758 } else if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
1759 SCTP_STAT_INCR_COUNTER32(sctps_restartestab);
1761 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1763 SCTP_SET_STATE(asoc, SCTP_STATE_OPEN);
1764 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1765 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1766 stcb->sctp_ep, stcb, asoc->primary_destination);
1768 sctp_stop_all_cookie_timers(stcb);
1769 sctp_toss_old_cookies(stcb, asoc);
1770 sctp_send_cookie_ack(stcb);
1773 * only if we have retrans set do we do this. What
1774 * this call does is get only the COOKIE-ACK out and
1775 * then when we return the normal call to
1776 * sctp_chunk_output will get the retrans out behind
1779 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_COOKIE_ACK, SCTP_SO_NOT_LOCKED);
1781 if (how_indx < sizeof(asoc->cookie_how))
1782 asoc->cookie_how[how_indx] = 11;
1786 if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1787 ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) &&
1788 cookie->tie_tag_my_vtag == asoc->my_vtag_nonce &&
1789 cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce &&
1790 cookie->tie_tag_peer_vtag != 0) {
1791 struct sctpasochead *head;
1793 if (asoc->peer_supports_nat) {
1795 * This is a gross gross hack. just call the
1796 * cookie_new code since we are allowing a duplicate
1797 * association. I hope this works...
1799 return (sctp_process_cookie_new(m, iphlen, offset, sh, cookie, cookie_len,
1800 inp, netp, init_src, notification,
1801 auth_skipped, auth_offset, auth_len,
1805 * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
1808 if (how_indx < sizeof(asoc->cookie_how))
1809 asoc->cookie_how[how_indx] = 12;
1810 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_15);
1811 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
1813 *sac_assoc_id = sctp_get_associd(stcb);
1814 /* notify upper layer */
1815 *notification = SCTP_NOTIFY_ASSOC_RESTART;
1816 atomic_add_int(&stcb->asoc.refcnt, 1);
1817 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_OPEN) &&
1818 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
1819 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
1820 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1822 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
1823 SCTP_STAT_INCR_GAUGE32(sctps_restartestab);
1824 } else if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) {
1825 SCTP_STAT_INCR_GAUGE32(sctps_collisionestab);
1827 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1828 SCTP_SET_STATE(asoc, SCTP_STATE_OPEN);
1829 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1830 stcb->sctp_ep, stcb, asoc->primary_destination);
1832 } else if (!(asoc->state & SCTP_STATE_SHUTDOWN_SENT)) {
1833 /* move to OPEN state, if not in SHUTDOWN_SENT */
1834 SCTP_SET_STATE(asoc, SCTP_STATE_OPEN);
1836 asoc->pre_open_streams =
1837 ntohs(initack_cp->init.num_outbound_streams);
1838 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1839 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1840 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1;
1842 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1843 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1845 asoc->str_reset_seq_in = asoc->init_seq_number;
1847 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1848 if (asoc->mapping_array) {
1849 memset(asoc->mapping_array, 0,
1850 asoc->mapping_array_size);
1852 /* EY 05/13/08 - nr_sack version of the above if statement */
1853 if (asoc->nr_mapping_array && SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)
1854 && asoc->peer_supports_nr_sack) {
1855 memset(asoc->nr_mapping_array, 0,
1856 asoc->nr_mapping_array_size);
1858 SCTP_TCB_UNLOCK(stcb);
1859 SCTP_INP_INFO_WLOCK();
1860 SCTP_INP_WLOCK(stcb->sctp_ep);
1861 SCTP_TCB_LOCK(stcb);
1862 atomic_add_int(&stcb->asoc.refcnt, -1);
1863 /* send up all the data */
1864 SCTP_TCB_SEND_LOCK(stcb);
1866 sctp_report_all_outbound(stcb, 1, SCTP_SO_NOT_LOCKED);
1867 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1868 stcb->asoc.strmout[i].stream_no = i;
1869 stcb->asoc.strmout[i].next_sequence_sent = 0;
1870 stcb->asoc.strmout[i].last_msg_incomplete = 0;
1872 /* process the INIT-ACK info (my info) */
1873 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1874 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1876 /* pull from vtag hash */
1877 LIST_REMOVE(stcb, sctp_asocs);
1878 /* re-insert to new vtag position */
1879 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1880 SCTP_BASE_INFO(hashasocmark))];
1882 * put it in the bucket in the vtag hash of assoc's for the
1885 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1887 /* process the INIT info (peer's info) */
1888 SCTP_TCB_SEND_UNLOCK(stcb);
1889 SCTP_INP_WUNLOCK(stcb->sctp_ep);
1890 SCTP_INP_INFO_WUNLOCK();
1892 retval = sctp_process_init(init_cp, stcb, net);
1894 if (how_indx < sizeof(asoc->cookie_how))
1895 asoc->cookie_how[how_indx] = 13;
1900 * since we did not send a HB make sure we don't double
1903 net->hb_responded = 1;
1905 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1906 init_offset + sizeof(struct sctp_init_chunk),
1907 initack_offset, sh, init_src)) {
1908 if (how_indx < sizeof(asoc->cookie_how))
1909 asoc->cookie_how[how_indx] = 14;
1913 /* respond with a COOKIE-ACK */
1914 sctp_stop_all_cookie_timers(stcb);
1915 sctp_toss_old_cookies(stcb, asoc);
1916 sctp_send_cookie_ack(stcb);
1917 if (how_indx < sizeof(asoc->cookie_how))
1918 asoc->cookie_how[how_indx] = 15;
1922 if (how_indx < sizeof(asoc->cookie_how))
1923 asoc->cookie_how[how_indx] = 16;
1924 /* all other cases... */
1930 * handle a state cookie for a new association m: input packet mbuf chain--
1931 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf
1932 * and the cookie signature does not exist offset: offset into mbuf to the
1933 * cookie-echo chunk length: length of the cookie chunk to: where the init
1934 * was from returns a new TCB
1937 sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
1938 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1939 struct sctp_inpcb *inp, struct sctp_nets **netp,
1940 struct sockaddr *init_src, int *notification,
1941 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
1942 uint32_t vrf_id, uint16_t port)
1944 struct sctp_tcb *stcb;
1945 struct sctp_init_chunk *init_cp, init_buf;
1946 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1947 struct sockaddr_storage sa_store;
1948 struct sockaddr *initack_src = (struct sockaddr *)&sa_store;
1949 struct sockaddr_in *sin;
1950 struct sockaddr_in6 *sin6;
1951 struct sctp_association *asoc;
1953 int init_offset, initack_offset, initack_limit;
1957 uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE];
1959 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1962 so = SCTP_INP_SO(inp);
1966 * find and validate the INIT chunk in the cookie (peer's info) the
1967 * INIT should start after the cookie-echo header struct (chunk
1968 * header, state cookie header struct)
1970 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk);
1971 init_cp = (struct sctp_init_chunk *)
1972 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1973 (uint8_t *) & init_buf);
1974 if (init_cp == NULL) {
1975 /* could not pull a INIT chunk in cookie */
1976 SCTPDBG(SCTP_DEBUG_INPUT1,
1977 "process_cookie_new: could not pull INIT chunk hdr\n");
1980 chk_length = ntohs(init_cp->ch.chunk_length);
1981 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1982 SCTPDBG(SCTP_DEBUG_INPUT1, "HUH? process_cookie_new: could not find INIT chunk!\n");
1985 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1987 * find and validate the INIT-ACK chunk in the cookie (my info) the
1988 * INIT-ACK follows the INIT chunk
1990 initack_cp = (struct sctp_init_ack_chunk *)
1991 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1992 (uint8_t *) & initack_buf);
1993 if (initack_cp == NULL) {
1994 /* could not pull INIT-ACK chunk in cookie */
1995 SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: could not pull INIT-ACK chunk hdr\n");
1998 chk_length = ntohs(initack_cp->ch.chunk_length);
1999 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
2003 * NOTE: We can't use the INIT_ACK's chk_length to determine the
2004 * "initack_limit" value. This is because the chk_length field
2005 * includes the length of the cookie, but the cookie is omitted when
2006 * the INIT and INIT_ACK are tacked onto the cookie...
2008 initack_limit = offset + cookie_len;
2011 * now that we know the INIT/INIT-ACK are in place, create a new TCB
2016 * Here we do a trick, we set in NULL for the proc/thread argument.
2017 * We do this since in effect we only use the p argument when the
2018 * socket is unbound and we must do an implicit bind. Since we are
2019 * getting a cookie, we cannot be unbound.
2021 stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
2022 ntohl(initack_cp->init.initiate_tag), vrf_id,
2023 (struct thread *)NULL
2026 struct mbuf *op_err;
2028 /* memory problem? */
2029 SCTPDBG(SCTP_DEBUG_INPUT1,
2030 "process_cookie_new: no room for another TCB!\n");
2031 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2033 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
2034 sh, op_err, vrf_id, port);
2037 /* get the correct sctp_nets */
2039 *netp = sctp_findnet(stcb, init_src);
2042 /* get scope variables out of cookie */
2043 asoc->ipv4_local_scope = cookie->ipv4_scope;
2044 asoc->site_scope = cookie->site_scope;
2045 asoc->local_scope = cookie->local_scope;
2046 asoc->loopback_scope = cookie->loopback_scope;
2048 if ((asoc->ipv4_addr_legal != cookie->ipv4_addr_legal) ||
2049 (asoc->ipv6_addr_legal != cookie->ipv6_addr_legal)) {
2050 struct mbuf *op_err;
2053 * Houston we have a problem. The EP changed while the
2054 * cookie was in flight. Only recourse is to abort the
2057 atomic_add_int(&stcb->asoc.refcnt, 1);
2058 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2059 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
2060 sh, op_err, vrf_id, port);
2061 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2062 SCTP_TCB_UNLOCK(stcb);
2063 SCTP_SOCKET_LOCK(so, 1);
2064 SCTP_TCB_LOCK(stcb);
2066 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
2067 SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
2068 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2069 SCTP_SOCKET_UNLOCK(so, 1);
2071 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2074 /* process the INIT-ACK info (my info) */
2075 old_tag = asoc->my_vtag;
2076 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
2077 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
2078 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
2079 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
2080 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
2081 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1;
2082 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
2083 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
2084 asoc->str_reset_seq_in = asoc->init_seq_number;
2086 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
2088 /* process the INIT info (peer's info) */
2090 retval = sctp_process_init(init_cp, stcb, *netp);
2094 atomic_add_int(&stcb->asoc.refcnt, 1);
2095 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2096 SCTP_TCB_UNLOCK(stcb);
2097 SCTP_SOCKET_LOCK(so, 1);
2098 SCTP_TCB_LOCK(stcb);
2100 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
2101 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2102 SCTP_SOCKET_UNLOCK(so, 1);
2104 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2107 /* load all addresses */
2108 if (sctp_load_addresses_from_init(stcb, m, iphlen,
2109 init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh,
2111 atomic_add_int(&stcb->asoc.refcnt, 1);
2112 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2113 SCTP_TCB_UNLOCK(stcb);
2114 SCTP_SOCKET_LOCK(so, 1);
2115 SCTP_TCB_LOCK(stcb);
2117 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17);
2118 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2119 SCTP_SOCKET_UNLOCK(so, 1);
2121 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2125 * verify any preceding AUTH chunk that was skipped
2127 /* pull the local authentication parameters from the cookie/init-ack */
2128 sctp_auth_get_cookie_params(stcb, m,
2129 initack_offset + sizeof(struct sctp_init_ack_chunk),
2130 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)));
2132 struct sctp_auth_chunk *auth;
2134 auth = (struct sctp_auth_chunk *)
2135 sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
2136 if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) {
2137 /* auth HMAC failed, dump the assoc and packet */
2138 SCTPDBG(SCTP_DEBUG_AUTH1,
2139 "COOKIE-ECHO: AUTH failed\n");
2140 atomic_add_int(&stcb->asoc.refcnt, 1);
2141 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2142 SCTP_TCB_UNLOCK(stcb);
2143 SCTP_SOCKET_LOCK(so, 1);
2144 SCTP_TCB_LOCK(stcb);
2146 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_18);
2147 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2148 SCTP_SOCKET_UNLOCK(so, 1);
2150 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2153 /* remaining chunks checked... good to go */
2154 stcb->asoc.authenticated = 1;
2157 /* update current state */
2158 SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n");
2159 SCTP_SET_STATE(asoc, SCTP_STATE_OPEN);
2160 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
2161 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
2162 stcb->sctp_ep, stcb, asoc->primary_destination);
2164 sctp_stop_all_cookie_timers(stcb);
2165 SCTP_STAT_INCR_COUNTER32(sctps_passiveestab);
2166 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
2169 * if we're doing ASCONFs, check to see if we have any new local
2170 * addresses that need to get added to the peer (eg. addresses
2171 * changed while cookie echo in flight). This needs to be done
2172 * after we go to the OPEN state to do the correct asconf
2173 * processing. else, make sure we have the correct addresses in our
2177 /* warning, we re-use sin, sin6, sa_store here! */
2178 /* pull in local_address (our "from" address) */
2179 if (cookie->laddr_type == SCTP_IPV4_ADDRESS) {
2180 /* source addr is IPv4 */
2181 sin = (struct sockaddr_in *)initack_src;
2182 memset(sin, 0, sizeof(*sin));
2183 sin->sin_family = AF_INET;
2184 sin->sin_len = sizeof(struct sockaddr_in);
2185 sin->sin_addr.s_addr = cookie->laddress[0];
2186 } else if (cookie->laddr_type == SCTP_IPV6_ADDRESS) {
2187 /* source addr is IPv6 */
2188 sin6 = (struct sockaddr_in6 *)initack_src;
2189 memset(sin6, 0, sizeof(*sin6));
2190 sin6->sin6_family = AF_INET6;
2191 sin6->sin6_len = sizeof(struct sockaddr_in6);
2192 sin6->sin6_scope_id = cookie->scope_id;
2193 memcpy(&sin6->sin6_addr, cookie->laddress,
2194 sizeof(sin6->sin6_addr));
2196 atomic_add_int(&stcb->asoc.refcnt, 1);
2197 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2198 SCTP_TCB_UNLOCK(stcb);
2199 SCTP_SOCKET_LOCK(so, 1);
2200 SCTP_TCB_LOCK(stcb);
2202 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19);
2203 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2204 SCTP_SOCKET_UNLOCK(so, 1);
2206 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2210 /* set up to notify upper layer */
2211 *notification = SCTP_NOTIFY_ASSOC_UP;
2212 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
2213 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
2214 (inp->sctp_socket->so_qlimit == 0)) {
2216 * This is an endpoint that called connect() how it got a
2217 * cookie that is NEW is a bit of a mystery. It must be that
2218 * the INIT was sent, but before it got there.. a complete
2219 * INIT/INIT-ACK/COOKIE arrived. But of course then it
2220 * should have went to the other code.. not here.. oh well..
2221 * a bit of protection is worth having..
2223 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
2224 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2225 atomic_add_int(&stcb->asoc.refcnt, 1);
2226 SCTP_TCB_UNLOCK(stcb);
2227 SCTP_SOCKET_LOCK(so, 1);
2228 SCTP_TCB_LOCK(stcb);
2229 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2230 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
2231 SCTP_SOCKET_UNLOCK(so, 1);
2235 soisconnected(stcb->sctp_socket);
2236 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2237 SCTP_SOCKET_UNLOCK(so, 1);
2239 } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
2240 (inp->sctp_socket->so_qlimit)) {
2242 * We don't want to do anything with this one. Since it is
2243 * the listening guy. The timer will get started for
2244 * accepted connections in the caller.
2248 /* since we did not send a HB make sure we don't double things */
2249 if ((netp) && (*netp))
2250 (*netp)->hb_responded = 1;
2252 if (stcb->asoc.sctp_autoclose_ticks &&
2253 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
2254 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
2256 /* calculate the RTT */
2257 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
2258 if ((netp) && (*netp)) {
2259 (*netp)->RTO = sctp_calculate_rto(stcb, asoc, *netp,
2260 &cookie->time_entered, sctp_align_unsafe_makecopy);
2262 /* respond with a COOKIE-ACK */
2263 sctp_send_cookie_ack(stcb);
2266 * check the address lists for any ASCONFs that need to be sent
2267 * AFTER the cookie-ack is sent
2269 sctp_check_address_list(stcb, m,
2270 initack_offset + sizeof(struct sctp_init_ack_chunk),
2271 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)),
2272 initack_src, cookie->local_scope, cookie->site_scope,
2273 cookie->ipv4_scope, cookie->loopback_scope);
2280 * CODE LIKE THIS NEEDS TO RUN IF the peer supports the NAT extension, i.e
2281 * we NEED to make sure we are not already using the vtag. If so we
2282 * need to send back an ABORT-TRY-AGAIN-WITH-NEW-TAG No middle box bit!
2283 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag,
2284 SCTP_BASE_INFO(hashasocmark))];
2285 LIST_FOREACH(stcb, head, sctp_asocs) {
2286 if ((stcb->asoc.my_vtag == tag) && (stcb->rport == rport) && (inp == stcb->sctp_ep)) {
2287 -- SEND ABORT - TRY AGAIN --
2293 * handles a COOKIE-ECHO message stcb: modified to either a new or left as
2294 * existing (non-NULL) TCB
2296 static struct mbuf *
2297 sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
2298 struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp,
2299 struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp,
2300 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
2301 struct sctp_tcb **locked_tcb, uint32_t vrf_id, uint16_t port)
2303 struct sctp_state_cookie *cookie;
2304 struct sockaddr_in6 sin6;
2305 struct sockaddr_in sin;
2306 struct sctp_tcb *l_stcb = *stcb;
2307 struct sctp_inpcb *l_inp;
2308 struct sockaddr *to;
2309 sctp_assoc_t sac_restart_id;
2310 struct sctp_pcb *ep;
2312 uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE];
2314 uint8_t cookie_ok = 0;
2315 unsigned int size_of_pkt, sig_offset, cookie_offset;
2316 unsigned int cookie_len;
2318 struct timeval time_expires;
2319 struct sockaddr_storage dest_store;
2320 struct sockaddr *localep_sa = (struct sockaddr *)&dest_store;
2322 int notification = 0;
2323 struct sctp_nets *netl;
2324 int had_a_existing_tcb = 0;
2326 SCTPDBG(SCTP_DEBUG_INPUT2,
2327 "sctp_handle_cookie: handling COOKIE-ECHO\n");
2329 if (inp_p == NULL) {
2332 /* First get the destination address setup too. */
2333 iph = mtod(m, struct ip *);
2334 switch (iph->ip_v) {
2338 struct sockaddr_in *lsin;
2340 lsin = (struct sockaddr_in *)(localep_sa);
2341 memset(lsin, 0, sizeof(*lsin));
2342 lsin->sin_family = AF_INET;
2343 lsin->sin_len = sizeof(*lsin);
2344 lsin->sin_port = sh->dest_port;
2345 lsin->sin_addr.s_addr = iph->ip_dst.s_addr;
2346 size_of_pkt = SCTP_GET_IPV4_LENGTH(iph);
2350 case IPV6_VERSION >> 4:
2353 struct ip6_hdr *ip6;
2354 struct sockaddr_in6 *lsin6;
2356 lsin6 = (struct sockaddr_in6 *)(localep_sa);
2357 memset(lsin6, 0, sizeof(*lsin6));
2358 lsin6->sin6_family = AF_INET6;
2359 lsin6->sin6_len = sizeof(struct sockaddr_in6);
2360 ip6 = mtod(m, struct ip6_hdr *);
2361 lsin6->sin6_port = sh->dest_port;
2362 lsin6->sin6_addr = ip6->ip6_dst;
2363 size_of_pkt = SCTP_GET_IPV6_LENGTH(ip6) + iphlen;
2371 cookie = &cp->cookie;
2372 cookie_offset = offset + sizeof(struct sctp_chunkhdr);
2373 cookie_len = ntohs(cp->ch.chunk_length);
2375 if ((cookie->peerport != sh->src_port) &&
2376 (cookie->myport != sh->dest_port) &&
2377 (cookie->my_vtag != sh->v_tag)) {
2379 * invalid ports or bad tag. Note that we always leave the
2380 * v_tag in the header in network order and when we stored
2381 * it in the my_vtag slot we also left it in network order.
2382 * This maintains the match even though it may be in the
2383 * opposite byte order of the machine :->
2387 if (cookie_len > size_of_pkt ||
2388 cookie_len < sizeof(struct sctp_cookie_echo_chunk) +
2389 sizeof(struct sctp_init_chunk) +
2390 sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) {
2391 /* cookie too long! or too small */
2395 * split off the signature into its own mbuf (since it should not be
2396 * calculated in the sctp_hmac_m() call).
2398 sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE;
2399 if (sig_offset > size_of_pkt) {
2400 /* packet not correct size! */
2401 /* XXX this may already be accounted for earlier... */
2404 m_sig = m_split(m, sig_offset, M_DONTWAIT);
2405 if (m_sig == NULL) {
2406 /* out of memory or ?? */
2409 #ifdef SCTP_MBUF_LOGGING
2410 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
2415 if (SCTP_BUF_IS_EXTENDED(mat)) {
2416 sctp_log_mb(mat, SCTP_MBUF_SPLIT);
2418 mat = SCTP_BUF_NEXT(mat);
2424 * compute the signature/digest for the cookie
2426 ep = &(*inp_p)->sctp_ep;
2429 SCTP_TCB_UNLOCK(l_stcb);
2431 SCTP_INP_RLOCK(l_inp);
2433 SCTP_TCB_LOCK(l_stcb);
2435 /* which cookie is it? */
2436 if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) &&
2437 (ep->current_secret_number != ep->last_secret_number)) {
2438 /* it's the old cookie */
2439 (void)sctp_hmac_m(SCTP_HMAC,
2440 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
2441 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0);
2443 /* it's the current cookie */
2444 (void)sctp_hmac_m(SCTP_HMAC,
2445 (uint8_t *) ep->secret_key[(int)ep->current_secret_number],
2446 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0);
2448 /* get the signature */
2449 SCTP_INP_RUNLOCK(l_inp);
2450 sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig);
2452 /* couldn't find signature */
2453 sctp_m_freem(m_sig);
2456 /* compare the received digest with the computed digest */
2457 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
2458 /* try the old cookie? */
2459 if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
2460 (ep->current_secret_number != ep->last_secret_number)) {
2461 /* compute digest with old */
2462 (void)sctp_hmac_m(SCTP_HMAC,
2463 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
2464 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0);
2466 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
2474 * Now before we continue we must reconstruct our mbuf so that
2475 * normal processing of any other chunks will work.
2481 while (SCTP_BUF_NEXT(m_at) != NULL) {
2482 m_at = SCTP_BUF_NEXT(m_at);
2484 SCTP_BUF_NEXT(m_at) = m_sig;
2487 if (cookie_ok == 0) {
2488 SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: cookie signature validation failed!\n");
2489 SCTPDBG(SCTP_DEBUG_INPUT2,
2490 "offset = %u, cookie_offset = %u, sig_offset = %u\n",
2491 (uint32_t) offset, cookie_offset, sig_offset);
2495 * check the cookie timestamps to be sure it's not stale
2497 (void)SCTP_GETTIME_TIMEVAL(&now);
2498 /* Expire time is in Ticks, so we convert to seconds */
2499 time_expires.tv_sec = cookie->time_entered.tv_sec + TICKS_TO_SEC(cookie->cookie_life);
2500 time_expires.tv_usec = cookie->time_entered.tv_usec;
2502 * TODO sctp_constants.h needs alternative time macros when _KERNEL
2505 if (timevalcmp(&now, &time_expires, >)) {
2506 /* cookie is stale! */
2507 struct mbuf *op_err;
2508 struct sctp_stale_cookie_msg *scm;
2511 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_stale_cookie_msg),
2512 0, M_DONTWAIT, 1, MT_DATA);
2513 if (op_err == NULL) {
2518 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_stale_cookie_msg);
2519 scm = mtod(op_err, struct sctp_stale_cookie_msg *);
2520 scm->ph.param_type = htons(SCTP_CAUSE_STALE_COOKIE);
2521 scm->ph.param_length = htons((sizeof(struct sctp_paramhdr) +
2522 (sizeof(uint32_t))));
2523 /* seconds to usec */
2524 tim = (now.tv_sec - time_expires.tv_sec) * 1000000;
2527 tim = now.tv_usec - cookie->time_entered.tv_usec;
2528 scm->time_usec = htonl(tim);
2529 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag,
2534 * Now we must see with the lookup address if we have an existing
2535 * asoc. This will only happen if we were in the COOKIE-WAIT state
2536 * and a INIT collided with us and somewhere the peer sent the
2537 * cookie on another address besides the single address our assoc
2538 * had for him. In this case we will have one of the tie-tags set at
2539 * least AND the address field in the cookie can be used to look it
2543 if (cookie->addr_type == SCTP_IPV6_ADDRESS) {
2544 memset(&sin6, 0, sizeof(sin6));
2545 sin6.sin6_family = AF_INET6;
2546 sin6.sin6_len = sizeof(sin6);
2547 sin6.sin6_port = sh->src_port;
2548 sin6.sin6_scope_id = cookie->scope_id;
2549 memcpy(&sin6.sin6_addr.s6_addr, cookie->address,
2550 sizeof(sin6.sin6_addr.s6_addr));
2551 to = (struct sockaddr *)&sin6;
2552 } else if (cookie->addr_type == SCTP_IPV4_ADDRESS) {
2553 memset(&sin, 0, sizeof(sin));
2554 sin.sin_family = AF_INET;
2555 sin.sin_len = sizeof(sin);
2556 sin.sin_port = sh->src_port;
2557 sin.sin_addr.s_addr = cookie->address[0];
2558 to = (struct sockaddr *)&sin;
2560 /* This should not happen */
2563 if ((*stcb == NULL) && to) {
2564 /* Yep, lets check */
2565 *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, localep_sa, NULL);
2566 if (*stcb == NULL) {
2568 * We should have only got back the same inp. If we
2569 * got back a different ep we have a problem. The
2570 * original findep got back l_inp and now
2572 if (l_inp != *inp_p) {
2573 SCTP_PRINTF("Bad problem find_ep got a diff inp then special_locate?\n");
2576 if (*locked_tcb == NULL) {
2578 * In this case we found the assoc only
2579 * after we locked the create lock. This
2580 * means we are in a colliding case and we
2581 * must make sure that we unlock the tcb if
2582 * its one of the cases where we throw away
2583 * the incoming packets.
2585 *locked_tcb = *stcb;
2588 * We must also increment the inp ref count
2589 * since the ref_count flags was set when we
2590 * did not find the TCB, now we found it
2591 * which reduces the refcount.. we must
2592 * raise it back out to balance it all :-)
2594 SCTP_INP_INCR_REF((*stcb)->sctp_ep);
2595 if ((*stcb)->sctp_ep != l_inp) {
2596 SCTP_PRINTF("Huh? ep:%p diff then l_inp:%p?\n",
2597 (*stcb)->sctp_ep, l_inp);
2605 cookie_len -= SCTP_SIGNATURE_SIZE;
2606 if (*stcb == NULL) {
2607 /* this is the "normal" case... get a new TCB */
2608 *stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie,
2609 cookie_len, *inp_p, netp, to, ¬ification,
2610 auth_skipped, auth_offset, auth_len, vrf_id, port);
2612 /* this is abnormal... cookie-echo on existing TCB */
2613 had_a_existing_tcb = 1;
2614 *stcb = sctp_process_cookie_existing(m, iphlen, offset, sh,
2615 cookie, cookie_len, *inp_p, *stcb, netp, to,
2616 ¬ification, &sac_restart_id, vrf_id, auth_skipped, auth_offset, auth_len, port);
2619 if (*stcb == NULL) {
2620 /* still no TCB... must be bad cookie-echo */
2624 * Ok, we built an association so confirm the address we sent the
2627 netl = sctp_findnet(*stcb, to);
2629 * This code should in theory NOT run but
2632 /* TSNH! Huh, why do I need to add this address here? */
2635 ret = sctp_add_remote_addr(*stcb, to, SCTP_DONOT_SETSCOPE,
2636 SCTP_IN_COOKIE_PROC);
2637 netl = sctp_findnet(*stcb, to);
2640 if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) {
2641 netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
2642 (void)sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL,
2644 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
2645 (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED);
2649 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, *inp_p,
2652 if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
2653 if (!had_a_existing_tcb ||
2654 (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) {
2656 * If we have a NEW cookie or the connect never
2657 * reached the connected state during collision we
2658 * must do the TCP accept thing.
2660 struct socket *so, *oso;
2661 struct sctp_inpcb *inp;
2663 if (notification == SCTP_NOTIFY_ASSOC_RESTART) {
2665 * For a restart we will keep the same
2666 * socket, no need to do anything. I THINK!!
2668 sctp_ulp_notify(notification, *stcb, 0, (void *)&sac_restart_id, SCTP_SO_NOT_LOCKED);
2671 oso = (*inp_p)->sctp_socket;
2672 atomic_add_int(&(*stcb)->asoc.refcnt, 1);
2673 SCTP_TCB_UNLOCK((*stcb));
2674 so = sonewconn(oso, 0
2676 SCTP_TCB_LOCK((*stcb));
2677 atomic_subtract_int(&(*stcb)->asoc.refcnt, 1);
2680 struct mbuf *op_err;
2682 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2683 struct socket *pcb_so;
2686 /* Too many sockets */
2687 SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n");
2688 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2689 sctp_abort_association(*inp_p, NULL, m, iphlen,
2690 sh, op_err, vrf_id, port);
2691 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2692 pcb_so = SCTP_INP_SO(*inp_p);
2693 atomic_add_int(&(*stcb)->asoc.refcnt, 1);
2694 SCTP_TCB_UNLOCK((*stcb));
2695 SCTP_SOCKET_LOCK(pcb_so, 1);
2696 SCTP_TCB_LOCK((*stcb));
2697 atomic_subtract_int(&(*stcb)->asoc.refcnt, 1);
2699 (void)sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_20);
2700 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2701 SCTP_SOCKET_UNLOCK(pcb_so, 1);
2705 inp = (struct sctp_inpcb *)so->so_pcb;
2706 SCTP_INP_INCR_REF(inp);
2708 * We add the unbound flag here so that if we get an
2709 * soabort() before we get the move_pcb done, we
2710 * will properly cleanup.
2712 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2713 SCTP_PCB_FLAGS_CONNECTED |
2714 SCTP_PCB_FLAGS_IN_TCPPOOL |
2715 SCTP_PCB_FLAGS_UNBOUND |
2716 (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) |
2717 SCTP_PCB_FLAGS_DONT_WAKE);
2718 inp->sctp_features = (*inp_p)->sctp_features;
2719 inp->sctp_mobility_features = (*inp_p)->sctp_mobility_features;
2720 inp->sctp_socket = so;
2721 inp->sctp_frag_point = (*inp_p)->sctp_frag_point;
2722 inp->partial_delivery_point = (*inp_p)->partial_delivery_point;
2723 inp->sctp_context = (*inp_p)->sctp_context;
2724 inp->inp_starting_point_for_iterator = NULL;
2726 * copy in the authentication parameters from the
2729 if (inp->sctp_ep.local_hmacs)
2730 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
2731 inp->sctp_ep.local_hmacs =
2732 sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs);
2733 if (inp->sctp_ep.local_auth_chunks)
2734 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
2735 inp->sctp_ep.local_auth_chunks =
2736 sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks);
2739 * Now we must move it from one hash table to
2740 * another and get the tcb in the right place.
2742 sctp_move_pcb_and_assoc(*inp_p, inp, *stcb);
2744 atomic_add_int(&(*stcb)->asoc.refcnt, 1);
2745 SCTP_TCB_UNLOCK((*stcb));
2747 sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb,
2749 SCTP_TCB_LOCK((*stcb));
2750 atomic_subtract_int(&(*stcb)->asoc.refcnt, 1);
2754 * now we must check to see if we were aborted while
2755 * the move was going on and the lock/unlock
2758 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
2760 * yep it was, we leave the assoc attached
2761 * to the socket since the sctp_inpcb_free()
2762 * call will send an abort for us.
2764 SCTP_INP_DECR_REF(inp);
2767 SCTP_INP_DECR_REF(inp);
2768 /* Switch over to the new guy */
2770 sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
2773 * Pull it from the incomplete queue and wake the
2776 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2777 atomic_add_int(&(*stcb)->asoc.refcnt, 1);
2778 SCTP_TCB_UNLOCK((*stcb));
2779 SCTP_SOCKET_LOCK(so, 1);
2782 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2783 SCTP_TCB_LOCK((*stcb));
2784 atomic_subtract_int(&(*stcb)->asoc.refcnt, 1);
2785 SCTP_SOCKET_UNLOCK(so, 1);
2790 if ((notification) && ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
2791 sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
2797 sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp,
2798 struct sctp_tcb *stcb, struct sctp_nets *net)
2800 /* cp must not be used, others call this without a c-ack :-) */
2801 struct sctp_association *asoc;
2803 SCTPDBG(SCTP_DEBUG_INPUT2,
2804 "sctp_handle_cookie_ack: handling COOKIE-ACK\n");
2810 sctp_stop_all_cookie_timers(stcb);
2811 /* process according to association state */
2812 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
2813 /* state change only needed when I am in right state */
2814 SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n");
2815 SCTP_SET_STATE(asoc, SCTP_STATE_OPEN);
2816 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
2817 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
2818 stcb->sctp_ep, stcb, asoc->primary_destination);
2822 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
2823 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
2824 if (asoc->overall_error_count == 0) {
2825 net->RTO = sctp_calculate_rto(stcb, asoc, net,
2826 &asoc->time_entered, sctp_align_safe_nocopy);
2828 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
2829 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
2830 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
2831 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
2832 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2836 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
2837 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2838 so = SCTP_INP_SO(stcb->sctp_ep);
2839 atomic_add_int(&stcb->asoc.refcnt, 1);
2840 SCTP_TCB_UNLOCK(stcb);
2841 SCTP_SOCKET_LOCK(so, 1);
2842 SCTP_TCB_LOCK(stcb);
2843 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2844 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
2845 SCTP_SOCKET_UNLOCK(so, 1);
2849 soisconnected(stcb->sctp_socket);
2850 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2851 SCTP_SOCKET_UNLOCK(so, 1);
2854 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
2857 * since we did not send a HB make sure we don't double
2860 net->hb_responded = 1;
2862 if (stcb->asoc.sctp_autoclose_ticks &&
2863 sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) {
2864 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
2865 stcb->sctp_ep, stcb, NULL);
2868 * send ASCONF if parameters are pending and ASCONFs are
2869 * allowed (eg. addresses changed when init/cookie echo were
2872 if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) &&
2873 (stcb->asoc.peer_supports_asconf) &&
2874 (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) {
2875 #ifdef SCTP_TIMER_BASED_ASCONF
2876 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF,
2877 stcb->sctp_ep, stcb,
2878 stcb->asoc.primary_destination);
2880 sctp_send_asconf(stcb, stcb->asoc.primary_destination,
2881 SCTP_ADDR_NOT_LOCKED);
2885 /* Toss the cookie if I can */
2886 sctp_toss_old_cookies(stcb, asoc);
2887 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
2888 /* Restart the timer if we have pending data */
2889 struct sctp_tmit_chunk *chk;
2891 chk = TAILQ_FIRST(&asoc->sent_queue);
2893 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2900 sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp,
2901 struct sctp_tcb *stcb)
2903 struct sctp_nets *net;
2904 struct sctp_tmit_chunk *lchk;
2907 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_ecne_chunk)) {
2910 SCTP_STAT_INCR(sctps_recvecne);
2911 tsn = ntohl(cp->tsn);
2912 /* ECN Nonce stuff: need a resync and disable the nonce sum check */
2913 /* Also we make sure we disable the nonce_wait */
2914 lchk = TAILQ_FIRST(&stcb->asoc.send_queue);
2916 stcb->asoc.nonce_resync_tsn = stcb->asoc.sending_seq;
2918 stcb->asoc.nonce_resync_tsn = lchk->rec.data.TSN_seq;
2920 stcb->asoc.nonce_wait_for_ecne = 0;
2921 stcb->asoc.nonce_sum_check = 0;
2923 /* Find where it was sent, if possible */
2925 lchk = TAILQ_FIRST(&stcb->asoc.sent_queue);
2927 if (lchk->rec.data.TSN_seq == tsn) {
2931 if (compare_with_wrap(lchk->rec.data.TSN_seq, tsn, MAX_SEQ))
2933 lchk = TAILQ_NEXT(lchk, sctp_next);
2936 /* default is we use the primary */
2937 net = stcb->asoc.primary_destination;
2939 if (compare_with_wrap(tsn, stcb->asoc.last_cwr_tsn, MAX_TSN)) {
2941 * JRS - Use the congestion control given in the pluggable
2944 stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net);
2946 * we reduce once every RTT. So we will only lower cwnd at
2947 * the next sending seq i.e. the resync_tsn.
2949 stcb->asoc.last_cwr_tsn = stcb->asoc.nonce_resync_tsn;
2952 * We always send a CWR this way if our previous one was lost our
2953 * peer will get an update, or if it is not time again to reduce we
2954 * still get the cwr to the peer.
2956 sctp_send_cwr(stcb, net, tsn);
2960 sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb)
2963 * Here we get a CWR from the peer. We must look in the outqueue and
2964 * make sure that we have a covered ECNE in teh control chunk part.
2967 struct sctp_tmit_chunk *chk;
2968 struct sctp_ecne_chunk *ecne;
2970 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
2971 if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) {
2975 * Look for and remove if it is the right TSN. Since there
2976 * is only ONE ECNE on the control queue at any one time we
2977 * don't need to worry about more than one!
2979 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
2980 if (compare_with_wrap(ntohl(cp->tsn), ntohl(ecne->tsn),
2981 MAX_TSN) || (cp->tsn == ecne->tsn)) {
2982 /* this covers this ECNE, we can remove it */
2983 stcb->asoc.ecn_echo_cnt_onq--;
2984 TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk,
2987 sctp_m_freem(chk->data);
2990 stcb->asoc.ctrl_queue_cnt--;
2991 sctp_free_a_chunk(stcb, chk);
2998 sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp,
2999 struct sctp_tcb *stcb, struct sctp_nets *net)
3001 struct sctp_association *asoc;
3003 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3008 SCTPDBG(SCTP_DEBUG_INPUT2,
3009 "sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n");
3014 /* process according to association state */
3015 if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT) {
3016 /* unexpected SHUTDOWN-COMPLETE... so ignore... */
3017 SCTPDBG(SCTP_DEBUG_INPUT2,
3018 "sctp_handle_shutdown_complete: not in SCTP_STATE_SHUTDOWN_ACK_SENT --- ignore\n");
3019 SCTP_TCB_UNLOCK(stcb);
3022 /* notify upper layer protocol */
3023 if (stcb->sctp_socket) {
3024 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
3025 /* are the queues empty? they should be */
3026 if (!TAILQ_EMPTY(&asoc->send_queue) ||
3027 !TAILQ_EMPTY(&asoc->sent_queue) ||
3028 !TAILQ_EMPTY(&asoc->out_wheel)) {
3029 sctp_report_all_outbound(stcb, 0, SCTP_SO_NOT_LOCKED);
3032 /* stop the timer */
3033 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_22);
3034 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
3036 SCTPDBG(SCTP_DEBUG_INPUT2,
3037 "sctp_handle_shutdown_complete: calls free-asoc\n");
3038 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3039 so = SCTP_INP_SO(stcb->sctp_ep);
3040 atomic_add_int(&stcb->asoc.refcnt, 1);
3041 SCTP_TCB_UNLOCK(stcb);
3042 SCTP_SOCKET_LOCK(so, 1);
3043 SCTP_TCB_LOCK(stcb);
3044 atomic_subtract_int(&stcb->asoc.refcnt, 1);
3046 (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_23);
3047 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3048 SCTP_SOCKET_UNLOCK(so, 1);
3054 process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc,
3055 struct sctp_nets *net, uint8_t flg)
3057 switch (desc->chunk_type) {
3059 /* find the tsn to resend (possibly */
3062 struct sctp_tmit_chunk *tp1;
3064 tsn = ntohl(desc->tsn_ifany);
3065 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3067 if (tp1->rec.data.TSN_seq == tsn) {
3071 if (compare_with_wrap(tp1->rec.data.TSN_seq, tsn,
3077 tp1 = TAILQ_NEXT(tp1, sctp_next);
3081 * Do it the other way , aka without paying
3082 * attention to queue seq order.
3084 SCTP_STAT_INCR(sctps_pdrpdnfnd);
3085 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3087 if (tp1->rec.data.TSN_seq == tsn) {
3091 tp1 = TAILQ_NEXT(tp1, sctp_next);
3095 SCTP_STAT_INCR(sctps_pdrptsnnf);
3097 if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) {
3100 if ((stcb->asoc.peers_rwnd == 0) &&
3101 ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) {
3102 SCTP_STAT_INCR(sctps_pdrpdiwnp);
3105 if (stcb->asoc.peers_rwnd == 0 &&
3106 (flg & SCTP_FROM_MIDDLE_BOX)) {
3107 SCTP_STAT_INCR(sctps_pdrpdizrw);
3110 ddp = (uint8_t *) (mtod(tp1->data, caddr_t)+
3111 sizeof(struct sctp_data_chunk));
3115 for (iii = 0; iii < sizeof(desc->data_bytes);
3117 if (ddp[iii] != desc->data_bytes[iii]) {
3118 SCTP_STAT_INCR(sctps_pdrpbadd);
3124 * We zero out the nonce so resync not
3127 tp1->rec.data.ect_nonce = 0;
3131 * this guy had a RTO calculation
3132 * pending on it, cancel it
3136 SCTP_STAT_INCR(sctps_pdrpmark);
3137 if (tp1->sent != SCTP_DATAGRAM_RESEND)
3138 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3139 tp1->sent = SCTP_DATAGRAM_RESEND;
3141 * mark it as if we were doing a FR, since
3142 * we will be getting gap ack reports behind
3143 * the info from the router.
3145 tp1->rec.data.doing_fast_retransmit = 1;
3147 * mark the tsn with what sequences can
3150 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
3151 tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
3153 tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.TSN_seq;
3156 /* restart the timer */
3157 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
3158 stcb, tp1->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_24);
3159 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
3162 /* fix counts and things */
3163 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3164 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_PDRP,
3165 tp1->whoTo->flight_size,
3168 tp1->rec.data.TSN_seq);
3170 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3171 sctp_flight_size_decrease(tp1);
3172 sctp_total_flight_decrease(stcb, tp1);
3179 TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) {
3180 if (tp1->sent == SCTP_DATAGRAM_RESEND)
3183 TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue,
3185 if (tp1->sent == SCTP_DATAGRAM_RESEND)
3188 if (audit != stcb->asoc.sent_queue_retran_cnt) {
3189 SCTP_PRINTF("**Local Audit finds cnt:%d asoc cnt:%d\n",
3190 audit, stcb->asoc.sent_queue_retran_cnt);
3191 #ifndef SCTP_AUDITING_ENABLED
3192 stcb->asoc.sent_queue_retran_cnt = audit;
3200 struct sctp_tmit_chunk *asconf;
3202 TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue,
3204 if (asconf->rec.chunk_id.id == SCTP_ASCONF) {
3209 if (asconf->sent != SCTP_DATAGRAM_RESEND)
3210 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3211 asconf->sent = SCTP_DATAGRAM_RESEND;
3212 asconf->snd_count--;
3216 case SCTP_INITIATION:
3217 /* resend the INIT */
3218 stcb->asoc.dropped_special_cnt++;
3219 if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) {
3221 * If we can get it in, in a few attempts we do
3222 * this, otherwise we let the timer fire.
3224 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep,
3225 stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_25);
3226 sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
3229 case SCTP_SELECTIVE_ACK:
3230 /* resend the sack */
3231 sctp_send_sack(stcb);
3233 /* EY for nr_sacks */
3234 case SCTP_NR_SELECTIVE_ACK:
3235 sctp_send_nr_sack(stcb); /* EY resend the nr-sack */
3237 case SCTP_HEARTBEAT_REQUEST:
3238 /* resend a demand HB */
3239 if ((stcb->asoc.overall_error_count + 3) < stcb->asoc.max_send_times) {
3241 * Only retransmit if we KNOW we wont destroy the
3244 (void)sctp_send_hb(stcb, 1, net);
3248 sctp_send_shutdown(stcb, net);
3250 case SCTP_SHUTDOWN_ACK:
3251 sctp_send_shutdown_ack(stcb, net);
3253 case SCTP_COOKIE_ECHO:
3255 struct sctp_tmit_chunk *cookie;
3258 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue,
3260 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
3265 if (cookie->sent != SCTP_DATAGRAM_RESEND)
3266 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3267 cookie->sent = SCTP_DATAGRAM_RESEND;
3268 sctp_stop_all_cookie_timers(stcb);
3272 case SCTP_COOKIE_ACK:
3273 sctp_send_cookie_ack(stcb);
3275 case SCTP_ASCONF_ACK:
3276 /* resend last asconf ack */
3277 sctp_send_asconf_ack(stcb);
3279 case SCTP_FORWARD_CUM_TSN:
3280 send_forward_tsn(stcb, &stcb->asoc);
3282 /* can't do anything with these */
3283 case SCTP_PACKET_DROPPED:
3284 case SCTP_INITIATION_ACK: /* this should not happen */
3285 case SCTP_HEARTBEAT_ACK:
3286 case SCTP_ABORT_ASSOCIATION:
3287 case SCTP_OPERATION_ERROR:
3288 case SCTP_SHUTDOWN_COMPLETE:
3298 sctp_reset_in_stream(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
3304 * We set things to 0xffff since this is the last delivered sequence
3305 * and we will be sending in 0 after the reset.
3308 if (number_entries) {
3309 for (i = 0; i < number_entries; i++) {
3310 temp = ntohs(list[i]);
3311 if (temp >= stcb->asoc.streamincnt) {
3314 stcb->asoc.strmin[temp].last_sequence_delivered = 0xffff;
3318 for (i = 0; i < stcb->asoc.streamincnt; i++) {
3319 stcb->asoc.strmin[i].last_sequence_delivered = 0xffff;
3322 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED);
3326 sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
3330 if (number_entries == 0) {
3331 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
3332 stcb->asoc.strmout[i].next_sequence_sent = 0;
3334 } else if (number_entries) {
3335 for (i = 0; i < number_entries; i++) {
3338 temp = ntohs(list[i]);
3339 if (temp >= stcb->asoc.streamoutcnt) {
3340 /* no such stream */
3343 stcb->asoc.strmout[temp].next_sequence_sent = 0;
3346 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED);
3350 struct sctp_stream_reset_out_request *
3351 sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk)
3353 struct sctp_association *asoc;
3354 struct sctp_stream_reset_out_req *req;
3355 struct sctp_stream_reset_out_request *r;
3356 struct sctp_tmit_chunk *chk;
3360 if (TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
3361 asoc->stream_reset_outstanding = 0;
3364 if (stcb->asoc.str_reset == NULL) {
3365 asoc->stream_reset_outstanding = 0;
3368 chk = stcb->asoc.str_reset;
3369 if (chk->data == NULL) {
3373 /* he wants a copy of the chk pointer */
3376 clen = chk->send_size;
3377 req = mtod(chk->data, struct sctp_stream_reset_out_req *);
3379 if (ntohl(r->request_seq) == seq) {
3383 len = SCTP_SIZE32(ntohs(r->ph.param_length));
3384 if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) {
3385 /* move to the next one, there can only be a max of two */
3386 r = (struct sctp_stream_reset_out_request *)((caddr_t)r + len);
3387 if (ntohl(r->request_seq) == seq) {
3391 /* that seq is not here */
3396 sctp_clean_up_stream_reset(struct sctp_tcb *stcb)
3398 struct sctp_association *asoc;
3399 struct sctp_tmit_chunk *chk = stcb->asoc.str_reset;
3401 if (stcb->asoc.str_reset == NULL) {
3406 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_26);
3407 TAILQ_REMOVE(&asoc->control_send_queue,
3411 sctp_m_freem(chk->data);
3414 asoc->ctrl_queue_cnt--;
3415 sctp_free_a_chunk(stcb, chk);
3416 /* sa_ignore NO_NULL_CHK */
3417 stcb->asoc.str_reset = NULL;
3422 sctp_handle_stream_reset_response(struct sctp_tcb *stcb,
3423 uint32_t seq, uint32_t action,
3424 struct sctp_stream_reset_response *respin)
3428 struct sctp_association *asoc = &stcb->asoc;
3429 struct sctp_tmit_chunk *chk;
3430 struct sctp_stream_reset_out_request *srparam;
3433 if (asoc->stream_reset_outstanding == 0) {
3437 if (seq == stcb->asoc.str_reset_seq_out) {
3438 srparam = sctp_find_stream_reset(stcb, seq, &chk);
3440 stcb->asoc.str_reset_seq_out++;
3441 type = ntohs(srparam->ph.param_type);
3442 lparm_len = ntohs(srparam->ph.param_length);
3443 if (type == SCTP_STR_RESET_OUT_REQUEST) {
3444 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t);
3445 asoc->stream_reset_out_is_outstanding = 0;
3446 if (asoc->stream_reset_outstanding)
3447 asoc->stream_reset_outstanding--;
3448 if (action == SCTP_STREAM_RESET_PERFORMED) {
3450 sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams);
3452 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED);
3454 } else if (type == SCTP_STR_RESET_IN_REQUEST) {
3455 /* Answered my request */
3456 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t);
3457 if (asoc->stream_reset_outstanding)
3458 asoc->stream_reset_outstanding--;
3459 if (action != SCTP_STREAM_RESET_PERFORMED) {
3460 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED);
3462 } else if (type == SCTP_STR_RESET_ADD_STREAMS) {
3463 /* Ok we now may have more streams */
3464 if (asoc->stream_reset_outstanding)
3465 asoc->stream_reset_outstanding--;
3466 if (action == SCTP_STREAM_RESET_PERFORMED) {
3467 /* Put the new streams into effect */
3468 stcb->asoc.streamoutcnt = stcb->asoc.strm_realoutsize;
3469 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD_OK, stcb,
3470 (uint32_t) stcb->asoc.streamoutcnt, NULL, SCTP_SO_NOT_LOCKED);
3472 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD_FAIL, stcb,
3473 (uint32_t) stcb->asoc.streamoutcnt, NULL, SCTP_SO_NOT_LOCKED);
3475 } else if (type == SCTP_STR_RESET_TSN_REQUEST) {
3477 * a) Adopt the new in tsn.
3479 * c) Adopt the new out-tsn
3481 struct sctp_stream_reset_response_tsn *resp;
3482 struct sctp_forward_tsn_chunk fwdtsn;
3485 if (respin == NULL) {
3489 if (action == SCTP_STREAM_RESET_PERFORMED) {
3490 resp = (struct sctp_stream_reset_response_tsn *)respin;
3491 asoc->stream_reset_outstanding--;
3492 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
3493 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3494 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
3495 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0);
3499 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
3500 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
3501 sctp_log_map(0, 7, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
3503 stcb->asoc.tsn_last_delivered = stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3504 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
3505 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3508 * EY 05/13/08 - nr_sack: to keep
3509 * nr_mapping array be consistent
3510 * with mapping_array
3512 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) && stcb->asoc.peer_supports_nr_sack) {
3513 stcb->asoc.highest_tsn_inside_nr_map = stcb->asoc.highest_tsn_inside_map;
3514 stcb->asoc.nr_mapping_array_base_tsn = stcb->asoc.mapping_array_base_tsn;
3515 memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.nr_mapping_array_size);
3517 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
3518 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
3520 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3521 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
3525 /* get rid of the request and get the request flags */
3526 if (asoc->stream_reset_outstanding == 0) {
3527 sctp_clean_up_stream_reset(stcb);
3535 sctp_handle_str_reset_request_in(struct sctp_tcb *stcb,
3536 struct sctp_tmit_chunk *chk,
3537 struct sctp_stream_reset_in_request *req, int trunc)
3545 * peer wants me to send a str-reset to him for my outgoing seq's if
3548 struct sctp_association *asoc = &stcb->asoc;
3550 seq = ntohl(req->request_seq);
3551 if (asoc->str_reset_seq_in == seq) {
3553 /* Can't do it, since they exceeded our buffer size */
3554 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3555 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3556 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3557 } else if (stcb->asoc.stream_reset_out_is_outstanding == 0) {
3558 len = ntohs(req->ph.param_length);
3559 number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t));
3560 for (i = 0; i < number_entries; i++) {
3561 temp = ntohs(req->list_of_streams[i]);
3562 req->list_of_streams[i] = temp;
3564 /* move the reset action back one */
3565 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3566 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3567 sctp_add_stream_reset_out(chk, number_entries, req->list_of_streams,
3568 asoc->str_reset_seq_out,
3569 seq, (asoc->sending_seq - 1));
3570 asoc->stream_reset_out_is_outstanding = 1;
3571 asoc->str_reset = chk;
3572 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
3573 stcb->asoc.stream_reset_outstanding++;
3575 /* Can't do it, since we have sent one out */
3576 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3577 asoc->last_reset_action[0] = SCTP_STREAM_RESET_TRY_LATER;
3578 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3580 asoc->str_reset_seq_in++;
3581 } else if (asoc->str_reset_seq_in - 1 == seq) {
3582 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3583 } else if (asoc->str_reset_seq_in - 2 == seq) {
3584 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3586 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3591 sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb,
3592 struct sctp_tmit_chunk *chk,
3593 struct sctp_stream_reset_tsn_request *req)
3595 /* reset all in and out and update the tsn */
3597 * A) reset my str-seq's on in and out. B) Select a receive next,
3598 * and set cum-ack to it. Also process this selected number as a
3599 * fwd-tsn as well. C) set in the response my next sending seq.
3601 struct sctp_forward_tsn_chunk fwdtsn;
3602 struct sctp_association *asoc = &stcb->asoc;
3606 seq = ntohl(req->request_seq);
3607 if (asoc->str_reset_seq_in == seq) {
3608 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
3609 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3610 fwdtsn.ch.chunk_flags = 0;
3611 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
3612 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0);
3616 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
3617 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
3618 sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
3620 stcb->asoc.tsn_last_delivered = stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3621 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
3622 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3624 * EY 05/13/08 -nr_sack: to keep nr_mapping array consistent
3625 * with mapping array
3627 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) && stcb->asoc.peer_supports_nr_sack) {
3628 stcb->asoc.highest_tsn_inside_nr_map = stcb->asoc.highest_tsn_inside_map;
3629 stcb->asoc.nr_mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
3630 memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.nr_mapping_array_size);
3632 atomic_add_int(&stcb->asoc.sending_seq, 1);
3633 /* save off historical data for retrans */
3634 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
3635 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
3636 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
3637 stcb->asoc.last_base_tsnsent[0] = stcb->asoc.mapping_array_base_tsn;
3639 sctp_add_stream_reset_result_tsn(chk,
3640 ntohl(req->request_seq),
3641 SCTP_STREAM_RESET_PERFORMED,
3642 stcb->asoc.sending_seq,
3643 stcb->asoc.mapping_array_base_tsn);
3644 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3645 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
3646 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
3647 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3649 asoc->str_reset_seq_in++;
3650 } else if (asoc->str_reset_seq_in - 1 == seq) {
3651 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0],
3652 stcb->asoc.last_sending_seq[0],
3653 stcb->asoc.last_base_tsnsent[0]
3655 } else if (asoc->str_reset_seq_in - 2 == seq) {
3656 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1],
3657 stcb->asoc.last_sending_seq[1],
3658 stcb->asoc.last_base_tsnsent[1]
3661 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3667 sctp_handle_str_reset_request_out(struct sctp_tcb *stcb,
3668 struct sctp_tmit_chunk *chk,
3669 struct sctp_stream_reset_out_request *req, int trunc)
3672 int number_entries, len;
3673 struct sctp_association *asoc = &stcb->asoc;
3675 seq = ntohl(req->request_seq);
3677 /* now if its not a duplicate we process it */
3678 if (asoc->str_reset_seq_in == seq) {
3679 len = ntohs(req->ph.param_length);
3680 number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t));
3682 * the sender is resetting, handle the list issue.. we must
3683 * a) verify if we can do the reset, if so no problem b) If
3684 * we can't do the reset we must copy the request. c) queue
3685 * it, and setup the data in processor to trigger it off
3686 * when needed and dequeue all the queued data.
3688 tsn = ntohl(req->send_reset_at_tsn);
3690 /* move the reset action back one */
3691 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3693 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
3694 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3695 } else if ((tsn == asoc->cumulative_tsn) ||
3696 (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN))) {
3697 /* we can do it now */
3698 sctp_reset_in_stream(stcb, number_entries, req->list_of_streams);
3699 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3700 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3703 * we must queue it up and thus wait for the TSN's
3704 * to arrive that are at or before tsn
3706 struct sctp_stream_reset_list *liste;
3709 siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t));
3710 SCTP_MALLOC(liste, struct sctp_stream_reset_list *,
3711 siz, SCTP_M_STRESET);
3712 if (liste == NULL) {
3713 /* gak out of memory */
3714 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
3715 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3719 liste->number_entries = number_entries;
3720 memcpy(&liste->req, req,
3721 (sizeof(struct sctp_stream_reset_out_request) + (number_entries * sizeof(uint16_t))));
3722 TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp);
3723 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3724 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3726 asoc->str_reset_seq_in++;
3727 } else if ((asoc->str_reset_seq_in - 1) == seq) {
3729 * one seq back, just echo back last action since my
3730 * response was lost.
3732 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3733 } else if ((asoc->str_reset_seq_in - 2) == seq) {
3735 * two seq back, just echo back last action since my
3736 * response was lost.
3738 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3740 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3745 sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk,
3746 struct sctp_stream_reset_add_strm *str_add)
3749 * Peer is requesting to add more streams. If its within our
3750 * max-streams we will allow it.
3752 uint16_t num_stream, i;
3754 struct sctp_association *asoc = &stcb->asoc;
3755 struct sctp_queued_to_read *ctl;
3757 /* Get the number. */
3758 seq = ntohl(str_add->request_seq);
3759 num_stream = ntohs(str_add->number_of_streams);
3760 /* Now what would be the new total? */
3761 if (asoc->str_reset_seq_in == seq) {
3762 num_stream += stcb->asoc.streamincnt;
3763 if (num_stream > stcb->asoc.max_inbound_streams) {
3764 /* We must reject it they ask for to many */
3766 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
3767 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
3768 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3770 /* Ok, we can do that :-) */
3771 struct sctp_stream_in *oldstrm;
3773 /* save off the old */
3774 oldstrm = stcb->asoc.strmin;
3775 SCTP_MALLOC(stcb->asoc.strmin, struct sctp_stream_in *,
3776 (num_stream * sizeof(struct sctp_stream_in)),
3778 if (stcb->asoc.strmin == NULL) {
3779 stcb->asoc.strmin = oldstrm;
3782 /* copy off the old data */
3783 for (i = 0; i < stcb->asoc.streamincnt; i++) {
3784 TAILQ_INIT(&stcb->asoc.strmin[i].inqueue);
3785 stcb->asoc.strmin[i].stream_no = i;
3786 stcb->asoc.strmin[i].last_sequence_delivered = oldstrm[i].last_sequence_delivered;
3787 stcb->asoc.strmin[i].delivery_started = oldstrm[i].delivery_started;
3788 /* now anything on those queues? */
3789 while (TAILQ_EMPTY(&oldstrm[i].inqueue) == 0) {
3790 ctl = TAILQ_FIRST(&oldstrm[i].inqueue);
3791 TAILQ_REMOVE(&oldstrm[i].inqueue, ctl, next);
3792 TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].inqueue, ctl, next);
3795 /* Init the new streams */
3796 for (i = stcb->asoc.streamincnt; i < num_stream; i++) {
3797 TAILQ_INIT(&stcb->asoc.strmin[i].inqueue);
3798 stcb->asoc.strmin[i].stream_no = i;
3799 stcb->asoc.strmin[i].last_sequence_delivered = 0xffff;
3800 stcb->asoc.strmin[i].delivery_started = 0;
3802 SCTP_FREE(oldstrm, SCTP_M_STRMI);
3803 /* update the size */
3804 stcb->asoc.streamincnt = num_stream;
3806 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3807 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
3808 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3809 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_INSTREAM_ADD_OK, stcb,
3810 (uint32_t) stcb->asoc.streamincnt, NULL, SCTP_SO_NOT_LOCKED);
3812 } else if ((asoc->str_reset_seq_in - 1) == seq) {
3814 * one seq back, just echo back last action since my
3815 * response was lost.
3817 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3818 } else if ((asoc->str_reset_seq_in - 2) == seq) {
3820 * two seq back, just echo back last action since my
3821 * response was lost.
3823 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3825 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3831 __attribute__((noinline))
3834 sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset,
3835 struct sctp_stream_reset_out_req *sr_req)
3837 int chk_length, param_len, ptype;
3838 struct sctp_paramhdr pstore;
3839 uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE];
3844 struct sctp_tmit_chunk *chk;
3845 struct sctp_chunkhdr *ch;
3846 struct sctp_paramhdr *ph;
3850 /* now it may be a reset or a reset-response */
3851 chk_length = ntohs(sr_req->ch.chunk_length);
3853 /* setup for adding the response */
3854 sctp_alloc_a_chunk(stcb, chk);
3858 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
3859 chk->rec.chunk_id.can_take_data = 0;
3860 chk->asoc = &stcb->asoc;
3861 chk->no_fr_allowed = 0;
3862 chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr);
3863 chk->book_size_scale = 0;
3864 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
3865 if (chk->data == NULL) {
3868 sctp_m_freem(chk->data);
3871 sctp_free_a_chunk(stcb, chk);
3874 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
3876 /* setup chunk parameters */
3877 chk->sent = SCTP_DATAGRAM_UNSENT;
3879 chk->whoTo = stcb->asoc.primary_destination;
3880 atomic_add_int(&chk->whoTo->ref_count, 1);
3882 ch = mtod(chk->data, struct sctp_chunkhdr *);
3883 ch->chunk_type = SCTP_STREAM_RESET;
3884 ch->chunk_flags = 0;
3885 ch->chunk_length = htons(chk->send_size);
3886 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
3887 offset += sizeof(struct sctp_chunkhdr);
3888 while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) {
3889 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(pstore), (uint8_t *) & pstore);
3892 param_len = ntohs(ph->param_length);
3893 if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) {
3897 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, (int)sizeof(cstore)),
3898 (uint8_t *) & cstore);
3899 ptype = ntohs(ph->param_type);
3901 if (param_len > (int)sizeof(cstore)) {
3907 if (num_param > SCTP_MAX_RESET_PARAMS) {
3908 /* hit the max of parameters already sorry.. */
3911 if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
3912 struct sctp_stream_reset_out_request *req_out;
3914 req_out = (struct sctp_stream_reset_out_request *)ph;
3916 if (stcb->asoc.stream_reset_outstanding) {
3917 seq = ntohl(req_out->response_seq);
3918 if (seq == stcb->asoc.str_reset_seq_out) {
3920 (void)sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_PERFORMED, NULL);
3923 sctp_handle_str_reset_request_out(stcb, chk, req_out, trunc);
3924 } else if (ptype == SCTP_STR_RESET_ADD_STREAMS) {
3925 struct sctp_stream_reset_add_strm *str_add;
3927 str_add = (struct sctp_stream_reset_add_strm *)ph;
3929 sctp_handle_str_reset_add_strm(stcb, chk, str_add);
3930 } else if (ptype == SCTP_STR_RESET_IN_REQUEST) {
3931 struct sctp_stream_reset_in_request *req_in;
3935 req_in = (struct sctp_stream_reset_in_request *)ph;
3937 sctp_handle_str_reset_request_in(stcb, chk, req_in, trunc);
3938 } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) {
3939 struct sctp_stream_reset_tsn_request *req_tsn;
3942 req_tsn = (struct sctp_stream_reset_tsn_request *)ph;
3944 if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) {
3946 goto strres_nochunk;
3950 } else if (ptype == SCTP_STR_RESET_RESPONSE) {
3951 struct sctp_stream_reset_response *resp;
3954 resp = (struct sctp_stream_reset_response *)ph;
3955 seq = ntohl(resp->response_seq);
3956 result = ntohl(resp->result);
3957 if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) {
3959 goto strres_nochunk;
3964 offset += SCTP_SIZE32(param_len);
3965 chk_length -= SCTP_SIZE32(param_len);
3968 /* we have no response free the stuff */
3969 goto strres_nochunk;
3971 /* ok we have a chunk to link in */
3972 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue,
3975 stcb->asoc.ctrl_queue_cnt++;
3980 * Handle a router or endpoints report of a packet loss, there are two ways
3981 * to handle this, either we get the whole packet and must disect it
3982 * ourselves (possibly with truncation and or corruption) or it is a summary
3983 * from a middle box that did the disectting for us.
3986 sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
3987 struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t limit)
3989 uint32_t bottle_bw, on_queue;
3993 struct sctp_chunk_desc desc;
3994 struct sctp_chunkhdr *ch;
3996 chlen = ntohs(cp->ch.chunk_length);
3997 chlen -= sizeof(struct sctp_pktdrop_chunk);
3998 /* XXX possible chlen underflow */
4001 if (cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX)
4002 SCTP_STAT_INCR(sctps_pdrpbwrpt);
4004 ch = (struct sctp_chunkhdr *)(cp->data + sizeof(struct sctphdr));
4005 chlen -= sizeof(struct sctphdr);
4006 /* XXX possible chlen underflow */
4007 memset(&desc, 0, sizeof(desc));
4009 trunc_len = (uint16_t) ntohs(cp->trunc_len);
4010 if (trunc_len > limit) {
4013 /* now the chunks themselves */
4014 while ((ch != NULL) && (chlen >= sizeof(struct sctp_chunkhdr))) {
4015 desc.chunk_type = ch->chunk_type;
4016 /* get amount we need to move */
4017 at = ntohs(ch->chunk_length);
4018 if (at < sizeof(struct sctp_chunkhdr)) {
4019 /* corrupt chunk, maybe at the end? */
4020 SCTP_STAT_INCR(sctps_pdrpcrupt);
4023 if (trunc_len == 0) {
4024 /* we are supposed to have all of it */
4026 /* corrupt skip it */
4027 SCTP_STAT_INCR(sctps_pdrpcrupt);
4031 /* is there enough of it left ? */
4032 if (desc.chunk_type == SCTP_DATA) {
4033 if (chlen < (sizeof(struct sctp_data_chunk) +
4034 sizeof(desc.data_bytes))) {
4038 if (chlen < sizeof(struct sctp_chunkhdr)) {
4043 if (desc.chunk_type == SCTP_DATA) {
4044 /* can we get out the tsn? */
4045 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
4046 SCTP_STAT_INCR(sctps_pdrpmbda);
4048 if (chlen >= (sizeof(struct sctp_data_chunk) + sizeof(uint32_t))) {
4050 struct sctp_data_chunk *dcp;
4054 dcp = (struct sctp_data_chunk *)ch;
4055 ddp = (uint8_t *) (dcp + 1);
4056 for (iii = 0; iii < sizeof(desc.data_bytes); iii++) {
4057 desc.data_bytes[iii] = ddp[iii];
4059 desc.tsn_ifany = dcp->dp.tsn;
4061 /* nope we are done. */
4062 SCTP_STAT_INCR(sctps_pdrpnedat);
4066 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
4067 SCTP_STAT_INCR(sctps_pdrpmbct);
4070 if (process_chunk_drop(stcb, &desc, net, cp->ch.chunk_flags)) {
4071 SCTP_STAT_INCR(sctps_pdrppdbrk);
4074 if (SCTP_SIZE32(at) > chlen) {
4077 chlen -= SCTP_SIZE32(at);
4078 if (chlen < sizeof(struct sctp_chunkhdr)) {
4079 /* done, none left */
4082 ch = (struct sctp_chunkhdr *)((caddr_t)ch + SCTP_SIZE32(at));
4084 /* Now update any rwnd --- possibly */
4085 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) == 0) {
4086 /* From a peer, we get a rwnd report */
4089 SCTP_STAT_INCR(sctps_pdrpfehos);
4091 bottle_bw = ntohl(cp->bottle_bw);
4092 on_queue = ntohl(cp->current_onq);
4093 if (bottle_bw && on_queue) {
4094 /* a rwnd report is in here */
4095 if (bottle_bw > on_queue)
4096 a_rwnd = bottle_bw - on_queue;
4101 stcb->asoc.peers_rwnd = 0;
4103 if (a_rwnd > stcb->asoc.total_flight) {
4104 stcb->asoc.peers_rwnd =
4105 a_rwnd - stcb->asoc.total_flight;
4107 stcb->asoc.peers_rwnd = 0;
4109 if (stcb->asoc.peers_rwnd <
4110 stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4111 /* SWS sender side engages */
4112 stcb->asoc.peers_rwnd = 0;
4117 SCTP_STAT_INCR(sctps_pdrpfmbox);
4120 /* now middle boxes in sat networks get a cwnd bump */
4121 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) &&
4122 (stcb->asoc.sat_t3_loss_recovery == 0) &&
4123 (stcb->asoc.sat_network)) {
4125 * This is debateable but for sat networks it makes sense
4126 * Note if a T3 timer has went off, we will prohibit any
4127 * changes to cwnd until we exit the t3 loss recovery.
4129 stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped(stcb,
4130 net, cp, &bottle_bw, &on_queue);
4135 * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to
4136 * still contain IP/SCTP header - stcb: is the tcb found for this packet -
4137 * offset: offset into the mbuf chain to first chunkhdr - length: is the
4138 * length of the complete packet outputs: - length: modified to remaining
4139 * length after control processing - netp: modified to new sctp_nets after
4140 * cookie-echo processing - return NULL to discard the packet (ie. no asoc,
4141 * bad packet,...) otherwise return the tcb for this packet
4144 __attribute__((noinline))
4146 static struct sctp_tcb *
4147 sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
4148 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp,
4149 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen,
4150 uint32_t vrf_id, uint16_t port)
4152 struct sctp_association *asoc;
4154 int num_chunks = 0; /* number of control chunks processed */
4155 uint32_t chk_length;
4157 int abort_no_unlock = 0;
4160 * How big should this be, and should it be alloc'd? Lets try the
4161 * d-mtu-ceiling for now (2k) and that should hopefully work ...
4162 * until we get into jumbo grams and such..
4164 uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE];
4165 struct sctp_tcb *locked_tcb = stcb;
4167 uint32_t auth_offset = 0, auth_len = 0;
4168 int auth_skipped = 0;
4171 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4176 SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n",
4177 iphlen, *offset, length, stcb);
4179 /* validate chunk header length... */
4180 if (ntohs(ch->chunk_length) < sizeof(*ch)) {
4181 SCTPDBG(SCTP_DEBUG_INPUT1, "Invalid header length %d\n",
4182 ntohs(ch->chunk_length));
4184 SCTP_TCB_UNLOCK(locked_tcb);
4189 * validate the verification tag
4191 vtag_in = ntohl(sh->v_tag);
4194 SCTP_TCB_LOCK_ASSERT(locked_tcb);
4196 if (ch->chunk_type == SCTP_INITIATION) {
4197 SCTPDBG(SCTP_DEBUG_INPUT1, "Its an INIT of len:%d vtag:%x\n",
4198 ntohs(ch->chunk_length), vtag_in);
4200 /* protocol error- silently discard... */
4201 SCTP_STAT_INCR(sctps_badvtag);
4203 SCTP_TCB_UNLOCK(locked_tcb);
4207 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
4209 * If there is no stcb, skip the AUTH chunk and process
4210 * later after a stcb is found (to validate the lookup was
4213 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
4215 !SCTP_BASE_SYSCTL(sctp_auth_disable)) {
4216 /* save this chunk for later processing */
4218 auth_offset = *offset;
4219 auth_len = ntohs(ch->chunk_length);
4221 /* (temporarily) move past this chunk */
4222 *offset += SCTP_SIZE32(auth_len);
4223 if (*offset >= length) {
4224 /* no more data left in the mbuf chain */
4227 SCTP_TCB_UNLOCK(locked_tcb);
4231 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4232 sizeof(struct sctp_chunkhdr), chunk_buf);
4238 SCTP_TCB_UNLOCK(locked_tcb);
4242 if (ch->chunk_type == SCTP_COOKIE_ECHO) {
4243 goto process_control_chunks;
4246 * first check if it's an ASCONF with an unknown src addr we
4247 * need to look inside to find the association
4249 if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) {
4250 struct sctp_chunkhdr *asconf_ch = ch;
4251 uint32_t asconf_offset = 0, asconf_len = 0;
4253 /* inp's refcount may be reduced */
4254 SCTP_INP_INCR_REF(inp);
4256 asconf_offset = *offset;
4258 asconf_len = ntohs(asconf_ch->chunk_length);
4259 if (asconf_len < sizeof(struct sctp_asconf_paramhdr))
4261 stcb = sctp_findassociation_ep_asconf(m, iphlen,
4262 *offset, sh, &inp, netp, vrf_id);
4265 asconf_offset += SCTP_SIZE32(asconf_len);
4266 asconf_ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, asconf_offset,
4267 sizeof(struct sctp_chunkhdr), chunk_buf);
4268 } while (asconf_ch != NULL && asconf_ch->chunk_type == SCTP_ASCONF);
4271 * reduce inp's refcount if not reduced in
4272 * sctp_findassociation_ep_asconf().
4274 SCTP_INP_DECR_REF(inp);
4279 /* now go back and verify any auth chunk to be sure */
4280 if (auth_skipped && (stcb != NULL)) {
4281 struct sctp_auth_chunk *auth;
4283 auth = (struct sctp_auth_chunk *)
4284 sctp_m_getptr(m, auth_offset,
4285 auth_len, chunk_buf);
4288 if ((auth == NULL) || sctp_handle_auth(stcb, auth, m,
4290 /* auth HMAC failed so dump it */
4293 SCTP_TCB_UNLOCK(locked_tcb);
4297 /* remaining chunks are HMAC checked */
4298 stcb->asoc.authenticated = 1;
4303 /* no association, so it's out of the blue... */
4304 sctp_handle_ootb(m, iphlen, *offset, sh, inp, NULL,
4308 SCTP_TCB_UNLOCK(locked_tcb);
4313 /* ABORT and SHUTDOWN can use either v_tag... */
4314 if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) ||
4315 (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) ||
4316 (ch->chunk_type == SCTP_PACKET_DROPPED)) {
4317 if ((vtag_in == asoc->my_vtag) ||
4318 ((ch->chunk_flags & SCTP_HAD_NO_TCB) &&
4319 (vtag_in == asoc->peer_vtag))) {
4322 /* drop this packet... */
4323 SCTP_STAT_INCR(sctps_badvtag);
4325 SCTP_TCB_UNLOCK(locked_tcb);
4329 } else if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
4330 if (vtag_in != asoc->my_vtag) {
4332 * this could be a stale SHUTDOWN-ACK or the
4333 * peer never got the SHUTDOWN-COMPLETE and
4334 * is still hung; we have started a new asoc
4335 * but it won't complete until the shutdown
4339 SCTP_TCB_UNLOCK(locked_tcb);
4341 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
4342 NULL, vrf_id, port);
4346 /* for all other chunks, vtag must match */
4347 if (vtag_in != asoc->my_vtag) {
4348 /* invalid vtag... */
4349 SCTPDBG(SCTP_DEBUG_INPUT3,
4350 "invalid vtag: %xh, expect %xh\n",
4351 vtag_in, asoc->my_vtag);
4352 SCTP_STAT_INCR(sctps_badvtag);
4354 SCTP_TCB_UNLOCK(locked_tcb);
4360 } /* end if !SCTP_COOKIE_ECHO */
4362 * process all control chunks...
4364 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
4366 (ch->chunk_type == SCTP_NR_SELECTIVE_ACK) ||
4367 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
4368 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
4369 /* implied cookie-ack.. we must have lost the ack */
4370 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4371 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4372 stcb->asoc.overall_error_count,
4374 SCTP_FROM_SCTP_INPUT,
4377 stcb->asoc.overall_error_count = 0;
4378 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
4381 process_control_chunks:
4382 while (IS_SCTP_CONTROL(ch)) {
4383 /* validate chunk length */
4384 chk_length = ntohs(ch->chunk_length);
4385 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_process_control: processing a chunk type=%u, len=%u\n",
4386 ch->chunk_type, chk_length);
4387 SCTP_LTRACE_CHK(inp, stcb, ch->chunk_type, chk_length);
4388 if (chk_length < sizeof(*ch) ||
4389 (*offset + (int)chk_length) > length) {
4392 SCTP_TCB_UNLOCK(locked_tcb);
4396 SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks);
4398 * INIT-ACK only gets the init ack "header" portion only
4399 * because we don't have to process the peer's COOKIE. All
4400 * others get a complete chunk.
4402 if ((ch->chunk_type == SCTP_INITIATION_ACK) ||
4403 (ch->chunk_type == SCTP_INITIATION)) {
4404 /* get an init-ack chunk */
4405 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4406 sizeof(struct sctp_init_ack_chunk), chunk_buf);
4410 SCTP_TCB_UNLOCK(locked_tcb);
4415 /* For cookies and all other chunks. */
4416 if (chk_length > sizeof(chunk_buf)) {
4418 * use just the size of the chunk buffer so
4419 * the front part of our chunks fit in
4420 * contiguous space up to the chunk buffer
4421 * size (508 bytes). For chunks that need to
4422 * get more than that they must use the
4423 * sctp_m_getptr() function or other means
4424 * (e.g. know how to parse mbuf chains).
4425 * Cookies do this already.
4427 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4428 (sizeof(chunk_buf) - 4),
4433 SCTP_TCB_UNLOCK(locked_tcb);
4438 /* We can fit it all */
4439 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4440 chk_length, chunk_buf);
4442 SCTP_PRINTF("sctp_process_control: Can't get the all data....\n");
4445 SCTP_TCB_UNLOCK(locked_tcb);
4452 /* Save off the last place we got a control from */
4454 if (((netp != NULL) && (*netp != NULL)) || (ch->chunk_type == SCTP_ASCONF)) {
4456 * allow last_control to be NULL if
4457 * ASCONF... ASCONF processing will find the
4460 if ((netp != NULL) && (*netp != NULL))
4461 stcb->asoc.last_control_chunk_from = *netp;
4464 #ifdef SCTP_AUDITING_ENABLED
4465 sctp_audit_log(0xB0, ch->chunk_type);
4468 /* check to see if this chunk required auth, but isn't */
4469 if ((stcb != NULL) &&
4470 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
4471 sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) &&
4472 !stcb->asoc.authenticated) {
4473 /* "silently" ignore */
4474 SCTP_STAT_INCR(sctps_recvauthmissing);
4477 switch (ch->chunk_type) {
4478 case SCTP_INITIATION:
4479 /* must be first and only chunk */
4480 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n");
4481 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4482 /* We are not interested anymore? */
4483 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4485 * collision case where we are
4486 * sending to them too
4491 SCTP_TCB_UNLOCK(locked_tcb);
4497 if ((chk_length > SCTP_LARGEST_INIT_ACCEPTED) ||
4499 (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
4502 SCTP_TCB_UNLOCK(locked_tcb);
4506 if ((stcb != NULL) &&
4507 (SCTP_GET_STATE(&stcb->asoc) ==
4508 SCTP_STATE_SHUTDOWN_ACK_SENT)) {
4509 sctp_send_shutdown_ack(stcb,
4510 stcb->asoc.primary_destination);
4512 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED);
4514 SCTP_TCB_UNLOCK(locked_tcb);
4519 sctp_handle_init(m, iphlen, *offset, sh,
4520 (struct sctp_init_chunk *)ch, inp,
4521 stcb, *netp, &abort_no_unlock, vrf_id, port);
4523 if (abort_no_unlock)
4528 SCTP_TCB_UNLOCK(locked_tcb);
4532 case SCTP_PAD_CHUNK:
4534 case SCTP_INITIATION_ACK:
4535 /* must be first and only chunk */
4536 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT-ACK\n");
4537 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4538 /* We are not interested anymore */
4539 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4543 SCTP_TCB_UNLOCK(locked_tcb);
4547 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4548 so = SCTP_INP_SO(inp);
4549 atomic_add_int(&stcb->asoc.refcnt, 1);
4550 SCTP_TCB_UNLOCK(stcb);
4551 SCTP_SOCKET_LOCK(so, 1);
4552 SCTP_TCB_LOCK(stcb);
4553 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4555 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27);
4556 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4557 SCTP_SOCKET_UNLOCK(so, 1);
4563 if ((num_chunks > 1) ||
4564 (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
4567 SCTP_TCB_UNLOCK(locked_tcb);
4571 if ((netp) && (*netp)) {
4572 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
4573 (struct sctp_init_ack_chunk *)ch, stcb, *netp, &abort_no_unlock, vrf_id);
4578 * Special case, I must call the output routine to
4579 * get the cookie echoed
4581 if (abort_no_unlock)
4584 if ((stcb) && ret == 0)
4585 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED);
4588 SCTP_TCB_UNLOCK(locked_tcb);
4592 case SCTP_SELECTIVE_ACK:
4593 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SACK\n");
4594 SCTP_STAT_INCR(sctps_recvsacks);
4596 struct sctp_sack_chunk *sack;
4598 uint32_t a_rwnd, cum_ack;
4602 if ((stcb == NULL) || (chk_length < sizeof(struct sctp_sack_chunk))) {
4603 SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size on sack chunk, too small\n");
4606 SCTP_TCB_UNLOCK(locked_tcb);
4610 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
4612 * If we have sent a shutdown-ack, we will pay no
4613 * attention to a sack sent in to us since
4614 * we don't care anymore.
4618 sack = (struct sctp_sack_chunk *)ch;
4619 nonce_sum_flag = ch->chunk_flags & SCTP_SACK_NONCE_SUM;
4620 cum_ack = ntohl(sack->sack.cum_tsn_ack);
4621 num_seg = ntohs(sack->sack.num_gap_ack_blks);
4622 a_rwnd = (uint32_t) ntohl(sack->sack.a_rwnd);
4623 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SACK process cum_ack:%x num_seg:%d a_rwnd:%d\n",
4628 stcb->asoc.seen_a_sack_this_pkt = 1;
4629 if ((stcb->asoc.pr_sctp_cnt == 0) &&
4631 ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) ||
4632 (cum_ack == stcb->asoc.last_acked_seq)) &&
4633 (stcb->asoc.saw_sack_with_frags == 0) &&
4634 (!TAILQ_EMPTY(&stcb->asoc.sent_queue))
4637 * We have a SIMPLE sack having no
4638 * prior segments and data on sent
4639 * queue to be acked.. Use the
4640 * faster path sack processing. We
4641 * also allow window update sacks
4642 * with no missing segments to go
4645 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag,
4649 sctp_handle_sack(m, *offset,
4650 sack, stcb, *netp, &abort_now, chk_length, a_rwnd);
4652 if (TAILQ_EMPTY(&stcb->asoc.send_queue) &&
4653 TAILQ_EMPTY(&stcb->asoc.sent_queue) &&
4654 (stcb->asoc.stream_queue_cnt == 0)) {
4655 sctp_ulp_notify(SCTP_NOTIFY_SENDER_DRY, stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
4658 /* ABORT signal from sack processing */
4665 * EY - nr_sack: If the received chunk is an
4668 case SCTP_NR_SELECTIVE_ACK:
4669 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_NR_SACK\n");
4670 SCTP_STAT_INCR(sctps_recvsacks);
4672 struct sctp_nr_sack_chunk *nr_sack;
4674 uint32_t a_rwnd, cum_ack;
4675 uint16_t num_seg, num_nr_seg;
4678 if ((stcb == NULL) || (chk_length < sizeof(struct sctp_nr_sack_chunk))) {
4679 SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size on nr_sack chunk, too small\n");
4683 SCTP_TCB_UNLOCK(locked_tcb);
4688 * EY nr_sacks have not been negotiated but
4689 * the peer end sent an nr_sack, silently
4692 if (!(SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) && stcb->asoc.peer_supports_nr_sack)) {
4695 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
4697 * If we have sent a shutdown-ack, we will pay no
4698 * attention to a sack sent in to us since
4699 * we don't care anymore.
4701 goto ignore_nr_sack;
4703 nr_sack = (struct sctp_nr_sack_chunk *)ch;
4704 nonce_sum_flag = ch->chunk_flags & SCTP_SACK_NONCE_SUM;
4706 cum_ack = ntohl(nr_sack->nr_sack.cum_tsn_ack);
4707 num_seg = ntohs(nr_sack->nr_sack.num_gap_ack_blks);
4708 num_nr_seg = ntohs(nr_sack->nr_sack.num_nr_gap_ack_blks);
4709 a_rwnd = (uint32_t) ntohl(nr_sack->nr_sack.a_rwnd);
4710 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_NR_SACK process cum_ack:%x num_seg:%d a_rwnd:%d\n",
4715 stcb->asoc.seen_a_sack_this_pkt = 1;
4716 if ((stcb->asoc.pr_sctp_cnt == 0) &&
4718 ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) ||
4719 (cum_ack == stcb->asoc.last_acked_seq)) &&
4720 (stcb->asoc.saw_sack_with_frags == 0) &&
4721 (!TAILQ_EMPTY(&stcb->asoc.sent_queue))
4724 * We have a SIMPLE sack having no
4725 * prior segments and data on sent
4726 * queue to be acked.. Use the
4727 * faster path sack processing. We
4728 * also allow window update sacks
4729 * with no missing segments to go
4732 sctp_express_handle_nr_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag,
4736 sctp_handle_nr_sack(m, *offset,
4737 nr_sack, stcb, *netp, &abort_now, chk_length, a_rwnd);
4739 if (TAILQ_EMPTY(&stcb->asoc.send_queue) &&
4740 TAILQ_EMPTY(&stcb->asoc.sent_queue) &&
4741 (stcb->asoc.stream_queue_cnt == 0)) {
4742 sctp_ulp_notify(SCTP_NOTIFY_SENDER_DRY, stcb, 0, NULL, SCTP_SO_NOT_LOCKED);
4745 /* ABORT signal from sack processing */
4752 case SCTP_HEARTBEAT_REQUEST:
4753 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT\n");
4754 if ((stcb) && netp && *netp) {
4755 SCTP_STAT_INCR(sctps_recvheartbeat);
4756 sctp_send_heartbeat_ack(stcb, m, *offset,
4759 /* He's alive so give him credit */
4760 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4761 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4762 stcb->asoc.overall_error_count,
4764 SCTP_FROM_SCTP_INPUT,
4767 stcb->asoc.overall_error_count = 0;
4770 case SCTP_HEARTBEAT_ACK:
4771 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT-ACK\n");
4772 if ((stcb == NULL) || (chk_length != sizeof(struct sctp_heartbeat_chunk))) {
4776 SCTP_TCB_UNLOCK(locked_tcb);
4780 /* He's alive so give him credit */
4781 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4782 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4783 stcb->asoc.overall_error_count,
4785 SCTP_FROM_SCTP_INPUT,
4788 stcb->asoc.overall_error_count = 0;
4789 SCTP_STAT_INCR(sctps_recvheartbeatack);
4791 sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch,
4794 case SCTP_ABORT_ASSOCIATION:
4795 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ABORT, stcb %p\n",
4797 if ((stcb) && netp && *netp)
4798 sctp_handle_abort((struct sctp_abort_chunk *)ch,
4804 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN, stcb %p\n",
4806 if ((stcb == NULL) || (chk_length != sizeof(struct sctp_shutdown_chunk))) {
4809 SCTP_TCB_UNLOCK(locked_tcb);
4813 if (netp && *netp) {
4816 sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch,
4817 stcb, *netp, &abort_flag);
4824 case SCTP_SHUTDOWN_ACK:
4825 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-ACK, stcb %p\n", stcb);
4826 if ((stcb) && (netp) && (*netp))
4827 sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp);
4832 case SCTP_OPERATION_ERROR:
4833 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_OP-ERR\n");
4834 if ((stcb) && netp && *netp && sctp_handle_error(ch, stcb, *netp) < 0) {
4840 case SCTP_COOKIE_ECHO:
4841 SCTPDBG(SCTP_DEBUG_INPUT3,
4842 "SCTP_COOKIE-ECHO, stcb %p\n", stcb);
4843 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4846 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4847 /* We are not interested anymore */
4853 * First are we accepting? We do this again here
4854 * sincen it is possible that a previous endpoint
4855 * WAS listening responded to a INIT-ACK and then
4856 * closed. We opened and bound.. and are now no
4860 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) {
4861 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
4862 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) {
4864 struct sctp_paramhdr *phdr;
4866 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4867 0, M_DONTWAIT, 1, MT_DATA);
4869 SCTP_BUF_LEN(oper) =
4870 sizeof(struct sctp_paramhdr);
4872 struct sctp_paramhdr *);
4874 htons(SCTP_CAUSE_OUT_OF_RESC);
4875 phdr->param_length =
4876 htons(sizeof(struct sctp_paramhdr));
4878 sctp_abort_association(inp, stcb, m,
4879 iphlen, sh, oper, vrf_id, port);
4884 struct mbuf *ret_buf;
4885 struct sctp_inpcb *linp;
4894 SCTP_ASOC_CREATE_LOCK(linp);
4898 sctp_handle_cookie_echo(m, iphlen,
4900 (struct sctp_cookie_echo_chunk *)ch,
4912 SCTP_ASOC_CREATE_UNLOCK(linp);
4914 if (ret_buf == NULL) {
4916 SCTP_TCB_UNLOCK(locked_tcb);
4918 SCTPDBG(SCTP_DEBUG_INPUT3,
4919 "GAK, null buffer\n");
4924 /* if AUTH skipped, see if it verified... */
4929 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) {
4931 * Restart the timer if we have
4934 struct sctp_tmit_chunk *chk;
4936 chk = TAILQ_FIRST(&stcb->asoc.sent_queue);
4938 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4939 stcb->sctp_ep, stcb,
4945 case SCTP_COOKIE_ACK:
4946 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_COOKIE-ACK, stcb %p\n", stcb);
4947 if ((stcb == NULL) || chk_length != sizeof(struct sctp_cookie_ack_chunk)) {
4949 SCTP_TCB_UNLOCK(locked_tcb);
4953 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4954 /* We are not interested anymore */
4955 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4958 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4959 so = SCTP_INP_SO(inp);
4960 atomic_add_int(&stcb->asoc.refcnt, 1);
4961 SCTP_TCB_UNLOCK(stcb);
4962 SCTP_SOCKET_LOCK(so, 1);
4963 SCTP_TCB_LOCK(stcb);
4964 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4966 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27);
4967 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4968 SCTP_SOCKET_UNLOCK(so, 1);
4974 /* He's alive so give him credit */
4975 if ((stcb) && netp && *netp) {
4976 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4977 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4978 stcb->asoc.overall_error_count,
4980 SCTP_FROM_SCTP_INPUT,
4983 stcb->asoc.overall_error_count = 0;
4984 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
4988 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ECN-ECHO\n");
4989 /* He's alive so give him credit */
4990 if ((stcb == NULL) || (chk_length != sizeof(struct sctp_ecne_chunk))) {
4993 SCTP_TCB_UNLOCK(locked_tcb);
4999 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5000 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5001 stcb->asoc.overall_error_count,
5003 SCTP_FROM_SCTP_INPUT,
5006 stcb->asoc.overall_error_count = 0;
5007 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
5012 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ECN-CWR\n");
5013 /* He's alive so give him credit */
5014 if ((stcb == NULL) || (chk_length != sizeof(struct sctp_cwr_chunk))) {
5017 SCTP_TCB_UNLOCK(locked_tcb);
5023 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5024 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5025 stcb->asoc.overall_error_count,
5027 SCTP_FROM_SCTP_INPUT,
5030 stcb->asoc.overall_error_count = 0;
5031 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
5034 case SCTP_SHUTDOWN_COMPLETE:
5035 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-COMPLETE, stcb %p\n", stcb);
5036 /* must be first and only chunk */
5037 if ((num_chunks > 1) ||
5038 (length - *offset > (int)SCTP_SIZE32(chk_length))) {
5041 SCTP_TCB_UNLOCK(locked_tcb);
5045 if ((stcb) && netp && *netp) {
5046 sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch,
5053 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n");
5054 /* He's alive so give him credit */
5056 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5057 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5058 stcb->asoc.overall_error_count,
5060 SCTP_FROM_SCTP_INPUT,
5063 stcb->asoc.overall_error_count = 0;
5064 sctp_handle_asconf(m, *offset,
5065 (struct sctp_asconf_chunk *)ch, stcb, asconf_cnt == 0);
5069 case SCTP_ASCONF_ACK:
5070 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF-ACK\n");
5071 if (chk_length < sizeof(struct sctp_asconf_ack_chunk)) {
5074 SCTP_TCB_UNLOCK(locked_tcb);
5079 if ((stcb) && netp && *netp) {
5080 /* He's alive so give him credit */
5081 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5082 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5083 stcb->asoc.overall_error_count,
5085 SCTP_FROM_SCTP_INPUT,
5088 stcb->asoc.overall_error_count = 0;
5089 sctp_handle_asconf_ack(m, *offset,
5090 (struct sctp_asconf_ack_chunk *)ch, stcb, *netp, &abort_no_unlock);
5091 if (abort_no_unlock)
5095 case SCTP_FORWARD_CUM_TSN:
5096 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_FWD-TSN\n");
5097 if (chk_length < sizeof(struct sctp_forward_tsn_chunk)) {
5100 SCTP_TCB_UNLOCK(locked_tcb);
5105 /* He's alive so give him credit */
5109 stcb->asoc.overall_error_count = 0;
5110 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5111 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5112 stcb->asoc.overall_error_count,
5114 SCTP_FROM_SCTP_INPUT,
5118 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5119 /* We are not interested anymore */
5120 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5121 so = SCTP_INP_SO(inp);
5122 atomic_add_int(&stcb->asoc.refcnt, 1);
5123 SCTP_TCB_UNLOCK(stcb);
5124 SCTP_SOCKET_LOCK(so, 1);
5125 SCTP_TCB_LOCK(stcb);
5126 atomic_subtract_int(&stcb->asoc.refcnt, 1);
5128 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_29);
5129 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5130 SCTP_SOCKET_UNLOCK(so, 1);
5135 sctp_handle_forward_tsn(stcb,
5136 (struct sctp_forward_tsn_chunk *)ch, &abort_flag, m, *offset);
5141 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5142 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5143 stcb->asoc.overall_error_count,
5145 SCTP_FROM_SCTP_INPUT,
5148 stcb->asoc.overall_error_count = 0;
5153 case SCTP_STREAM_RESET:
5154 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_STREAM_RESET\n");
5155 if (((stcb == NULL) || (ch == NULL) || (chk_length < sizeof(struct sctp_stream_reset_tsn_req)))) {
5158 SCTP_TCB_UNLOCK(locked_tcb);
5163 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5164 /* We are not interested anymore */
5165 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5166 so = SCTP_INP_SO(inp);
5167 atomic_add_int(&stcb->asoc.refcnt, 1);
5168 SCTP_TCB_UNLOCK(stcb);
5169 SCTP_SOCKET_LOCK(so, 1);
5170 SCTP_TCB_LOCK(stcb);
5171 atomic_subtract_int(&stcb->asoc.refcnt, 1);
5173 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_30);
5174 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5175 SCTP_SOCKET_UNLOCK(so, 1);
5180 if (stcb->asoc.peer_supports_strreset == 0) {
5182 * hmm, peer should have announced this, but
5183 * we will turn it on since he is sending us
5186 stcb->asoc.peer_supports_strreset = 1;
5188 if (sctp_handle_stream_reset(stcb, m, *offset, (struct sctp_stream_reset_out_req *)ch)) {
5189 /* stop processing */
5194 case SCTP_PACKET_DROPPED:
5195 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_PACKET_DROPPED\n");
5196 /* re-get it all please */
5197 if (chk_length < sizeof(struct sctp_pktdrop_chunk)) {
5200 SCTP_TCB_UNLOCK(locked_tcb);
5205 if (ch && (stcb) && netp && (*netp)) {
5206 sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch,
5208 min(chk_length, (sizeof(chunk_buf) - 4)));
5213 case SCTP_AUTHENTICATION:
5214 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_AUTHENTICATION\n");
5215 if (SCTP_BASE_SYSCTL(sctp_auth_disable))
5219 /* save the first AUTH for later processing */
5220 if (auth_skipped == 0) {
5221 auth_offset = *offset;
5222 auth_len = chk_length;
5225 /* skip this chunk (temporarily) */
5228 if ((chk_length < (sizeof(struct sctp_auth_chunk))) ||
5229 (chk_length > (sizeof(struct sctp_auth_chunk) +
5230 SCTP_AUTH_DIGEST_LEN_MAX))) {
5233 SCTP_TCB_UNLOCK(locked_tcb);
5238 if (got_auth == 1) {
5239 /* skip this chunk... it's already auth'd */
5243 if ((ch == NULL) || sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch,
5245 /* auth HMAC failed so dump the packet */
5249 /* remaining chunks are HMAC checked */
5250 stcb->asoc.authenticated = 1;
5256 /* it's an unknown chunk! */
5257 if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
5259 struct sctp_paramhdr *phd;
5261 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
5262 0, M_DONTWAIT, 1, MT_DATA);
5264 phd = mtod(mm, struct sctp_paramhdr *);
5266 * We cheat and use param type since
5267 * we did not bother to define a
5268 * error cause struct. They are the
5269 * same basic format with different
5272 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
5273 phd->param_length = htons(chk_length + sizeof(*phd));
5274 SCTP_BUF_LEN(mm) = sizeof(*phd);
5275 SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, SCTP_SIZE32(chk_length),
5277 if (SCTP_BUF_NEXT(mm)) {
5278 #ifdef SCTP_MBUF_LOGGING
5279 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
5282 mat = SCTP_BUF_NEXT(mm);
5284 if (SCTP_BUF_IS_EXTENDED(mat)) {
5285 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
5287 mat = SCTP_BUF_NEXT(mat);
5291 sctp_queue_op_err(stcb, mm);
5297 if ((ch->chunk_type & 0x80) == 0) {
5298 /* discard this packet */
5301 } /* else skip this bad chunk and continue... */
5303 } /* switch (ch->chunk_type) */
5307 /* get the next chunk */
5308 *offset += SCTP_SIZE32(chk_length);
5309 if (*offset >= length) {
5310 /* no more data left in the mbuf chain */
5313 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
5314 sizeof(struct sctp_chunkhdr), chunk_buf);
5317 SCTP_TCB_UNLOCK(locked_tcb);
5324 if (asconf_cnt > 0 && stcb != NULL) {
5325 sctp_send_asconf_ack(stcb);
5332 * Process the ECN bits we have something set so we must look to see if it is
5333 * ECN(0) or ECN(1) or CE
5336 sctp_process_ecn_marked_a(struct sctp_tcb *stcb, struct sctp_nets *net,
5339 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
5341 } else if ((ecn_bits & SCTP_ECT1_BIT) == SCTP_ECT1_BIT) {
5343 * we only add to the nonce sum for ECT1, ECT0 does not
5344 * change the NS bit (that we have yet to find a way to send
5348 /* ECN Nonce stuff */
5349 stcb->asoc.receiver_nonce_sum++;
5350 stcb->asoc.receiver_nonce_sum &= SCTP_SACK_NONCE_SUM;
5353 * Drag up the last_echo point if cumack is larger since we
5354 * don't want the point falling way behind by more than
5355 * 2^^31 and then having it be incorrect.
5357 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
5358 stcb->asoc.last_echo_tsn, MAX_TSN)) {
5359 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
5361 } else if ((ecn_bits & SCTP_ECT0_BIT) == SCTP_ECT0_BIT) {
5363 * Drag up the last_echo point if cumack is larger since we
5364 * don't want the point falling way behind by more than
5365 * 2^^31 and then having it be incorrect.
5367 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
5368 stcb->asoc.last_echo_tsn, MAX_TSN)) {
5369 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
5375 sctp_process_ecn_marked_b(struct sctp_tcb *stcb, struct sctp_nets *net,
5376 uint32_t high_tsn, uint8_t ecn_bits)
5378 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
5380 * we possibly must notify the sender that a congestion
5381 * window reduction is in order. We do this by adding a ECNE
5382 * chunk to the output chunk queue. The incoming CWR will
5383 * remove this chunk.
5385 if (compare_with_wrap(high_tsn, stcb->asoc.last_echo_tsn,
5387 /* Yep, we need to add a ECNE */
5388 sctp_send_ecn_echo(stcb, net, high_tsn);
5389 stcb->asoc.last_echo_tsn = high_tsn;
5396 sctp_validate_no_locks(struct sctp_inpcb *inp)
5398 struct sctp_tcb *stcb;
5400 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
5401 if (mtx_owned(&stcb->tcb_mtx)) {
5402 panic("Own lock on stcb at return from input");
5410 * common input chunk processing (v4 and v6)
5413 sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
5414 int length, struct sctphdr *sh, struct sctp_chunkhdr *ch,
5415 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
5416 uint8_t ecn_bits, uint32_t vrf_id, uint16_t port)
5419 * Control chunk processing
5422 int fwd_tsn_seen = 0, data_processed = 0;
5423 struct mbuf *m = *mm;
5427 SCTP_STAT_INCR(sctps_recvdatagrams);
5428 #ifdef SCTP_AUDITING_ENABLED
5429 sctp_audit_log(0xE0, 1);
5430 sctp_auditing(0, inp, stcb, net);
5433 SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n",
5434 m, iphlen, offset, length, stcb);
5436 /* always clear this before beginning a packet */
5437 stcb->asoc.authenticated = 0;
5438 stcb->asoc.seen_a_sack_this_pkt = 0;
5439 SCTPDBG(SCTP_DEBUG_INPUT1, "stcb:%p state:%x\n",
5440 stcb, stcb->asoc.state);
5442 if ((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) ||
5443 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) {
5445 * If we hit here, we had a ref count
5446 * up when the assoc was aborted and the
5447 * timer is clearing out the assoc, we should
5448 * NOT respond to any packet.. its OOTB.
5450 SCTP_TCB_UNLOCK(stcb);
5451 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL,
5456 if (IS_SCTP_CONTROL(ch)) {
5457 /* process the control portion of the SCTP packet */
5458 /* sa_ignore NO_NULL_CHK */
5459 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
5460 inp, stcb, &net, &fwd_tsn_seen, vrf_id, port);
5463 * This covers us if the cookie-echo was there and
5464 * it changes our INP.
5466 inp = stcb->sctp_ep;
5467 if ((net) && (port)) {
5468 if (net->port == 0) {
5469 sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr));
5476 * no control chunks, so pre-process DATA chunks (these
5477 * checks are taken care of by control processing)
5481 * if DATA only packet, and auth is required, then punt...
5482 * can't have authenticated without any AUTH (control)
5485 if ((stcb != NULL) &&
5486 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
5487 sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) {
5488 /* "silently" ignore */
5489 SCTP_STAT_INCR(sctps_recvauthmissing);
5490 SCTP_TCB_UNLOCK(stcb);
5494 /* out of the blue DATA chunk */
5495 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL,
5499 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) {
5500 /* v_tag mismatch! */
5501 SCTP_STAT_INCR(sctps_badvtag);
5502 SCTP_TCB_UNLOCK(stcb);
5509 * no valid TCB for this packet, or we found it's a bad
5510 * packet while processing control, or we're done with this
5511 * packet (done or skip rest of data), so we drop it...
5516 * DATA chunk processing
5518 /* plow through the data chunks while length > offset */
5521 * Rest should be DATA only. Check authentication state if AUTH for
5524 if ((length > offset) &&
5526 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
5527 sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) &&
5528 !stcb->asoc.authenticated) {
5529 /* "silently" ignore */
5530 SCTP_STAT_INCR(sctps_recvauthmissing);
5531 SCTPDBG(SCTP_DEBUG_AUTH1,
5532 "Data chunk requires AUTH, skipped\n");
5535 if (length > offset) {
5539 * First check to make sure our state is correct. We would
5540 * not get here unless we really did have a tag, so we don't
5541 * abort if this happens, just dump the chunk silently.
5543 switch (SCTP_GET_STATE(&stcb->asoc)) {
5544 case SCTP_STATE_COOKIE_ECHOED:
5546 * we consider data with valid tags in this state
5547 * shows us the cookie-ack was lost. Imply it was
5550 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5551 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5552 stcb->asoc.overall_error_count,
5554 SCTP_FROM_SCTP_INPUT,
5557 stcb->asoc.overall_error_count = 0;
5558 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
5560 case SCTP_STATE_COOKIE_WAIT:
5562 * We consider OOTB any data sent during asoc setup.
5564 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL,
5566 SCTP_TCB_UNLOCK(stcb);
5568 /* sa_ignore NOTREACHED */
5570 case SCTP_STATE_EMPTY: /* should not happen */
5571 case SCTP_STATE_INUSE: /* should not happen */
5572 case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */
5573 case SCTP_STATE_SHUTDOWN_ACK_SENT:
5575 SCTP_TCB_UNLOCK(stcb);
5577 /* sa_ignore NOTREACHED */
5579 case SCTP_STATE_OPEN:
5580 case SCTP_STATE_SHUTDOWN_SENT:
5583 /* take care of ECN, part 1. */
5584 if (stcb->asoc.ecn_allowed &&
5585 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
5586 sctp_process_ecn_marked_a(stcb, net, ecn_bits);
5588 /* plow through the data chunks while length > offset */
5589 retval = sctp_process_data(mm, iphlen, &offset, length, sh,
5590 inp, stcb, net, &high_tsn);
5593 * The association aborted, NO UNLOCK needed since
5594 * the association is destroyed.
5600 /* take care of ecn part 2. */
5601 if (stcb->asoc.ecn_allowed &&
5602 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
5603 sctp_process_ecn_marked_b(stcb, net, high_tsn,
5608 * Anything important needs to have been m_copy'ed in
5612 if ((data_processed == 0) && (fwd_tsn_seen)) {
5615 if (compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
5616 stcb->asoc.cumulative_tsn, MAX_TSN)) {
5617 /* there was a gap before this data was processed */
5620 stcb->asoc.send_sack = 1;
5621 sctp_sack_check(stcb, 1, was_a_gap, &abort_flag);
5623 /* Again, we aborted so NO UNLOCK needed */
5626 } else if (fwd_tsn_seen) {
5627 stcb->asoc.send_sack = 1;
5629 /* trigger send of any chunks in queue... */
5631 #ifdef SCTP_AUDITING_ENABLED
5632 sctp_audit_log(0xE0, 2);
5633 sctp_auditing(1, inp, stcb, net);
5635 SCTPDBG(SCTP_DEBUG_INPUT1,
5636 "Check for chunk output prw:%d tqe:%d tf=%d\n",
5637 stcb->asoc.peers_rwnd,
5638 TAILQ_EMPTY(&stcb->asoc.control_send_queue),
5639 stcb->asoc.total_flight);
5640 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight);
5642 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue) ||
5644 (stcb->asoc.peers_rwnd > 0 ||
5645 (stcb->asoc.peers_rwnd <= 0 && stcb->asoc.total_flight == 0)))) {
5646 SCTPDBG(SCTP_DEBUG_INPUT3, "Calling chunk OUTPUT\n");
5647 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED);
5648 SCTPDBG(SCTP_DEBUG_INPUT3, "chunk OUTPUT returns\n");
5650 #ifdef SCTP_AUDITING_ENABLED
5651 sctp_audit_log(0xE0, 3);
5652 sctp_auditing(2, inp, stcb, net);
5654 SCTP_TCB_UNLOCK(stcb);
5657 sctp_validate_no_locks(inp);
5664 sctp_print_mbuf_chain(struct mbuf *m)
5666 for (; m; m = SCTP_BUF_NEXT(m)) {
5667 printf("%p: m_len = %ld\n", m, SCTP_BUF_LEN(m));
5668 if (SCTP_BUF_IS_EXTENDED(m))
5669 printf("%p: extend_size = %d\n", m, SCTP_BUF_EXTEND_SIZE(m));
5676 sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port)
5678 #ifdef SCTP_MBUF_LOGGING
5684 uint32_t vrf_id = 0;
5688 struct sctp_inpcb *inp = NULL;
5690 uint32_t check, calc_check;
5691 struct sctp_nets *net;
5692 struct sctp_tcb *stcb = NULL;
5693 struct sctp_chunkhdr *ch;
5694 int refcount_up = 0;
5695 int length, mlen, offset;
5697 if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) {
5698 SCTP_RELEASE_PKT(i_pak);
5701 mlen = SCTP_HEADER_LEN(i_pak);
5703 m = SCTP_HEADER_TO_CHAIN(i_pak);
5706 SCTP_STAT_INCR(sctps_recvpackets);
5707 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
5710 #ifdef SCTP_MBUF_LOGGING
5711 /* Log in any input mbufs */
5712 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
5715 if (SCTP_BUF_IS_EXTENDED(mat)) {
5716 sctp_log_mb(mat, SCTP_MBUF_INPUT);
5718 mat = SCTP_BUF_NEXT(mat);
5722 #ifdef SCTP_PACKET_LOGGING
5723 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
5724 sctp_packet_log(m, mlen);
5727 * Must take out the iphlen, since mlen expects this (only effect lb
5733 * Get IP, SCTP, and first chunk header together in first mbuf.
5735 ip = mtod(m, struct ip *);
5736 offset = iphlen + sizeof(*sh) + sizeof(*ch);
5737 if (SCTP_BUF_LEN(m) < offset) {
5738 if ((m = m_pullup(m, offset)) == 0) {
5739 SCTP_STAT_INCR(sctps_hdrops);
5742 ip = mtod(m, struct ip *);
5744 /* validate mbuf chain length with IP payload length */
5745 if (mlen < (SCTP_GET_IPV4_LENGTH(ip) - iphlen)) {
5746 SCTP_STAT_INCR(sctps_hdrops);
5749 sh = (struct sctphdr *)((caddr_t)ip + iphlen);
5750 ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(*sh));
5751 SCTPDBG(SCTP_DEBUG_INPUT1,
5752 "sctp_input() length:%d iphlen:%d\n", mlen, iphlen);
5754 /* SCTP does not allow broadcasts or multicasts */
5755 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
5758 if (SCTP_IS_IT_BROADCAST(ip->ip_dst, m)) {
5760 * We only look at broadcast if its a front state, All
5761 * others we will not have a tcb for anyway.
5765 /* validate SCTP checksum */
5766 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD,
5767 "sctp_input(): Packet of length %d received on %s with csum_flags 0x%x.\n",
5769 if_name(m->m_pkthdr.rcvif),
5770 m->m_pkthdr.csum_flags);
5771 if (m->m_pkthdr.csum_flags & CSUM_SCTP_VALID) {
5772 SCTP_STAT_INCR(sctps_recvhwcrc);
5773 goto sctp_skip_csum_4;
5775 check = sh->checksum; /* save incoming checksum */
5776 if ((check == 0) && (SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback)) &&
5777 ((ip->ip_src.s_addr == ip->ip_dst.s_addr) ||
5778 (SCTP_IS_IT_LOOPBACK(m)))
5780 SCTP_STAT_INCR(sctps_recvnocrc);
5781 goto sctp_skip_csum_4;
5783 sh->checksum = 0; /* prepare for calc */
5784 calc_check = sctp_calculate_cksum(m, iphlen);
5785 SCTP_STAT_INCR(sctps_recvswcrc);
5786 if (calc_check != check) {
5787 SCTPDBG(SCTP_DEBUG_INPUT1, "Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n",
5788 calc_check, check, m, mlen, iphlen);
5790 stcb = sctp_findassociation_addr(m, iphlen,
5791 offset - sizeof(*ch),
5794 if ((net) && (port)) {
5795 if (net->port == 0) {
5796 sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr));
5800 if ((inp) && (stcb)) {
5801 sctp_send_packet_dropped(stcb, net, m, iphlen, 1);
5802 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED);
5803 } else if ((inp != NULL) && (stcb == NULL)) {
5806 SCTP_STAT_INCR(sctps_badsum);
5807 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors);
5810 sh->checksum = calc_check;
5812 /* destination port of 0 is illegal, based on RFC2960. */
5813 if (sh->dest_port == 0) {
5814 SCTP_STAT_INCR(sctps_hdrops);
5818 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants
5819 * IP/SCTP/first chunk header...
5821 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch),
5822 sh, ch, &inp, &net, vrf_id);
5823 if ((net) && (port)) {
5824 if (net->port == 0) {
5825 sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr));
5829 /* inp's ref-count increased && stcb locked */
5831 struct sctp_init_chunk *init_chk, chunk_buf;
5833 SCTP_STAT_INCR(sctps_noport);
5836 * we use the bandwidth limiting to protect against sending
5837 * too many ABORTS all at once. In this case these count the
5838 * same as an ICMP message.
5840 if (badport_bandlim(0) < 0)
5842 #endif /* ICMP_BANDLIM */
5843 SCTPDBG(SCTP_DEBUG_INPUT1,
5844 "Sending a ABORT from packet entry!\n");
5845 if (ch->chunk_type == SCTP_INITIATION) {
5847 * we do a trick here to get the INIT tag, dig in
5848 * and get the tag from the INIT and put it in the
5851 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m,
5852 iphlen + sizeof(*sh), sizeof(*init_chk),
5853 (uint8_t *) & chunk_buf);
5854 if (init_chk != NULL)
5855 sh->v_tag = init_chk->init.initiate_tag;
5857 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
5858 sctp_send_shutdown_complete2(m, iphlen, sh, vrf_id, port);
5861 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
5864 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
5865 sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
5867 } else if (stcb == NULL) {
5872 * I very much doubt any of the IPSEC stuff will work but I have no
5873 * idea, so I will leave it in place.
5875 if (inp && ipsec4_in_reject(m, &inp->ip_inp.inp)) {
5876 MODULE_GLOBAL(MOD_IPSEC, ipsec4stat).in_polvio++;
5877 SCTP_STAT_INCR(sctps_hdrops);
5883 * common chunk processing
5885 length = ip->ip_len + iphlen;
5886 offset -= sizeof(struct sctp_chunkhdr);
5888 ecn_bits = ip->ip_tos;
5890 /* sa_ignore NO_NULL_CHK */
5891 sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
5892 inp, stcb, net, ecn_bits, vrf_id, port);
5893 /* inp's ref-count reduced && stcb unlocked */
5897 if ((inp) && (refcount_up)) {
5898 /* reduce ref-count */
5899 SCTP_INP_DECR_REF(inp);
5904 SCTP_TCB_UNLOCK(stcb);
5906 if ((inp) && (refcount_up)) {
5907 /* reduce ref-count */
5908 SCTP_INP_DECR_REF(inp);
5916 sctp_input(i_pak, off)
5920 sctp_input_with_port(i_pak, off, 0);
projects / FreeBSD / releng / 8.0.git / blob