Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netinet/sctputil.c
Version:
- FREEBSD - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-2 - FREEBSD-11-1 - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-4 - FREEBSD-10-3 - FREEBSD-10-2 - FREEBSD-10-1 - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-3 - FREEBSD-9-2 - FREEBSD-9-1 - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-4 - FREEBSD-8-3 - FREEBSD-8-2 - FREEBSD-8-1 - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-4 - FREEBSD-7-3 - FREEBSD-7-2 - FREEBSD-7-1 - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-4 - FREEBSD-6-3 - FREEBSD-6-2 - FREEBSD-6-1 - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-5 - FREEBSD-5-4 - FREEBSD-5-3 - FREEBSD-5-2 - FREEBSD-5-1 - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - linux-2.6 - linux-2.4.22 - MK83 - MK84 - PLAN9 - DFBSD - NETBSD - NETBSD5 - NETBSD4 - NETBSD3 - NETBSD20 - OPENBSD - xnu-517 - xnu-792 - xnu-792.6.70 - xnu-1228 - xnu-1456.1.26 - xnu-1699.24.8 - xnu-2050.18.24 - OPENSOLARIS - minix-3-1-1
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* $KAME: sctputil.c,v 1.37 2005/03/07 23:26:09 itojun Exp $ */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD: releng/8.1/sys/netinet/sctputil.c 209067 2010-06-11 20:38:20Z tuexen $"); 35 36 #include <netinet/sctp_os.h> 37 #include <netinet/sctp_pcb.h> 38 #include <netinet/sctputil.h> 39 #include <netinet/sctp_var.h> 40 #include <netinet/sctp_sysctl.h> 41 #ifdef INET6 42 #endif 43 #include <netinet/sctp_header.h> 44 #include <netinet/sctp_output.h> 45 #include <netinet/sctp_uio.h> 46 #include <netinet/sctp_timer.h> 47 #include <netinet/sctp_indata.h>/* for sctp_deliver_data() */ 48 #include <netinet/sctp_auth.h> 49 #include <netinet/sctp_asconf.h> 50 #include <netinet/sctp_cc_functions.h> 51 #include <netinet/sctp_bsd_addr.h> 52 53 #define NUMBER_OF_MTU_SIZES 18 54 55 56 #ifndef KTR_SCTP 57 #define KTR_SCTP KTR_SUBSYS 58 #endif 59 60 void 61 sctp_sblog(struct sockbuf *sb, 62 struct sctp_tcb *stcb, int from, int incr) 63 { 64 struct sctp_cwnd_log sctp_clog; 65 66 sctp_clog.x.sb.stcb = stcb; 67 sctp_clog.x.sb.so_sbcc = sb->sb_cc; 68 if (stcb) 69 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc; 70 else 71 sctp_clog.x.sb.stcb_sbcc = 0; 72 sctp_clog.x.sb.incr = incr; 73 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 74 SCTP_LOG_EVENT_SB, 75 from, 76 sctp_clog.x.misc.log1, 77 sctp_clog.x.misc.log2, 78 sctp_clog.x.misc.log3, 79 sctp_clog.x.misc.log4); 80 } 81 82 void 83 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 84 { 85 struct sctp_cwnd_log sctp_clog; 86 87 sctp_clog.x.close.inp = (void *)inp; 88 sctp_clog.x.close.sctp_flags = inp->sctp_flags; 89 if (stcb) { 90 sctp_clog.x.close.stcb = (void *)stcb; 91 sctp_clog.x.close.state = (uint16_t) stcb->asoc.state; 92 } else { 93 sctp_clog.x.close.stcb = 0; 94 sctp_clog.x.close.state = 0; 95 } 96 sctp_clog.x.close.loc = loc; 97 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 98 SCTP_LOG_EVENT_CLOSE, 99 0, 100 sctp_clog.x.misc.log1, 101 sctp_clog.x.misc.log2, 102 sctp_clog.x.misc.log3, 103 sctp_clog.x.misc.log4); 104 } 105 106 107 void 108 rto_logging(struct sctp_nets *net, int from) 109 { 110 struct sctp_cwnd_log sctp_clog; 111 112 memset(&sctp_clog, 0, sizeof(sctp_clog)); 113 sctp_clog.x.rto.net = (void *)net; 114 sctp_clog.x.rto.rtt = net->prev_rtt; 115 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 116 SCTP_LOG_EVENT_RTT, 117 from, 118 sctp_clog.x.misc.log1, 119 sctp_clog.x.misc.log2, 120 sctp_clog.x.misc.log3, 121 sctp_clog.x.misc.log4); 122 123 } 124 125 void 126 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 127 { 128 struct sctp_cwnd_log sctp_clog; 129 130 sctp_clog.x.strlog.stcb = stcb; 131 sctp_clog.x.strlog.n_tsn = tsn; 132 sctp_clog.x.strlog.n_sseq = sseq; 133 sctp_clog.x.strlog.e_tsn = 0; 134 sctp_clog.x.strlog.e_sseq = 0; 135 sctp_clog.x.strlog.strm = stream; 136 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 137 SCTP_LOG_EVENT_STRM, 138 from, 139 sctp_clog.x.misc.log1, 140 sctp_clog.x.misc.log2, 141 sctp_clog.x.misc.log3, 142 sctp_clog.x.misc.log4); 143 144 } 145 146 void 147 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 148 { 149 struct sctp_cwnd_log sctp_clog; 150 151 sctp_clog.x.nagle.stcb = (void *)stcb; 152 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight; 153 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 154 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 155 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count; 156 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 157 SCTP_LOG_EVENT_NAGLE, 158 action, 159 sctp_clog.x.misc.log1, 160 sctp_clog.x.misc.log2, 161 sctp_clog.x.misc.log3, 162 sctp_clog.x.misc.log4); 163 } 164 165 166 void 167 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 168 { 169 struct sctp_cwnd_log sctp_clog; 170 171 sctp_clog.x.sack.cumack = cumack; 172 sctp_clog.x.sack.oldcumack = old_cumack; 173 sctp_clog.x.sack.tsn = tsn; 174 sctp_clog.x.sack.numGaps = gaps; 175 sctp_clog.x.sack.numDups = dups; 176 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 177 SCTP_LOG_EVENT_SACK, 178 from, 179 sctp_clog.x.misc.log1, 180 sctp_clog.x.misc.log2, 181 sctp_clog.x.misc.log3, 182 sctp_clog.x.misc.log4); 183 } 184 185 void 186 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 187 { 188 struct sctp_cwnd_log sctp_clog; 189 190 memset(&sctp_clog, 0, sizeof(sctp_clog)); 191 sctp_clog.x.map.base = map; 192 sctp_clog.x.map.cum = cum; 193 sctp_clog.x.map.high = high; 194 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 195 SCTP_LOG_EVENT_MAP, 196 from, 197 sctp_clog.x.misc.log1, 198 sctp_clog.x.misc.log2, 199 sctp_clog.x.misc.log3, 200 sctp_clog.x.misc.log4); 201 } 202 203 void 204 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, 205 int from) 206 { 207 struct sctp_cwnd_log sctp_clog; 208 209 memset(&sctp_clog, 0, sizeof(sctp_clog)); 210 sctp_clog.x.fr.largest_tsn = biggest_tsn; 211 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn; 212 sctp_clog.x.fr.tsn = tsn; 213 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 214 SCTP_LOG_EVENT_FR, 215 from, 216 sctp_clog.x.misc.log1, 217 sctp_clog.x.misc.log2, 218 sctp_clog.x.misc.log3, 219 sctp_clog.x.misc.log4); 220 221 } 222 223 224 void 225 sctp_log_mb(struct mbuf *m, int from) 226 { 227 struct sctp_cwnd_log sctp_clog; 228 229 sctp_clog.x.mb.mp = m; 230 sctp_clog.x.mb.mbuf_flags = (uint8_t) (SCTP_BUF_GET_FLAGS(m)); 231 sctp_clog.x.mb.size = (uint16_t) (SCTP_BUF_LEN(m)); 232 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0); 233 if (SCTP_BUF_IS_EXTENDED(m)) { 234 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 235 sctp_clog.x.mb.refcnt = (uint8_t) (SCTP_BUF_EXTEND_REFCNT(m)); 236 } else { 237 sctp_clog.x.mb.ext = 0; 238 sctp_clog.x.mb.refcnt = 0; 239 } 240 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 241 SCTP_LOG_EVENT_MBUF, 242 from, 243 sctp_clog.x.misc.log1, 244 sctp_clog.x.misc.log2, 245 sctp_clog.x.misc.log3, 246 sctp_clog.x.misc.log4); 247 } 248 249 250 void 251 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, 252 int from) 253 { 254 struct sctp_cwnd_log sctp_clog; 255 256 if (control == NULL) { 257 SCTP_PRINTF("Gak log of NULL?\n"); 258 return; 259 } 260 sctp_clog.x.strlog.stcb = control->stcb; 261 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn; 262 sctp_clog.x.strlog.n_sseq = control->sinfo_ssn; 263 sctp_clog.x.strlog.strm = control->sinfo_stream; 264 if (poschk != NULL) { 265 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn; 266 sctp_clog.x.strlog.e_sseq = poschk->sinfo_ssn; 267 } else { 268 sctp_clog.x.strlog.e_tsn = 0; 269 sctp_clog.x.strlog.e_sseq = 0; 270 } 271 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 272 SCTP_LOG_EVENT_STRM, 273 from, 274 sctp_clog.x.misc.log1, 275 sctp_clog.x.misc.log2, 276 sctp_clog.x.misc.log3, 277 sctp_clog.x.misc.log4); 278 279 } 280 281 void 282 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 283 { 284 struct sctp_cwnd_log sctp_clog; 285 286 sctp_clog.x.cwnd.net = net; 287 if (stcb->asoc.send_queue_cnt > 255) 288 sctp_clog.x.cwnd.cnt_in_send = 255; 289 else 290 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 291 if (stcb->asoc.stream_queue_cnt > 255) 292 sctp_clog.x.cwnd.cnt_in_str = 255; 293 else 294 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 295 296 if (net) { 297 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd; 298 sctp_clog.x.cwnd.inflight = net->flight_size; 299 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack; 300 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 301 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 302 } 303 if (SCTP_CWNDLOG_PRESEND == from) { 304 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 305 } 306 sctp_clog.x.cwnd.cwnd_augment = augment; 307 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 308 SCTP_LOG_EVENT_CWND, 309 from, 310 sctp_clog.x.misc.log1, 311 sctp_clog.x.misc.log2, 312 sctp_clog.x.misc.log3, 313 sctp_clog.x.misc.log4); 314 315 } 316 317 void 318 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 319 { 320 struct sctp_cwnd_log sctp_clog; 321 322 memset(&sctp_clog, 0, sizeof(sctp_clog)); 323 if (inp) { 324 sctp_clog.x.lock.sock = (void *)inp->sctp_socket; 325 326 } else { 327 sctp_clog.x.lock.sock = (void *)NULL; 328 } 329 sctp_clog.x.lock.inp = (void *)inp; 330 if (stcb) { 331 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 332 } else { 333 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 334 } 335 if (inp) { 336 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 337 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 338 } else { 339 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 340 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN; 341 } 342 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx)); 343 if (inp->sctp_socket) { 344 sctp_clog.x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 345 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 346 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 347 } else { 348 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 349 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 350 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 351 } 352 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 353 SCTP_LOG_LOCK_EVENT, 354 from, 355 sctp_clog.x.misc.log1, 356 sctp_clog.x.misc.log2, 357 sctp_clog.x.misc.log3, 358 sctp_clog.x.misc.log4); 359 360 } 361 362 void 363 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 364 { 365 struct sctp_cwnd_log sctp_clog; 366 367 memset(&sctp_clog, 0, sizeof(sctp_clog)); 368 sctp_clog.x.cwnd.net = net; 369 sctp_clog.x.cwnd.cwnd_new_value = error; 370 sctp_clog.x.cwnd.inflight = net->flight_size; 371 sctp_clog.x.cwnd.cwnd_augment = burst; 372 if (stcb->asoc.send_queue_cnt > 255) 373 sctp_clog.x.cwnd.cnt_in_send = 255; 374 else 375 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 376 if (stcb->asoc.stream_queue_cnt > 255) 377 sctp_clog.x.cwnd.cnt_in_str = 255; 378 else 379 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 380 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 381 SCTP_LOG_EVENT_MAXBURST, 382 from, 383 sctp_clog.x.misc.log1, 384 sctp_clog.x.misc.log2, 385 sctp_clog.x.misc.log3, 386 sctp_clog.x.misc.log4); 387 388 } 389 390 void 391 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 392 { 393 struct sctp_cwnd_log sctp_clog; 394 395 sctp_clog.x.rwnd.rwnd = peers_rwnd; 396 sctp_clog.x.rwnd.send_size = snd_size; 397 sctp_clog.x.rwnd.overhead = overhead; 398 sctp_clog.x.rwnd.new_rwnd = 0; 399 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 400 SCTP_LOG_EVENT_RWND, 401 from, 402 sctp_clog.x.misc.log1, 403 sctp_clog.x.misc.log2, 404 sctp_clog.x.misc.log3, 405 sctp_clog.x.misc.log4); 406 } 407 408 void 409 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 410 { 411 struct sctp_cwnd_log sctp_clog; 412 413 sctp_clog.x.rwnd.rwnd = peers_rwnd; 414 sctp_clog.x.rwnd.send_size = flight_size; 415 sctp_clog.x.rwnd.overhead = overhead; 416 sctp_clog.x.rwnd.new_rwnd = a_rwndval; 417 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 418 SCTP_LOG_EVENT_RWND, 419 from, 420 sctp_clog.x.misc.log1, 421 sctp_clog.x.misc.log2, 422 sctp_clog.x.misc.log3, 423 sctp_clog.x.misc.log4); 424 } 425 426 void 427 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 428 { 429 struct sctp_cwnd_log sctp_clog; 430 431 sctp_clog.x.mbcnt.total_queue_size = total_oq; 432 sctp_clog.x.mbcnt.size_change = book; 433 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q; 434 sctp_clog.x.mbcnt.mbcnt_change = mbcnt; 435 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 436 SCTP_LOG_EVENT_MBCNT, 437 from, 438 sctp_clog.x.misc.log1, 439 sctp_clog.x.misc.log2, 440 sctp_clog.x.misc.log3, 441 sctp_clog.x.misc.log4); 442 443 } 444 445 void 446 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 447 { 448 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 449 SCTP_LOG_MISC_EVENT, 450 from, 451 a, b, c, d); 452 } 453 454 void 455 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t cumtsn, uint32_t wake_cnt, int from) 456 { 457 struct sctp_cwnd_log sctp_clog; 458 459 sctp_clog.x.wake.stcb = (void *)stcb; 460 sctp_clog.x.wake.wake_cnt = wake_cnt; 461 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count; 462 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt; 463 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt; 464 465 if (stcb->asoc.stream_queue_cnt < 0xff) 466 sctp_clog.x.wake.stream_qcnt = (uint8_t) stcb->asoc.stream_queue_cnt; 467 else 468 sctp_clog.x.wake.stream_qcnt = 0xff; 469 470 if (stcb->asoc.chunks_on_out_queue < 0xff) 471 sctp_clog.x.wake.chunks_on_oque = (uint8_t) stcb->asoc.chunks_on_out_queue; 472 else 473 sctp_clog.x.wake.chunks_on_oque = 0xff; 474 475 sctp_clog.x.wake.sctpflags = 0; 476 /* set in the defered mode stuff */ 477 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 478 sctp_clog.x.wake.sctpflags |= 1; 479 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 480 sctp_clog.x.wake.sctpflags |= 2; 481 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 482 sctp_clog.x.wake.sctpflags |= 4; 483 /* what about the sb */ 484 if (stcb->sctp_socket) { 485 struct socket *so = stcb->sctp_socket; 486 487 sctp_clog.x.wake.sbflags = (uint8_t) ((so->so_snd.sb_flags & 0x00ff)); 488 } else { 489 sctp_clog.x.wake.sbflags = 0xff; 490 } 491 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 492 SCTP_LOG_EVENT_WAKE, 493 from, 494 sctp_clog.x.misc.log1, 495 sctp_clog.x.misc.log2, 496 sctp_clog.x.misc.log3, 497 sctp_clog.x.misc.log4); 498 499 } 500 501 void 502 sctp_log_block(uint8_t from, struct socket *so, struct sctp_association *asoc, int sendlen) 503 { 504 struct sctp_cwnd_log sctp_clog; 505 506 sctp_clog.x.blk.onsb = asoc->total_output_queue_size; 507 sctp_clog.x.blk.send_sent_qcnt = (uint16_t) (asoc->send_queue_cnt + asoc->sent_queue_cnt); 508 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd; 509 sctp_clog.x.blk.stream_qcnt = (uint16_t) asoc->stream_queue_cnt; 510 sctp_clog.x.blk.chunks_on_oque = (uint16_t) asoc->chunks_on_out_queue; 511 sctp_clog.x.blk.flight_size = (uint16_t) (asoc->total_flight / 1024); 512 sctp_clog.x.blk.sndlen = sendlen; 513 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 514 SCTP_LOG_EVENT_BLOCK, 515 from, 516 sctp_clog.x.misc.log1, 517 sctp_clog.x.misc.log2, 518 sctp_clog.x.misc.log3, 519 sctp_clog.x.misc.log4); 520 521 } 522 523 int 524 sctp_fill_stat_log(void *optval, size_t *optsize) 525 { 526 /* May need to fix this if ktrdump does not work */ 527 return (0); 528 } 529 530 #ifdef SCTP_AUDITING_ENABLED 531 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 532 static int sctp_audit_indx = 0; 533 534 static 535 void 536 sctp_print_audit_report(void) 537 { 538 int i; 539 int cnt; 540 541 cnt = 0; 542 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 543 if ((sctp_audit_data[i][0] == 0xe0) && 544 (sctp_audit_data[i][1] == 0x01)) { 545 cnt = 0; 546 SCTP_PRINTF("\n"); 547 } else if (sctp_audit_data[i][0] == 0xf0) { 548 cnt = 0; 549 SCTP_PRINTF("\n"); 550 } else if ((sctp_audit_data[i][0] == 0xc0) && 551 (sctp_audit_data[i][1] == 0x01)) { 552 SCTP_PRINTF("\n"); 553 cnt = 0; 554 } 555 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], 556 (uint32_t) sctp_audit_data[i][1]); 557 cnt++; 558 if ((cnt % 14) == 0) 559 SCTP_PRINTF("\n"); 560 } 561 for (i = 0; i < sctp_audit_indx; i++) { 562 if ((sctp_audit_data[i][0] == 0xe0) && 563 (sctp_audit_data[i][1] == 0x01)) { 564 cnt = 0; 565 SCTP_PRINTF("\n"); 566 } else if (sctp_audit_data[i][0] == 0xf0) { 567 cnt = 0; 568 SCTP_PRINTF("\n"); 569 } else if ((sctp_audit_data[i][0] == 0xc0) && 570 (sctp_audit_data[i][1] == 0x01)) { 571 SCTP_PRINTF("\n"); 572 cnt = 0; 573 } 574 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], 575 (uint32_t) sctp_audit_data[i][1]); 576 cnt++; 577 if ((cnt % 14) == 0) 578 SCTP_PRINTF("\n"); 579 } 580 SCTP_PRINTF("\n"); 581 } 582 583 void 584 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 585 struct sctp_nets *net) 586 { 587 int resend_cnt, tot_out, rep, tot_book_cnt; 588 struct sctp_nets *lnet; 589 struct sctp_tmit_chunk *chk; 590 591 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 592 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 593 sctp_audit_indx++; 594 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 595 sctp_audit_indx = 0; 596 } 597 if (inp == NULL) { 598 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 599 sctp_audit_data[sctp_audit_indx][1] = 0x01; 600 sctp_audit_indx++; 601 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 602 sctp_audit_indx = 0; 603 } 604 return; 605 } 606 if (stcb == NULL) { 607 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 608 sctp_audit_data[sctp_audit_indx][1] = 0x02; 609 sctp_audit_indx++; 610 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 611 sctp_audit_indx = 0; 612 } 613 return; 614 } 615 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 616 sctp_audit_data[sctp_audit_indx][1] = 617 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 618 sctp_audit_indx++; 619 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 620 sctp_audit_indx = 0; 621 } 622 rep = 0; 623 tot_book_cnt = 0; 624 resend_cnt = tot_out = 0; 625 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 626 if (chk->sent == SCTP_DATAGRAM_RESEND) { 627 resend_cnt++; 628 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 629 tot_out += chk->book_size; 630 tot_book_cnt++; 631 } 632 } 633 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 634 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 635 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 636 sctp_audit_indx++; 637 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 638 sctp_audit_indx = 0; 639 } 640 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n", 641 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 642 rep = 1; 643 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 644 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 645 sctp_audit_data[sctp_audit_indx][1] = 646 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 647 sctp_audit_indx++; 648 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 649 sctp_audit_indx = 0; 650 } 651 } 652 if (tot_out != stcb->asoc.total_flight) { 653 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 654 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 655 sctp_audit_indx++; 656 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 657 sctp_audit_indx = 0; 658 } 659 rep = 1; 660 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out, 661 (int)stcb->asoc.total_flight); 662 stcb->asoc.total_flight = tot_out; 663 } 664 if (tot_book_cnt != stcb->asoc.total_flight_count) { 665 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 666 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 667 sctp_audit_indx++; 668 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 669 sctp_audit_indx = 0; 670 } 671 rep = 1; 672 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt); 673 674 stcb->asoc.total_flight_count = tot_book_cnt; 675 } 676 tot_out = 0; 677 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 678 tot_out += lnet->flight_size; 679 } 680 if (tot_out != stcb->asoc.total_flight) { 681 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 682 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 683 sctp_audit_indx++; 684 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 685 sctp_audit_indx = 0; 686 } 687 rep = 1; 688 SCTP_PRINTF("real flight:%d net total was %d\n", 689 stcb->asoc.total_flight, tot_out); 690 /* now corrective action */ 691 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 692 693 tot_out = 0; 694 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 695 if ((chk->whoTo == lnet) && 696 (chk->sent < SCTP_DATAGRAM_RESEND)) { 697 tot_out += chk->book_size; 698 } 699 } 700 if (lnet->flight_size != tot_out) { 701 SCTP_PRINTF("net:%p flight was %d corrected to %d\n", 702 lnet, lnet->flight_size, 703 tot_out); 704 lnet->flight_size = tot_out; 705 } 706 } 707 } 708 if (rep) { 709 sctp_print_audit_report(); 710 } 711 } 712 713 void 714 sctp_audit_log(uint8_t ev, uint8_t fd) 715 { 716 717 sctp_audit_data[sctp_audit_indx][0] = ev; 718 sctp_audit_data[sctp_audit_indx][1] = fd; 719 sctp_audit_indx++; 720 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 721 sctp_audit_indx = 0; 722 } 723 } 724 725 #endif 726 727 /* 728 * a list of sizes based on typical mtu's, used only if next hop size not 729 * returned. 730 */ 731 static int sctp_mtu_sizes[] = { 732 68, 733 296, 734 508, 735 512, 736 544, 737 576, 738 1006, 739 1492, 740 1500, 741 1536, 742 2002, 743 2048, 744 4352, 745 4464, 746 8166, 747 17914, 748 32000, 749 65535 750 }; 751 752 void 753 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 754 { 755 struct sctp_association *asoc; 756 struct sctp_nets *net; 757 758 asoc = &stcb->asoc; 759 760 (void)SCTP_OS_TIMER_STOP(&asoc->hb_timer.timer); 761 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 762 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 763 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 764 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 765 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 766 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 767 (void)SCTP_OS_TIMER_STOP(&net->fr_timer.timer); 768 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 769 } 770 } 771 772 int 773 find_next_best_mtu(int totsz) 774 { 775 int i, perfer; 776 777 /* 778 * if we are in here we must find the next best fit based on the 779 * size of the dg that failed to be sent. 780 */ 781 perfer = 0; 782 for (i = 0; i < NUMBER_OF_MTU_SIZES; i++) { 783 if (totsz < sctp_mtu_sizes[i]) { 784 perfer = i - 1; 785 if (perfer < 0) 786 perfer = 0; 787 break; 788 } 789 } 790 return (sctp_mtu_sizes[perfer]); 791 } 792 793 void 794 sctp_fill_random_store(struct sctp_pcb *m) 795 { 796 /* 797 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 798 * our counter. The result becomes our good random numbers and we 799 * then setup to give these out. Note that we do no locking to 800 * protect this. This is ok, since if competing folks call this we 801 * will get more gobbled gook in the random store which is what we 802 * want. There is a danger that two guys will use the same random 803 * numbers, but thats ok too since that is random as well :-> 804 */ 805 m->store_at = 0; 806 (void)sctp_hmac(SCTP_HMAC, (uint8_t *) m->random_numbers, 807 sizeof(m->random_numbers), (uint8_t *) & m->random_counter, 808 sizeof(m->random_counter), (uint8_t *) m->random_store); 809 m->random_counter++; 810 } 811 812 uint32_t 813 sctp_select_initial_TSN(struct sctp_pcb *inp) 814 { 815 /* 816 * A true implementation should use random selection process to get 817 * the initial stream sequence number, using RFC1750 as a good 818 * guideline 819 */ 820 uint32_t x, *xp; 821 uint8_t *p; 822 int store_at, new_store; 823 824 if (inp->initial_sequence_debug != 0) { 825 uint32_t ret; 826 827 ret = inp->initial_sequence_debug; 828 inp->initial_sequence_debug++; 829 return (ret); 830 } 831 retry: 832 store_at = inp->store_at; 833 new_store = store_at + sizeof(uint32_t); 834 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) { 835 new_store = 0; 836 } 837 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) { 838 goto retry; 839 } 840 if (new_store == 0) { 841 /* Refill the random store */ 842 sctp_fill_random_store(inp); 843 } 844 p = &inp->random_store[store_at]; 845 xp = (uint32_t *) p; 846 x = *xp; 847 return (x); 848 } 849 850 uint32_t 851 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int save_in_twait) 852 { 853 uint32_t x, not_done; 854 struct timeval now; 855 856 (void)SCTP_GETTIME_TIMEVAL(&now); 857 not_done = 1; 858 while (not_done) { 859 x = sctp_select_initial_TSN(&inp->sctp_ep); 860 if (x == 0) { 861 /* we never use 0 */ 862 continue; 863 } 864 if (sctp_is_vtag_good(inp, x, lport, rport, &now, save_in_twait)) { 865 not_done = 0; 866 } 867 } 868 return (x); 869 } 870 871 int 872 sctp_init_asoc(struct sctp_inpcb *m, struct sctp_tcb *stcb, 873 uint32_t override_tag, uint32_t vrf_id) 874 { 875 struct sctp_association *asoc; 876 877 /* 878 * Anything set to zero is taken care of by the allocation routine's 879 * bzero 880 */ 881 882 /* 883 * Up front select what scoping to apply on addresses I tell my peer 884 * Not sure what to do with these right now, we will need to come up 885 * with a way to set them. We may need to pass them through from the 886 * caller in the sctp_aloc_assoc() function. 887 */ 888 int i; 889 890 asoc = &stcb->asoc; 891 /* init all variables to a known value. */ 892 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_INUSE); 893 asoc->max_burst = m->sctp_ep.max_burst; 894 asoc->heart_beat_delay = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 895 asoc->cookie_life = m->sctp_ep.def_cookie_life; 896 asoc->sctp_cmt_on_off = (uint8_t) SCTP_BASE_SYSCTL(sctp_cmt_on_off); 897 /* EY Init nr_sack variable */ 898 asoc->sctp_nr_sack_on_off = (uint8_t) SCTP_BASE_SYSCTL(sctp_nr_sack_on_off); 899 /* JRS 5/21/07 - Init CMT PF variables */ 900 asoc->sctp_cmt_pf = (uint8_t) SCTP_BASE_SYSCTL(sctp_cmt_pf); 901 asoc->sctp_frag_point = m->sctp_frag_point; 902 #ifdef INET 903 asoc->default_tos = m->ip_inp.inp.inp_ip_tos; 904 #else 905 asoc->default_tos = 0; 906 #endif 907 908 #ifdef INET6 909 asoc->default_flowlabel = ((struct in6pcb *)m)->in6p_flowinfo; 910 #else 911 asoc->default_flowlabel = 0; 912 #endif 913 asoc->sb_send_resv = 0; 914 if (override_tag) { 915 asoc->my_vtag = override_tag; 916 } else { 917 asoc->my_vtag = sctp_select_a_tag(m, stcb->sctp_ep->sctp_lport, stcb->rport, 1); 918 } 919 /* Get the nonce tags */ 920 asoc->my_vtag_nonce = sctp_select_a_tag(m, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 921 asoc->peer_vtag_nonce = sctp_select_a_tag(m, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 922 asoc->vrf_id = vrf_id; 923 924 if (sctp_is_feature_on(m, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) 925 asoc->hb_is_disabled = 1; 926 else 927 asoc->hb_is_disabled = 0; 928 929 #ifdef SCTP_ASOCLOG_OF_TSNS 930 asoc->tsn_in_at = 0; 931 asoc->tsn_out_at = 0; 932 asoc->tsn_in_wrapped = 0; 933 asoc->tsn_out_wrapped = 0; 934 asoc->cumack_log_at = 0; 935 asoc->cumack_log_atsnt = 0; 936 #endif 937 #ifdef SCTP_FS_SPEC_LOG 938 asoc->fs_index = 0; 939 #endif 940 asoc->refcnt = 0; 941 asoc->assoc_up_sent = 0; 942 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 943 sctp_select_initial_TSN(&m->sctp_ep); 944 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; 945 /* we are optimisitic here */ 946 asoc->peer_supports_pktdrop = 1; 947 asoc->peer_supports_nat = 0; 948 asoc->sent_queue_retran_cnt = 0; 949 950 /* for CMT */ 951 asoc->last_net_cmt_send_started = NULL; 952 953 /* This will need to be adjusted */ 954 asoc->last_cwr_tsn = asoc->init_seq_number - 1; 955 asoc->last_acked_seq = asoc->init_seq_number - 1; 956 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 957 asoc->asconf_seq_in = asoc->last_acked_seq; 958 959 /* here we are different, we hold the next one we expect */ 960 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 961 962 asoc->initial_init_rto_max = m->sctp_ep.initial_init_rto_max; 963 asoc->initial_rto = m->sctp_ep.initial_rto; 964 965 asoc->max_init_times = m->sctp_ep.max_init_times; 966 asoc->max_send_times = m->sctp_ep.max_send_times; 967 asoc->def_net_failure = m->sctp_ep.def_net_failure; 968 asoc->free_chunk_cnt = 0; 969 970 asoc->iam_blocking = 0; 971 /* ECN Nonce initialization */ 972 asoc->context = m->sctp_context; 973 asoc->def_send = m->def_send; 974 asoc->ecn_nonce_allowed = 0; 975 asoc->receiver_nonce_sum = 1; 976 asoc->nonce_sum_expect_base = 1; 977 asoc->nonce_sum_check = 1; 978 asoc->nonce_resync_tsn = 0; 979 asoc->nonce_wait_for_ecne = 0; 980 asoc->nonce_wait_tsn = 0; 981 asoc->delayed_ack = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 982 asoc->sack_freq = m->sctp_ep.sctp_sack_freq; 983 asoc->pr_sctp_cnt = 0; 984 asoc->total_output_queue_size = 0; 985 986 if (m->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 987 struct in6pcb *inp6; 988 989 /* Its a V6 socket */ 990 inp6 = (struct in6pcb *)m; 991 asoc->ipv6_addr_legal = 1; 992 /* Now look at the binding flag to see if V4 will be legal */ 993 if (SCTP_IPV6_V6ONLY(inp6) == 0) { 994 asoc->ipv4_addr_legal = 1; 995 } else { 996 /* V4 addresses are NOT legal on the association */ 997 asoc->ipv4_addr_legal = 0; 998 } 999 } else { 1000 /* Its a V4 socket, no - V6 */ 1001 asoc->ipv4_addr_legal = 1; 1002 asoc->ipv6_addr_legal = 0; 1003 } 1004 1005 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(m->sctp_socket), SCTP_MINIMAL_RWND); 1006 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(m->sctp_socket); 1007 1008 asoc->smallest_mtu = m->sctp_frag_point; 1009 #ifdef SCTP_PRINT_FOR_B_AND_M 1010 SCTP_PRINTF("smallest_mtu init'd with asoc to :%d\n", 1011 asoc->smallest_mtu); 1012 #endif 1013 asoc->minrto = m->sctp_ep.sctp_minrto; 1014 asoc->maxrto = m->sctp_ep.sctp_maxrto; 1015 1016 asoc->locked_on_sending = NULL; 1017 asoc->stream_locked_on = 0; 1018 asoc->ecn_echo_cnt_onq = 0; 1019 asoc->stream_locked = 0; 1020 1021 asoc->send_sack = 1; 1022 1023 LIST_INIT(&asoc->sctp_restricted_addrs); 1024 1025 TAILQ_INIT(&asoc->nets); 1026 TAILQ_INIT(&asoc->pending_reply_queue); 1027 TAILQ_INIT(&asoc->asconf_ack_sent); 1028 /* Setup to fill the hb random cache at first HB */ 1029 asoc->hb_random_idx = 4; 1030 1031 asoc->sctp_autoclose_ticks = m->sctp_ep.auto_close_time; 1032 1033 /* 1034 * JRS - Pick the default congestion control module based on the 1035 * sysctl. 1036 */ 1037 switch (m->sctp_ep.sctp_default_cc_module) { 1038 /* JRS - Standard TCP congestion control */ 1039 case SCTP_CC_RFC2581: 1040 { 1041 stcb->asoc.congestion_control_module = SCTP_CC_RFC2581; 1042 stcb->asoc.cc_functions.sctp_set_initial_cc_param = &sctp_set_initial_cc_param; 1043 stcb->asoc.cc_functions.sctp_cwnd_update_after_sack = &sctp_cwnd_update_after_sack; 1044 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr = &sctp_cwnd_update_after_fr; 1045 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout = &sctp_cwnd_update_after_timeout; 1046 stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo = &sctp_cwnd_update_after_ecn_echo; 1047 stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped = &sctp_cwnd_update_after_packet_dropped; 1048 stcb->asoc.cc_functions.sctp_cwnd_update_after_output = &sctp_cwnd_update_after_output; 1049 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr_timer = &sctp_cwnd_update_after_fr_timer; 1050 break; 1051 } 1052 /* JRS - High Speed TCP congestion control (Floyd) */ 1053 case SCTP_CC_HSTCP: 1054 { 1055 stcb->asoc.congestion_control_module = SCTP_CC_HSTCP; 1056 stcb->asoc.cc_functions.sctp_set_initial_cc_param = &sctp_set_initial_cc_param; 1057 stcb->asoc.cc_functions.sctp_cwnd_update_after_sack = &sctp_hs_cwnd_update_after_sack; 1058 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr = &sctp_hs_cwnd_update_after_fr; 1059 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout = &sctp_cwnd_update_after_timeout; 1060 stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo = &sctp_cwnd_update_after_ecn_echo; 1061 stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped = &sctp_cwnd_update_after_packet_dropped; 1062 stcb->asoc.cc_functions.sctp_cwnd_update_after_output = &sctp_cwnd_update_after_output; 1063 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr_timer = &sctp_cwnd_update_after_fr_timer; 1064 break; 1065 } 1066 /* JRS - HTCP congestion control */ 1067 case SCTP_CC_HTCP: 1068 { 1069 stcb->asoc.congestion_control_module = SCTP_CC_HTCP; 1070 stcb->asoc.cc_functions.sctp_set_initial_cc_param = &sctp_htcp_set_initial_cc_param; 1071 stcb->asoc.cc_functions.sctp_cwnd_update_after_sack = &sctp_htcp_cwnd_update_after_sack; 1072 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr = &sctp_htcp_cwnd_update_after_fr; 1073 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout = &sctp_htcp_cwnd_update_after_timeout; 1074 stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo = &sctp_htcp_cwnd_update_after_ecn_echo; 1075 stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped = &sctp_cwnd_update_after_packet_dropped; 1076 stcb->asoc.cc_functions.sctp_cwnd_update_after_output = &sctp_cwnd_update_after_output; 1077 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr_timer = &sctp_htcp_cwnd_update_after_fr_timer; 1078 break; 1079 } 1080 /* JRS - By default, use RFC2581 */ 1081 default: 1082 { 1083 stcb->asoc.congestion_control_module = SCTP_CC_RFC2581; 1084 stcb->asoc.cc_functions.sctp_set_initial_cc_param = &sctp_set_initial_cc_param; 1085 stcb->asoc.cc_functions.sctp_cwnd_update_after_sack = &sctp_cwnd_update_after_sack; 1086 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr = &sctp_cwnd_update_after_fr; 1087 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout = &sctp_cwnd_update_after_timeout; 1088 stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo = &sctp_cwnd_update_after_ecn_echo; 1089 stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped = &sctp_cwnd_update_after_packet_dropped; 1090 stcb->asoc.cc_functions.sctp_cwnd_update_after_output = &sctp_cwnd_update_after_output; 1091 stcb->asoc.cc_functions.sctp_cwnd_update_after_fr_timer = &sctp_cwnd_update_after_fr_timer; 1092 break; 1093 } 1094 } 1095 1096 /* 1097 * Now the stream parameters, here we allocate space for all streams 1098 * that we request by default. 1099 */ 1100 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams = 1101 m->sctp_ep.pre_open_stream_count; 1102 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1103 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1104 SCTP_M_STRMO); 1105 if (asoc->strmout == NULL) { 1106 /* big trouble no memory */ 1107 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1108 return (ENOMEM); 1109 } 1110 for (i = 0; i < asoc->streamoutcnt; i++) { 1111 /* 1112 * inbound side must be set to 0xffff, also NOTE when we get 1113 * the INIT-ACK back (for INIT sender) we MUST reduce the 1114 * count (streamoutcnt) but first check if we sent to any of 1115 * the upper streams that were dropped (if some were). Those 1116 * that were dropped must be notified to the upper layer as 1117 * failed to send. 1118 */ 1119 asoc->strmout[i].next_sequence_sent = 0x0; 1120 TAILQ_INIT(&asoc->strmout[i].outqueue); 1121 asoc->strmout[i].stream_no = i; 1122 asoc->strmout[i].last_msg_incomplete = 0; 1123 asoc->strmout[i].next_spoke.tqe_next = 0; 1124 asoc->strmout[i].next_spoke.tqe_prev = 0; 1125 } 1126 /* Now the mapping array */ 1127 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1128 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1129 SCTP_M_MAP); 1130 if (asoc->mapping_array == NULL) { 1131 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1132 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1133 return (ENOMEM); 1134 } 1135 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1136 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size, 1137 SCTP_M_MAP); 1138 if (asoc->nr_mapping_array == NULL) { 1139 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1140 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1141 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1142 return (ENOMEM); 1143 } 1144 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); 1145 1146 /* Now the init of the other outqueues */ 1147 TAILQ_INIT(&asoc->free_chunks); 1148 TAILQ_INIT(&asoc->out_wheel); 1149 TAILQ_INIT(&asoc->control_send_queue); 1150 TAILQ_INIT(&asoc->asconf_send_queue); 1151 TAILQ_INIT(&asoc->send_queue); 1152 TAILQ_INIT(&asoc->sent_queue); 1153 TAILQ_INIT(&asoc->reasmqueue); 1154 TAILQ_INIT(&asoc->resetHead); 1155 asoc->max_inbound_streams = m->sctp_ep.max_open_streams_intome; 1156 TAILQ_INIT(&asoc->asconf_queue); 1157 /* authentication fields */ 1158 asoc->authinfo.random = NULL; 1159 asoc->authinfo.active_keyid = 0; 1160 asoc->authinfo.assoc_key = NULL; 1161 asoc->authinfo.assoc_keyid = 0; 1162 asoc->authinfo.recv_key = NULL; 1163 asoc->authinfo.recv_keyid = 0; 1164 LIST_INIT(&asoc->shared_keys); 1165 asoc->marked_retrans = 0; 1166 asoc->timoinit = 0; 1167 asoc->timodata = 0; 1168 asoc->timosack = 0; 1169 asoc->timoshutdown = 0; 1170 asoc->timoheartbeat = 0; 1171 asoc->timocookie = 0; 1172 asoc->timoshutdownack = 0; 1173 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); 1174 asoc->discontinuity_time = asoc->start_time; 1175 /* 1176 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and 1177 * freed later when the association is freed. 1178 */ 1179 return (0); 1180 } 1181 1182 void 1183 sctp_print_mapping_array(struct sctp_association *asoc) 1184 { 1185 unsigned int i, limit; 1186 1187 printf("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n", 1188 asoc->mapping_array_size, 1189 asoc->mapping_array_base_tsn, 1190 asoc->cumulative_tsn, 1191 asoc->highest_tsn_inside_map, 1192 asoc->highest_tsn_inside_nr_map); 1193 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1194 if (asoc->mapping_array[limit - 1]) { 1195 break; 1196 } 1197 } 1198 printf("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1199 for (i = 0; i < limit; i++) { 1200 printf("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1201 if (((i + 1) % 16) == 0) 1202 printf("\n"); 1203 } 1204 if (limit % 16) 1205 printf("\n"); 1206 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1207 if (asoc->nr_mapping_array[limit - 1]) { 1208 break; 1209 } 1210 } 1211 printf("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1212 for (i = 0; i < limit; i++) { 1213 printf("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1214 } 1215 if (limit % 16) 1216 printf("\n"); 1217 } 1218 1219 int 1220 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) 1221 { 1222 /* mapping array needs to grow */ 1223 uint8_t *new_array1, *new_array2; 1224 uint32_t new_size; 1225 1226 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR); 1227 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP); 1228 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP); 1229 if ((new_array1 == NULL) || (new_array2 == NULL)) { 1230 /* can't get more, forget it */ 1231 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size); 1232 if (new_array1) { 1233 SCTP_FREE(new_array1, SCTP_M_MAP); 1234 } 1235 if (new_array2) { 1236 SCTP_FREE(new_array2, SCTP_M_MAP); 1237 } 1238 return (-1); 1239 } 1240 memset(new_array1, 0, new_size); 1241 memset(new_array2, 0, new_size); 1242 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size); 1243 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size); 1244 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1245 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 1246 asoc->mapping_array = new_array1; 1247 asoc->nr_mapping_array = new_array2; 1248 asoc->mapping_array_size = new_size; 1249 return (0); 1250 } 1251 1252 1253 static void 1254 sctp_iterator_work(struct sctp_iterator *it) 1255 { 1256 int iteration_count = 0; 1257 int inp_skip = 0; 1258 int first_in = 1; 1259 struct sctp_inpcb *tinp; 1260 1261 SCTP_INP_INFO_RLOCK(); 1262 SCTP_ITERATOR_LOCK(); 1263 if (it->inp) { 1264 SCTP_INP_RLOCK(it->inp); 1265 SCTP_INP_DECR_REF(it->inp); 1266 } 1267 if (it->inp == NULL) { 1268 /* iterator is complete */ 1269 done_with_iterator: 1270 SCTP_ITERATOR_UNLOCK(); 1271 SCTP_INP_INFO_RUNLOCK(); 1272 if (it->function_atend != NULL) { 1273 (*it->function_atend) (it->pointer, it->val); 1274 } 1275 SCTP_FREE(it, SCTP_M_ITER); 1276 return; 1277 } 1278 select_a_new_ep: 1279 if (first_in) { 1280 first_in = 0; 1281 } else { 1282 SCTP_INP_RLOCK(it->inp); 1283 } 1284 while (((it->pcb_flags) && 1285 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) || 1286 ((it->pcb_features) && 1287 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) { 1288 /* endpoint flags or features don't match, so keep looking */ 1289 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1290 SCTP_INP_RUNLOCK(it->inp); 1291 goto done_with_iterator; 1292 } 1293 tinp = it->inp; 1294 it->inp = LIST_NEXT(it->inp, sctp_list); 1295 SCTP_INP_RUNLOCK(tinp); 1296 if (it->inp == NULL) { 1297 goto done_with_iterator; 1298 } 1299 SCTP_INP_RLOCK(it->inp); 1300 } 1301 /* now go through each assoc which is in the desired state */ 1302 if (it->done_current_ep == 0) { 1303 if (it->function_inp != NULL) 1304 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val); 1305 it->done_current_ep = 1; 1306 } 1307 if (it->stcb == NULL) { 1308 /* run the per instance function */ 1309 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list); 1310 } 1311 if ((inp_skip) || it->stcb == NULL) { 1312 if (it->function_inp_end != NULL) { 1313 inp_skip = (*it->function_inp_end) (it->inp, 1314 it->pointer, 1315 it->val); 1316 } 1317 SCTP_INP_RUNLOCK(it->inp); 1318 goto no_stcb; 1319 } 1320 while (it->stcb) { 1321 SCTP_TCB_LOCK(it->stcb); 1322 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) { 1323 /* not in the right state... keep looking */ 1324 SCTP_TCB_UNLOCK(it->stcb); 1325 goto next_assoc; 1326 } 1327 /* see if we have limited out the iterator loop */ 1328 iteration_count++; 1329 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) { 1330 /* Pause to let others grab the lock */ 1331 atomic_add_int(&it->stcb->asoc.refcnt, 1); 1332 SCTP_TCB_UNLOCK(it->stcb); 1333 SCTP_INP_INCR_REF(it->inp); 1334 SCTP_INP_RUNLOCK(it->inp); 1335 SCTP_ITERATOR_UNLOCK(); 1336 SCTP_INP_INFO_RUNLOCK(); 1337 SCTP_INP_INFO_RLOCK(); 1338 SCTP_ITERATOR_LOCK(); 1339 if (sctp_it_ctl.iterator_flags) { 1340 /* We won't be staying here */ 1341 SCTP_INP_DECR_REF(it->inp); 1342 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1343 if (sctp_it_ctl.iterator_flags & 1344 SCTP_ITERATOR_MUST_EXIT) { 1345 goto done_with_iterator; 1346 } 1347 if (sctp_it_ctl.iterator_flags & 1348 SCTP_ITERATOR_STOP_CUR_IT) { 1349 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT; 1350 goto done_with_iterator; 1351 } 1352 if (sctp_it_ctl.iterator_flags & 1353 SCTP_ITERATOR_STOP_CUR_INP) { 1354 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP; 1355 goto no_stcb; 1356 } 1357 /* If we reach here huh? */ 1358 printf("Unknown it ctl flag %x\n", 1359 sctp_it_ctl.iterator_flags); 1360 sctp_it_ctl.iterator_flags = 0; 1361 } 1362 SCTP_INP_RLOCK(it->inp); 1363 SCTP_INP_DECR_REF(it->inp); 1364 SCTP_TCB_LOCK(it->stcb); 1365 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1366 iteration_count = 0; 1367 } 1368 /* run function on this one */ 1369 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val); 1370 1371 /* 1372 * we lie here, it really needs to have its own type but 1373 * first I must verify that this won't effect things :-0 1374 */ 1375 if (it->no_chunk_output == 0) 1376 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1377 1378 SCTP_TCB_UNLOCK(it->stcb); 1379 next_assoc: 1380 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist); 1381 if (it->stcb == NULL) { 1382 /* Run last function */ 1383 if (it->function_inp_end != NULL) { 1384 inp_skip = (*it->function_inp_end) (it->inp, 1385 it->pointer, 1386 it->val); 1387 } 1388 } 1389 } 1390 SCTP_INP_RUNLOCK(it->inp); 1391 no_stcb: 1392 /* done with all assocs on this endpoint, move on to next endpoint */ 1393 it->done_current_ep = 0; 1394 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1395 it->inp = NULL; 1396 } else { 1397 it->inp = LIST_NEXT(it->inp, sctp_list); 1398 } 1399 if (it->inp == NULL) { 1400 goto done_with_iterator; 1401 } 1402 goto select_a_new_ep; 1403 } 1404 1405 void 1406 sctp_iterator_worker(void) 1407 { 1408 struct sctp_iterator *it = NULL; 1409 1410 /* This function is called with the WQ lock in place */ 1411 1412 sctp_it_ctl.iterator_running = 1; 1413 sctp_it_ctl.cur_it = it = TAILQ_FIRST(&sctp_it_ctl.iteratorhead); 1414 while (it) { 1415 /* now lets work on this one */ 1416 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 1417 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 1418 CURVNET_SET(it->vn); 1419 sctp_iterator_work(it); 1420 1421 CURVNET_RESTORE(); 1422 SCTP_IPI_ITERATOR_WQ_LOCK(); 1423 if (sctp_it_ctl.iterator_flags & SCTP_ITERATOR_MUST_EXIT) { 1424 sctp_it_ctl.cur_it = NULL; 1425 break; 1426 } 1427 /* sa_ignore FREED_MEMORY */ 1428 sctp_it_ctl.cur_it = it = TAILQ_FIRST(&sctp_it_ctl.iteratorhead); 1429 } 1430 sctp_it_ctl.iterator_running = 0; 1431 return; 1432 } 1433 1434 1435 static void 1436 sctp_handle_addr_wq(void) 1437 { 1438 /* deal with the ADDR wq from the rtsock calls */ 1439 struct sctp_laddr *wi; 1440 struct sctp_asconf_iterator *asc; 1441 1442 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 1443 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT); 1444 if (asc == NULL) { 1445 /* Try later, no memory */ 1446 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1447 (struct sctp_inpcb *)NULL, 1448 (struct sctp_tcb *)NULL, 1449 (struct sctp_nets *)NULL); 1450 return; 1451 } 1452 LIST_INIT(&asc->list_of_work); 1453 asc->cnt = 0; 1454 1455 SCTP_WQ_ADDR_LOCK(); 1456 wi = LIST_FIRST(&SCTP_BASE_INFO(addr_wq)); 1457 while (wi != NULL) { 1458 LIST_REMOVE(wi, sctp_nxt_addr); 1459 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 1460 asc->cnt++; 1461 wi = LIST_FIRST(&SCTP_BASE_INFO(addr_wq)); 1462 } 1463 SCTP_WQ_ADDR_UNLOCK(); 1464 1465 if (asc->cnt == 0) { 1466 SCTP_FREE(asc, SCTP_M_ASC_IT); 1467 } else { 1468 (void)sctp_initiate_iterator(sctp_asconf_iterator_ep, 1469 sctp_asconf_iterator_stcb, 1470 NULL, /* No ep end for boundall */ 1471 SCTP_PCB_FLAGS_BOUNDALL, 1472 SCTP_PCB_ANY_FEATURES, 1473 SCTP_ASOC_ANY_STATE, 1474 (void *)asc, 0, 1475 sctp_asconf_iterator_end, NULL, 0); 1476 } 1477 } 1478 1479 int retcode = 0; 1480 int cur_oerr = 0; 1481 1482 void 1483 sctp_timeout_handler(void *t) 1484 { 1485 struct sctp_inpcb *inp; 1486 struct sctp_tcb *stcb; 1487 struct sctp_nets *net; 1488 struct sctp_timer *tmr; 1489 1490 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1491 struct socket *so; 1492 1493 #endif 1494 int did_output, type; 1495 1496 tmr = (struct sctp_timer *)t; 1497 inp = (struct sctp_inpcb *)tmr->ep; 1498 stcb = (struct sctp_tcb *)tmr->tcb; 1499 net = (struct sctp_nets *)tmr->net; 1500 CURVNET_SET((struct vnet *)tmr->vnet); 1501 did_output = 1; 1502 1503 #ifdef SCTP_AUDITING_ENABLED 1504 sctp_audit_log(0xF0, (uint8_t) tmr->type); 1505 sctp_auditing(3, inp, stcb, net); 1506 #endif 1507 1508 /* sanity checks... */ 1509 if (tmr->self != (void *)tmr) { 1510 /* 1511 * SCTP_PRINTF("Stale SCTP timer fired (%p), ignoring...\n", 1512 * tmr); 1513 */ 1514 CURVNET_RESTORE(); 1515 return; 1516 } 1517 tmr->stopped_from = 0xa001; 1518 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1519 /* 1520 * SCTP_PRINTF("SCTP timer fired with invalid type: 0x%x\n", 1521 * tmr->type); 1522 */ 1523 CURVNET_RESTORE(); 1524 return; 1525 } 1526 tmr->stopped_from = 0xa002; 1527 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1528 CURVNET_RESTORE(); 1529 return; 1530 } 1531 /* if this is an iterator timeout, get the struct and clear inp */ 1532 tmr->stopped_from = 0xa003; 1533 type = tmr->type; 1534 if (inp) { 1535 SCTP_INP_INCR_REF(inp); 1536 if ((inp->sctp_socket == 0) && 1537 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1538 (tmr->type != SCTP_TIMER_TYPE_INIT) && 1539 (tmr->type != SCTP_TIMER_TYPE_SEND) && 1540 (tmr->type != SCTP_TIMER_TYPE_RECV) && 1541 (tmr->type != SCTP_TIMER_TYPE_HEARTBEAT) && 1542 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1543 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1544 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1545 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL)) 1546 ) { 1547 SCTP_INP_DECR_REF(inp); 1548 CURVNET_RESTORE(); 1549 return; 1550 } 1551 } 1552 tmr->stopped_from = 0xa004; 1553 if (stcb) { 1554 atomic_add_int(&stcb->asoc.refcnt, 1); 1555 if (stcb->asoc.state == 0) { 1556 atomic_add_int(&stcb->asoc.refcnt, -1); 1557 if (inp) { 1558 SCTP_INP_DECR_REF(inp); 1559 } 1560 CURVNET_RESTORE(); 1561 return; 1562 } 1563 } 1564 tmr->stopped_from = 0xa005; 1565 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer type %d goes off\n", tmr->type); 1566 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1567 if (inp) { 1568 SCTP_INP_DECR_REF(inp); 1569 } 1570 if (stcb) { 1571 atomic_add_int(&stcb->asoc.refcnt, -1); 1572 } 1573 CURVNET_RESTORE(); 1574 return; 1575 } 1576 tmr->stopped_from = 0xa006; 1577 1578 if (stcb) { 1579 SCTP_TCB_LOCK(stcb); 1580 atomic_add_int(&stcb->asoc.refcnt, -1); 1581 if ((tmr->type != SCTP_TIMER_TYPE_ASOCKILL) && 1582 ((stcb->asoc.state == 0) || 1583 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) { 1584 SCTP_TCB_UNLOCK(stcb); 1585 if (inp) { 1586 SCTP_INP_DECR_REF(inp); 1587 } 1588 CURVNET_RESTORE(); 1589 return; 1590 } 1591 } 1592 /* record in stopped what t-o occured */ 1593 tmr->stopped_from = tmr->type; 1594 1595 /* mark as being serviced now */ 1596 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1597 /* 1598 * Callout has been rescheduled. 1599 */ 1600 goto get_out; 1601 } 1602 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1603 /* 1604 * Not active, so no action. 1605 */ 1606 goto get_out; 1607 } 1608 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1609 1610 /* call the handler for the appropriate timer type */ 1611 switch (tmr->type) { 1612 case SCTP_TIMER_TYPE_ZERO_COPY: 1613 if (inp == NULL) { 1614 break; 1615 } 1616 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { 1617 SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); 1618 } 1619 break; 1620 case SCTP_TIMER_TYPE_ZCOPY_SENDQ: 1621 if (inp == NULL) { 1622 break; 1623 } 1624 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { 1625 SCTP_ZERO_COPY_SENDQ_EVENT(inp, inp->sctp_socket); 1626 } 1627 break; 1628 case SCTP_TIMER_TYPE_ADDR_WQ: 1629 sctp_handle_addr_wq(); 1630 break; 1631 case SCTP_TIMER_TYPE_SEND: 1632 if ((stcb == NULL) || (inp == NULL)) { 1633 break; 1634 } 1635 SCTP_STAT_INCR(sctps_timodata); 1636 stcb->asoc.timodata++; 1637 stcb->asoc.num_send_timers_up--; 1638 if (stcb->asoc.num_send_timers_up < 0) { 1639 stcb->asoc.num_send_timers_up = 0; 1640 } 1641 SCTP_TCB_LOCK_ASSERT(stcb); 1642 cur_oerr = stcb->asoc.overall_error_count; 1643 retcode = sctp_t3rxt_timer(inp, stcb, net); 1644 if (retcode) { 1645 /* no need to unlock on tcb its gone */ 1646 1647 goto out_decr; 1648 } 1649 SCTP_TCB_LOCK_ASSERT(stcb); 1650 #ifdef SCTP_AUDITING_ENABLED 1651 sctp_auditing(4, inp, stcb, net); 1652 #endif 1653 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1654 if ((stcb->asoc.num_send_timers_up == 0) && 1655 (stcb->asoc.sent_queue_cnt > 0) 1656 ) { 1657 struct sctp_tmit_chunk *chk; 1658 1659 /* 1660 * safeguard. If there on some on the sent queue 1661 * somewhere but no timers running something is 1662 * wrong... so we start a timer on the first chunk 1663 * on the send queue on whatever net it is sent to. 1664 */ 1665 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1666 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1667 chk->whoTo); 1668 } 1669 break; 1670 case SCTP_TIMER_TYPE_INIT: 1671 if ((stcb == NULL) || (inp == NULL)) { 1672 break; 1673 } 1674 SCTP_STAT_INCR(sctps_timoinit); 1675 stcb->asoc.timoinit++; 1676 if (sctp_t1init_timer(inp, stcb, net)) { 1677 /* no need to unlock on tcb its gone */ 1678 goto out_decr; 1679 } 1680 /* We do output but not here */ 1681 did_output = 0; 1682 break; 1683 case SCTP_TIMER_TYPE_RECV: 1684 if ((stcb == NULL) || (inp == NULL)) { 1685 break; 1686 } { 1687 SCTP_STAT_INCR(sctps_timosack); 1688 stcb->asoc.timosack++; 1689 sctp_send_sack(stcb); 1690 } 1691 #ifdef SCTP_AUDITING_ENABLED 1692 sctp_auditing(4, inp, stcb, net); 1693 #endif 1694 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED); 1695 break; 1696 case SCTP_TIMER_TYPE_SHUTDOWN: 1697 if ((stcb == NULL) || (inp == NULL)) { 1698 break; 1699 } 1700 if (sctp_shutdown_timer(inp, stcb, net)) { 1701 /* no need to unlock on tcb its gone */ 1702 goto out_decr; 1703 } 1704 SCTP_STAT_INCR(sctps_timoshutdown); 1705 stcb->asoc.timoshutdown++; 1706 #ifdef SCTP_AUDITING_ENABLED 1707 sctp_auditing(4, inp, stcb, net); 1708 #endif 1709 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED); 1710 break; 1711 case SCTP_TIMER_TYPE_HEARTBEAT: 1712 { 1713 struct sctp_nets *lnet; 1714 int cnt_of_unconf = 0; 1715 1716 if ((stcb == NULL) || (inp == NULL)) { 1717 break; 1718 } 1719 SCTP_STAT_INCR(sctps_timoheartbeat); 1720 stcb->asoc.timoheartbeat++; 1721 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 1722 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 1723 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 1724 cnt_of_unconf++; 1725 } 1726 } 1727 if (cnt_of_unconf == 0) { 1728 if (sctp_heartbeat_timer(inp, stcb, lnet, 1729 cnt_of_unconf)) { 1730 /* no need to unlock on tcb its gone */ 1731 goto out_decr; 1732 } 1733 } 1734 #ifdef SCTP_AUDITING_ENABLED 1735 sctp_auditing(4, inp, stcb, lnet); 1736 #endif 1737 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, 1738 stcb->sctp_ep, stcb, lnet); 1739 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED); 1740 } 1741 break; 1742 case SCTP_TIMER_TYPE_COOKIE: 1743 if ((stcb == NULL) || (inp == NULL)) { 1744 break; 1745 } 1746 if (sctp_cookie_timer(inp, stcb, net)) { 1747 /* no need to unlock on tcb its gone */ 1748 goto out_decr; 1749 } 1750 SCTP_STAT_INCR(sctps_timocookie); 1751 stcb->asoc.timocookie++; 1752 #ifdef SCTP_AUDITING_ENABLED 1753 sctp_auditing(4, inp, stcb, net); 1754 #endif 1755 /* 1756 * We consider T3 and Cookie timer pretty much the same with 1757 * respect to where from in chunk_output. 1758 */ 1759 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1760 break; 1761 case SCTP_TIMER_TYPE_NEWCOOKIE: 1762 { 1763 struct timeval tv; 1764 int i, secret; 1765 1766 if (inp == NULL) { 1767 break; 1768 } 1769 SCTP_STAT_INCR(sctps_timosecret); 1770 (void)SCTP_GETTIME_TIMEVAL(&tv); 1771 SCTP_INP_WLOCK(inp); 1772 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1773 inp->sctp_ep.last_secret_number = 1774 inp->sctp_ep.current_secret_number; 1775 inp->sctp_ep.current_secret_number++; 1776 if (inp->sctp_ep.current_secret_number >= 1777 SCTP_HOW_MANY_SECRETS) { 1778 inp->sctp_ep.current_secret_number = 0; 1779 } 1780 secret = (int)inp->sctp_ep.current_secret_number; 1781 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1782 inp->sctp_ep.secret_key[secret][i] = 1783 sctp_select_initial_TSN(&inp->sctp_ep); 1784 } 1785 SCTP_INP_WUNLOCK(inp); 1786 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1787 } 1788 did_output = 0; 1789 break; 1790 case SCTP_TIMER_TYPE_PATHMTURAISE: 1791 if ((stcb == NULL) || (inp == NULL)) { 1792 break; 1793 } 1794 SCTP_STAT_INCR(sctps_timopathmtu); 1795 sctp_pathmtu_timer(inp, stcb, net); 1796 did_output = 0; 1797 break; 1798 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1799 if ((stcb == NULL) || (inp == NULL)) { 1800 break; 1801 } 1802 if (sctp_shutdownack_timer(inp, stcb, net)) { 1803 /* no need to unlock on tcb its gone */ 1804 goto out_decr; 1805 } 1806 SCTP_STAT_INCR(sctps_timoshutdownack); 1807 stcb->asoc.timoshutdownack++; 1808 #ifdef SCTP_AUDITING_ENABLED 1809 sctp_auditing(4, inp, stcb, net); 1810 #endif 1811 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED); 1812 break; 1813 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1814 if ((stcb == NULL) || (inp == NULL)) { 1815 break; 1816 } 1817 SCTP_STAT_INCR(sctps_timoshutdownguard); 1818 sctp_abort_an_association(inp, stcb, 1819 SCTP_SHUTDOWN_GUARD_EXPIRES, NULL, SCTP_SO_NOT_LOCKED); 1820 /* no need to unlock on tcb its gone */ 1821 goto out_decr; 1822 1823 case SCTP_TIMER_TYPE_STRRESET: 1824 if ((stcb == NULL) || (inp == NULL)) { 1825 break; 1826 } 1827 if (sctp_strreset_timer(inp, stcb, net)) { 1828 /* no need to unlock on tcb its gone */ 1829 goto out_decr; 1830 } 1831 SCTP_STAT_INCR(sctps_timostrmrst); 1832 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED); 1833 break; 1834 case SCTP_TIMER_TYPE_EARLYFR: 1835 /* Need to do FR of things for net */ 1836 if ((stcb == NULL) || (inp == NULL)) { 1837 break; 1838 } 1839 SCTP_STAT_INCR(sctps_timoearlyfr); 1840 sctp_early_fr_timer(inp, stcb, net); 1841 break; 1842 case SCTP_TIMER_TYPE_ASCONF: 1843 if ((stcb == NULL) || (inp == NULL)) { 1844 break; 1845 } 1846 if (sctp_asconf_timer(inp, stcb, net)) { 1847 /* no need to unlock on tcb its gone */ 1848 goto out_decr; 1849 } 1850 SCTP_STAT_INCR(sctps_timoasconf); 1851 #ifdef SCTP_AUDITING_ENABLED 1852 sctp_auditing(4, inp, stcb, net); 1853 #endif 1854 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED); 1855 break; 1856 case SCTP_TIMER_TYPE_PRIM_DELETED: 1857 if ((stcb == NULL) || (inp == NULL)) { 1858 break; 1859 } 1860 sctp_delete_prim_timer(inp, stcb, net); 1861 SCTP_STAT_INCR(sctps_timodelprim); 1862 break; 1863 1864 case SCTP_TIMER_TYPE_AUTOCLOSE: 1865 if ((stcb == NULL) || (inp == NULL)) { 1866 break; 1867 } 1868 SCTP_STAT_INCR(sctps_timoautoclose); 1869 sctp_autoclose_timer(inp, stcb, net); 1870 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED); 1871 did_output = 0; 1872 break; 1873 case SCTP_TIMER_TYPE_ASOCKILL: 1874 if ((stcb == NULL) || (inp == NULL)) { 1875 break; 1876 } 1877 SCTP_STAT_INCR(sctps_timoassockill); 1878 /* Can we free it yet? */ 1879 SCTP_INP_DECR_REF(inp); 1880 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1881 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1882 so = SCTP_INP_SO(inp); 1883 atomic_add_int(&stcb->asoc.refcnt, 1); 1884 SCTP_TCB_UNLOCK(stcb); 1885 SCTP_SOCKET_LOCK(so, 1); 1886 SCTP_TCB_LOCK(stcb); 1887 atomic_subtract_int(&stcb->asoc.refcnt, 1); 1888 #endif 1889 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1890 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1891 SCTP_SOCKET_UNLOCK(so, 1); 1892 #endif 1893 /* 1894 * free asoc, always unlocks (or destroy's) so prevent 1895 * duplicate unlock or unlock of a free mtx :-0 1896 */ 1897 stcb = NULL; 1898 goto out_no_decr; 1899 case SCTP_TIMER_TYPE_INPKILL: 1900 SCTP_STAT_INCR(sctps_timoinpkill); 1901 if (inp == NULL) { 1902 break; 1903 } 1904 /* 1905 * special case, take away our increment since WE are the 1906 * killer 1907 */ 1908 SCTP_INP_DECR_REF(inp); 1909 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1910 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 1911 SCTP_CALLED_FROM_INPKILL_TIMER); 1912 inp = NULL; 1913 goto out_no_decr; 1914 default: 1915 SCTPDBG(SCTP_DEBUG_TIMER1, "sctp_timeout_handler:unknown timer %d\n", 1916 tmr->type); 1917 break; 1918 }; 1919 #ifdef SCTP_AUDITING_ENABLED 1920 sctp_audit_log(0xF1, (uint8_t) tmr->type); 1921 if (inp) 1922 sctp_auditing(5, inp, stcb, net); 1923 #endif 1924 if ((did_output) && stcb) { 1925 /* 1926 * Now we need to clean up the control chunk chain if an 1927 * ECNE is on it. It must be marked as UNSENT again so next 1928 * call will continue to send it until such time that we get 1929 * a CWR, to remove it. It is, however, less likely that we 1930 * will find a ecn echo on the chain though. 1931 */ 1932 sctp_fix_ecn_echo(&stcb->asoc); 1933 } 1934 get_out: 1935 if (stcb) { 1936 SCTP_TCB_UNLOCK(stcb); 1937 } 1938 out_decr: 1939 if (inp) { 1940 SCTP_INP_DECR_REF(inp); 1941 } 1942 out_no_decr: 1943 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer now complete (type %d)\n", 1944 type); 1945 CURVNET_RESTORE(); 1946 } 1947 1948 void 1949 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1950 struct sctp_nets *net) 1951 { 1952 int to_ticks; 1953 struct sctp_timer *tmr; 1954 1955 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) 1956 return; 1957 1958 to_ticks = 0; 1959 1960 tmr = NULL; 1961 if (stcb) { 1962 SCTP_TCB_LOCK_ASSERT(stcb); 1963 } 1964 switch (t_type) { 1965 case SCTP_TIMER_TYPE_ZERO_COPY: 1966 tmr = &inp->sctp_ep.zero_copy_timer; 1967 to_ticks = SCTP_ZERO_COPY_TICK_DELAY; 1968 break; 1969 case SCTP_TIMER_TYPE_ZCOPY_SENDQ: 1970 tmr = &inp->sctp_ep.zero_copy_sendq_timer; 1971 to_ticks = SCTP_ZERO_COPY_SENDQ_TICK_DELAY; 1972 break; 1973 case SCTP_TIMER_TYPE_ADDR_WQ: 1974 /* Only 1 tick away :-) */ 1975 tmr = &SCTP_BASE_INFO(addr_wq_timer); 1976 to_ticks = SCTP_ADDRESS_TICK_DELAY; 1977 break; 1978 case SCTP_TIMER_TYPE_SEND: 1979 /* Here we use the RTO timer */ 1980 { 1981 int rto_val; 1982 1983 if ((stcb == NULL) || (net == NULL)) { 1984 return; 1985 } 1986 tmr = &net->rxt_timer; 1987 if (net->RTO == 0) { 1988 rto_val = stcb->asoc.initial_rto; 1989 } else { 1990 rto_val = net->RTO; 1991 } 1992 to_ticks = MSEC_TO_TICKS(rto_val); 1993 } 1994 break; 1995 case SCTP_TIMER_TYPE_INIT: 1996 /* 1997 * Here we use the INIT timer default usually about 1 1998 * minute. 1999 */ 2000 if ((stcb == NULL) || (net == NULL)) { 2001 return; 2002 } 2003 tmr = &net->rxt_timer; 2004 if (net->RTO == 0) { 2005 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2006 } else { 2007 to_ticks = MSEC_TO_TICKS(net->RTO); 2008 } 2009 break; 2010 case SCTP_TIMER_TYPE_RECV: 2011 /* 2012 * Here we use the Delayed-Ack timer value from the inp 2013 * ususually about 200ms. 2014 */ 2015 if (stcb == NULL) { 2016 return; 2017 } 2018 tmr = &stcb->asoc.dack_timer; 2019 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 2020 break; 2021 case SCTP_TIMER_TYPE_SHUTDOWN: 2022 /* Here we use the RTO of the destination. */ 2023 if ((stcb == NULL) || (net == NULL)) { 2024 return; 2025 } 2026 if (net->RTO == 0) { 2027 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2028 } else { 2029 to_ticks = MSEC_TO_TICKS(net->RTO); 2030 } 2031 tmr = &net->rxt_timer; 2032 break; 2033 case SCTP_TIMER_TYPE_HEARTBEAT: 2034 /* 2035 * the net is used here so that we can add in the RTO. Even 2036 * though we use a different timer. We also add the HB timer 2037 * PLUS a random jitter. 2038 */ 2039 if ((inp == NULL) || (stcb == NULL)) { 2040 return; 2041 } else { 2042 uint32_t rndval; 2043 uint8_t this_random; 2044 int cnt_of_unconf = 0; 2045 struct sctp_nets *lnet; 2046 2047 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 2048 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 2049 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 2050 cnt_of_unconf++; 2051 } 2052 } 2053 if (cnt_of_unconf) { 2054 net = lnet = NULL; 2055 (void)sctp_heartbeat_timer(inp, stcb, lnet, cnt_of_unconf); 2056 } 2057 if (stcb->asoc.hb_random_idx > 3) { 2058 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 2059 memcpy(stcb->asoc.hb_random_values, &rndval, 2060 sizeof(stcb->asoc.hb_random_values)); 2061 stcb->asoc.hb_random_idx = 0; 2062 } 2063 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 2064 stcb->asoc.hb_random_idx++; 2065 stcb->asoc.hb_ect_randombit = 0; 2066 /* 2067 * this_random will be 0 - 256 ms RTO is in ms. 2068 */ 2069 if ((stcb->asoc.hb_is_disabled) && 2070 (cnt_of_unconf == 0)) { 2071 return; 2072 } 2073 if (net) { 2074 int delay; 2075 2076 delay = stcb->asoc.heart_beat_delay; 2077 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 2078 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 2079 ((lnet->dest_state & SCTP_ADDR_OUT_OF_SCOPE) == 0) && 2080 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 2081 delay = 0; 2082 } 2083 } 2084 if (net->RTO == 0) { 2085 /* Never been checked */ 2086 to_ticks = this_random + stcb->asoc.initial_rto + delay; 2087 } else { 2088 /* set rto_val to the ms */ 2089 to_ticks = delay + net->RTO + this_random; 2090 } 2091 } else { 2092 if (cnt_of_unconf) { 2093 to_ticks = this_random + stcb->asoc.initial_rto; 2094 } else { 2095 to_ticks = stcb->asoc.heart_beat_delay + this_random + stcb->asoc.initial_rto; 2096 } 2097 } 2098 /* 2099 * Now we must convert the to_ticks that are now in 2100 * ms to ticks. 2101 */ 2102 to_ticks = MSEC_TO_TICKS(to_ticks); 2103 tmr = &stcb->asoc.hb_timer; 2104 } 2105 break; 2106 case SCTP_TIMER_TYPE_COOKIE: 2107 /* 2108 * Here we can use the RTO timer from the network since one 2109 * RTT was compelete. If a retran happened then we will be 2110 * using the RTO initial value. 2111 */ 2112 if ((stcb == NULL) || (net == NULL)) { 2113 return; 2114 } 2115 if (net->RTO == 0) { 2116 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2117 } else { 2118 to_ticks = MSEC_TO_TICKS(net->RTO); 2119 } 2120 tmr = &net->rxt_timer; 2121 break; 2122 case SCTP_TIMER_TYPE_NEWCOOKIE: 2123 /* 2124 * nothing needed but the endpoint here ususually about 60 2125 * minutes. 2126 */ 2127 if (inp == NULL) { 2128 return; 2129 } 2130 tmr = &inp->sctp_ep.signature_change; 2131 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 2132 break; 2133 case SCTP_TIMER_TYPE_ASOCKILL: 2134 if (stcb == NULL) { 2135 return; 2136 } 2137 tmr = &stcb->asoc.strreset_timer; 2138 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 2139 break; 2140 case SCTP_TIMER_TYPE_INPKILL: 2141 /* 2142 * The inp is setup to die. We re-use the signature_chage 2143 * timer since that has stopped and we are in the GONE 2144 * state. 2145 */ 2146 if (inp == NULL) { 2147 return; 2148 } 2149 tmr = &inp->sctp_ep.signature_change; 2150 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 2151 break; 2152 case SCTP_TIMER_TYPE_PATHMTURAISE: 2153 /* 2154 * Here we use the value found in the EP for PMTU ususually 2155 * about 10 minutes. 2156 */ 2157 if ((stcb == NULL) || (inp == NULL)) { 2158 return; 2159 } 2160 if (net == NULL) { 2161 return; 2162 } 2163 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 2164 tmr = &net->pmtu_timer; 2165 break; 2166 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2167 /* Here we use the RTO of the destination */ 2168 if ((stcb == NULL) || (net == NULL)) { 2169 return; 2170 } 2171 if (net->RTO == 0) { 2172 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2173 } else { 2174 to_ticks = MSEC_TO_TICKS(net->RTO); 2175 } 2176 tmr = &net->rxt_timer; 2177 break; 2178 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2179 /* 2180 * Here we use the endpoints shutdown guard timer usually 2181 * about 3 minutes. 2182 */ 2183 if ((inp == NULL) || (stcb == NULL)) { 2184 return; 2185 } 2186 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 2187 tmr = &stcb->asoc.shut_guard_timer; 2188 break; 2189 case SCTP_TIMER_TYPE_STRRESET: 2190 /* 2191 * Here the timer comes from the stcb but its value is from 2192 * the net's RTO. 2193 */ 2194 if ((stcb == NULL) || (net == NULL)) { 2195 return; 2196 } 2197 if (net->RTO == 0) { 2198 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2199 } else { 2200 to_ticks = MSEC_TO_TICKS(net->RTO); 2201 } 2202 tmr = &stcb->asoc.strreset_timer; 2203 break; 2204 2205 case SCTP_TIMER_TYPE_EARLYFR: 2206 { 2207 unsigned int msec; 2208 2209 if ((stcb == NULL) || (net == NULL)) { 2210 return; 2211 } 2212 if (net->flight_size > net->cwnd) { 2213 /* no need to start */ 2214 return; 2215 } 2216 SCTP_STAT_INCR(sctps_earlyfrstart); 2217 if (net->lastsa == 0) { 2218 /* Hmm no rtt estimate yet? */ 2219 msec = stcb->asoc.initial_rto >> 2; 2220 } else { 2221 msec = ((net->lastsa >> 2) + net->lastsv) >> 1; 2222 } 2223 if (msec < SCTP_BASE_SYSCTL(sctp_early_fr_msec)) { 2224 msec = SCTP_BASE_SYSCTL(sctp_early_fr_msec); 2225 if (msec < SCTP_MINFR_MSEC_FLOOR) { 2226 msec = SCTP_MINFR_MSEC_FLOOR; 2227 } 2228 } 2229 to_ticks = MSEC_TO_TICKS(msec); 2230 tmr = &net->fr_timer; 2231 } 2232 break; 2233 case SCTP_TIMER_TYPE_ASCONF: 2234 /* 2235 * Here the timer comes from the stcb but its value is from 2236 * the net's RTO. 2237 */ 2238 if ((stcb == NULL) || (net == NULL)) { 2239 return; 2240 } 2241 if (net->RTO == 0) { 2242 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2243 } else { 2244 to_ticks = MSEC_TO_TICKS(net->RTO); 2245 } 2246 tmr = &stcb->asoc.asconf_timer; 2247 break; 2248 case SCTP_TIMER_TYPE_PRIM_DELETED: 2249 if ((stcb == NULL) || (net != NULL)) { 2250 return; 2251 } 2252 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2253 tmr = &stcb->asoc.delete_prim_timer; 2254 break; 2255 case SCTP_TIMER_TYPE_AUTOCLOSE: 2256 if (stcb == NULL) { 2257 return; 2258 } 2259 if (stcb->asoc.sctp_autoclose_ticks == 0) { 2260 /* 2261 * Really an error since stcb is NOT set to 2262 * autoclose 2263 */ 2264 return; 2265 } 2266 to_ticks = stcb->asoc.sctp_autoclose_ticks; 2267 tmr = &stcb->asoc.autoclose_timer; 2268 break; 2269 default: 2270 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2271 __FUNCTION__, t_type); 2272 return; 2273 break; 2274 }; 2275 if ((to_ticks <= 0) || (tmr == NULL)) { 2276 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: %d:software error to_ticks:%d tmr:%p not set ??\n", 2277 __FUNCTION__, t_type, to_ticks, tmr); 2278 return; 2279 } 2280 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 2281 /* 2282 * we do NOT allow you to have it already running. if it is 2283 * we leave the current one up unchanged 2284 */ 2285 return; 2286 } 2287 /* At this point we can proceed */ 2288 if (t_type == SCTP_TIMER_TYPE_SEND) { 2289 stcb->asoc.num_send_timers_up++; 2290 } 2291 tmr->stopped_from = 0; 2292 tmr->type = t_type; 2293 tmr->ep = (void *)inp; 2294 tmr->tcb = (void *)stcb; 2295 tmr->net = (void *)net; 2296 tmr->self = (void *)tmr; 2297 tmr->vnet = (void *)curvnet; 2298 tmr->ticks = sctp_get_tick_count(); 2299 (void)SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 2300 return; 2301 } 2302 2303 void 2304 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2305 struct sctp_nets *net, uint32_t from) 2306 { 2307 struct sctp_timer *tmr; 2308 2309 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 2310 (inp == NULL)) 2311 return; 2312 2313 tmr = NULL; 2314 if (stcb) { 2315 SCTP_TCB_LOCK_ASSERT(stcb); 2316 } 2317 switch (t_type) { 2318 case SCTP_TIMER_TYPE_ZERO_COPY: 2319 tmr = &inp->sctp_ep.zero_copy_timer; 2320 break; 2321 case SCTP_TIMER_TYPE_ZCOPY_SENDQ: 2322 tmr = &inp->sctp_ep.zero_copy_sendq_timer; 2323 break; 2324 case SCTP_TIMER_TYPE_ADDR_WQ: 2325 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2326 break; 2327 case SCTP_TIMER_TYPE_EARLYFR: 2328 if ((stcb == NULL) || (net == NULL)) { 2329 return; 2330 } 2331 tmr = &net->fr_timer; 2332 SCTP_STAT_INCR(sctps_earlyfrstop); 2333 break; 2334 case SCTP_TIMER_TYPE_SEND: 2335 if ((stcb == NULL) || (net == NULL)) { 2336 return; 2337 } 2338 tmr = &net->rxt_timer; 2339 break; 2340 case SCTP_TIMER_TYPE_INIT: 2341 if ((stcb == NULL) || (net == NULL)) { 2342 return; 2343 } 2344 tmr = &net->rxt_timer; 2345 break; 2346 case SCTP_TIMER_TYPE_RECV: 2347 if (stcb == NULL) { 2348 return; 2349 } 2350 tmr = &stcb->asoc.dack_timer; 2351 break; 2352 case SCTP_TIMER_TYPE_SHUTDOWN: 2353 if ((stcb == NULL) || (net == NULL)) { 2354 return; 2355 } 2356 tmr = &net->rxt_timer; 2357 break; 2358 case SCTP_TIMER_TYPE_HEARTBEAT: 2359 if (stcb == NULL) { 2360 return; 2361 } 2362 tmr = &stcb->asoc.hb_timer; 2363 break; 2364 case SCTP_TIMER_TYPE_COOKIE: 2365 if ((stcb == NULL) || (net == NULL)) { 2366 return; 2367 } 2368 tmr = &net->rxt_timer; 2369 break; 2370 case SCTP_TIMER_TYPE_NEWCOOKIE: 2371 /* nothing needed but the endpoint here */ 2372 tmr = &inp->sctp_ep.signature_change; 2373 /* 2374 * We re-use the newcookie timer for the INP kill timer. We 2375 * must assure that we do not kill it by accident. 2376 */ 2377 break; 2378 case SCTP_TIMER_TYPE_ASOCKILL: 2379 /* 2380 * Stop the asoc kill timer. 2381 */ 2382 if (stcb == NULL) { 2383 return; 2384 } 2385 tmr = &stcb->asoc.strreset_timer; 2386 break; 2387 2388 case SCTP_TIMER_TYPE_INPKILL: 2389 /* 2390 * The inp is setup to die. We re-use the signature_chage 2391 * timer since that has stopped and we are in the GONE 2392 * state. 2393 */ 2394 tmr = &inp->sctp_ep.signature_change; 2395 break; 2396 case SCTP_TIMER_TYPE_PATHMTURAISE: 2397 if ((stcb == NULL) || (net == NULL)) { 2398 return; 2399 } 2400 tmr = &net->pmtu_timer; 2401 break; 2402 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2403 if ((stcb == NULL) || (net == NULL)) { 2404 return; 2405 } 2406 tmr = &net->rxt_timer; 2407 break; 2408 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2409 if (stcb == NULL) { 2410 return; 2411 } 2412 tmr = &stcb->asoc.shut_guard_timer; 2413 break; 2414 case SCTP_TIMER_TYPE_STRRESET: 2415 if (stcb == NULL) { 2416 return; 2417 } 2418 tmr = &stcb->asoc.strreset_timer; 2419 break; 2420 case SCTP_TIMER_TYPE_ASCONF: 2421 if (stcb == NULL) { 2422 return; 2423 } 2424 tmr = &stcb->asoc.asconf_timer; 2425 break; 2426 case SCTP_TIMER_TYPE_PRIM_DELETED: 2427 if (stcb == NULL) { 2428 return; 2429 } 2430 tmr = &stcb->asoc.delete_prim_timer; 2431 break; 2432 case SCTP_TIMER_TYPE_AUTOCLOSE: 2433 if (stcb == NULL) { 2434 return; 2435 } 2436 tmr = &stcb->asoc.autoclose_timer; 2437 break; 2438 default: 2439 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2440 __FUNCTION__, t_type); 2441 break; 2442 }; 2443 if (tmr == NULL) { 2444 return; 2445 } 2446 if ((tmr->type != t_type) && tmr->type) { 2447 /* 2448 * Ok we have a timer that is under joint use. Cookie timer 2449 * per chance with the SEND timer. We therefore are NOT 2450 * running the timer that the caller wants stopped. So just 2451 * return. 2452 */ 2453 return; 2454 } 2455 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) { 2456 stcb->asoc.num_send_timers_up--; 2457 if (stcb->asoc.num_send_timers_up < 0) { 2458 stcb->asoc.num_send_timers_up = 0; 2459 } 2460 } 2461 tmr->self = NULL; 2462 tmr->stopped_from = from; 2463 (void)SCTP_OS_TIMER_STOP(&tmr->timer); 2464 return; 2465 } 2466 2467 uint32_t 2468 sctp_calculate_len(struct mbuf *m) 2469 { 2470 uint32_t tlen = 0; 2471 struct mbuf *at; 2472 2473 at = m; 2474 while (at) { 2475 tlen += SCTP_BUF_LEN(at); 2476 at = SCTP_BUF_NEXT(at); 2477 } 2478 return (tlen); 2479 } 2480 2481 void 2482 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2483 struct sctp_association *asoc, uint32_t mtu) 2484 { 2485 /* 2486 * Reset the P-MTU size on this association, this involves changing 2487 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2488 * allow the DF flag to be cleared. 2489 */ 2490 struct sctp_tmit_chunk *chk; 2491 unsigned int eff_mtu, ovh; 2492 2493 #ifdef SCTP_PRINT_FOR_B_AND_M 2494 SCTP_PRINTF("sctp_mtu_size_reset(%p, asoc:%p mtu:%d\n", 2495 inp, asoc, mtu); 2496 #endif 2497 asoc->smallest_mtu = mtu; 2498 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2499 ovh = SCTP_MIN_OVERHEAD; 2500 } else { 2501 ovh = SCTP_MIN_V4_OVERHEAD; 2502 } 2503 eff_mtu = mtu - ovh; 2504 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2505 2506 if (chk->send_size > eff_mtu) { 2507 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2508 } 2509 } 2510 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2511 if (chk->send_size > eff_mtu) { 2512 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2513 } 2514 } 2515 } 2516 2517 2518 /* 2519 * given an association and starting time of the current RTT period return 2520 * RTO in number of msecs net should point to the current network 2521 */ 2522 uint32_t 2523 sctp_calculate_rto(struct sctp_tcb *stcb, 2524 struct sctp_association *asoc, 2525 struct sctp_nets *net, 2526 struct timeval *told, 2527 int safe) 2528 { 2529 /*- 2530 * given an association and the starting time of the current RTT 2531 * period (in value1/value2) return RTO in number of msecs. 2532 */ 2533 int calc_time = 0; 2534 int o_calctime; 2535 uint32_t new_rto = 0; 2536 int first_measure = 0; 2537 struct timeval now, then, *old; 2538 2539 /* Copy it out for sparc64 */ 2540 if (safe == sctp_align_unsafe_makecopy) { 2541 old = &then; 2542 memcpy(&then, told, sizeof(struct timeval)); 2543 } else if (safe == sctp_align_safe_nocopy) { 2544 old = told; 2545 } else { 2546 /* error */ 2547 SCTP_PRINTF("Huh, bad rto calc call\n"); 2548 return (0); 2549 } 2550 /************************/ 2551 /* 1. calculate new RTT */ 2552 /************************/ 2553 /* get the current time */ 2554 (void)SCTP_GETTIME_TIMEVAL(&now); 2555 /* compute the RTT value */ 2556 if ((u_long)now.tv_sec > (u_long)old->tv_sec) { 2557 calc_time = ((u_long)now.tv_sec - (u_long)old->tv_sec) * 1000; 2558 if ((u_long)now.tv_usec > (u_long)old->tv_usec) { 2559 calc_time += (((u_long)now.tv_usec - 2560 (u_long)old->tv_usec) / 1000); 2561 } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { 2562 /* Borrow 1,000ms from current calculation */ 2563 calc_time -= 1000; 2564 /* Add in the slop over */ 2565 calc_time += ((int)now.tv_usec / 1000); 2566 /* Add in the pre-second ms's */ 2567 calc_time += (((int)1000000 - (int)old->tv_usec) / 1000); 2568 } 2569 } else if ((u_long)now.tv_sec == (u_long)old->tv_sec) { 2570 if ((u_long)now.tv_usec > (u_long)old->tv_usec) { 2571 calc_time = ((u_long)now.tv_usec - 2572 (u_long)old->tv_usec) / 1000; 2573 } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { 2574 /* impossible .. garbage in nothing out */ 2575 goto calc_rto; 2576 } else if ((u_long)now.tv_usec == (u_long)old->tv_usec) { 2577 /* 2578 * We have to have 1 usec :-D this must be the 2579 * loopback. 2580 */ 2581 calc_time = 1; 2582 } else { 2583 /* impossible .. garbage in nothing out */ 2584 goto calc_rto; 2585 } 2586 } else { 2587 /* Clock wrapped? */ 2588 goto calc_rto; 2589 } 2590 /***************************/ 2591 /* 2. update RTTVAR & SRTT */ 2592 /***************************/ 2593 net->rtt = o_calctime = calc_time; 2594 /* this is Van Jacobson's integer version */ 2595 if (net->RTO_measured) { 2596 calc_time -= (net->lastsa >> SCTP_RTT_SHIFT); /* take away 1/8th when 2597 * shift=3 */ 2598 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2599 rto_logging(net, SCTP_LOG_RTTVAR); 2600 } 2601 net->prev_rtt = o_calctime; 2602 net->lastsa += calc_time; /* add 7/8th into sa when 2603 * shift=3 */ 2604 if (calc_time < 0) { 2605 calc_time = -calc_time; 2606 } 2607 calc_time -= (net->lastsv >> SCTP_RTT_VAR_SHIFT); /* take away 1/4 when 2608 * VAR shift=2 */ 2609 net->lastsv += calc_time; 2610 if (net->lastsv == 0) { 2611 net->lastsv = SCTP_CLOCK_GRANULARITY; 2612 } 2613 } else { 2614 /* First RTO measurment */ 2615 net->RTO_measured = 1; 2616 net->lastsa = calc_time << SCTP_RTT_SHIFT; /* Multiply by 8 when 2617 * shift=3 */ 2618 net->lastsv = calc_time; 2619 if (net->lastsv == 0) { 2620 net->lastsv = SCTP_CLOCK_GRANULARITY; 2621 } 2622 first_measure = 1; 2623 net->prev_rtt = o_calctime; 2624 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2625 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2626 } 2627 } 2628 calc_rto: 2629 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv; 2630 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2631 (stcb->asoc.sat_network_lockout == 0)) { 2632 stcb->asoc.sat_network = 1; 2633 } else if ((!first_measure) && stcb->asoc.sat_network) { 2634 stcb->asoc.sat_network = 0; 2635 stcb->asoc.sat_network_lockout = 1; 2636 } 2637 /* bound it, per C6/C7 in Section 5.3.1 */ 2638 if (new_rto < stcb->asoc.minrto) { 2639 new_rto = stcb->asoc.minrto; 2640 } 2641 if (new_rto > stcb->asoc.maxrto) { 2642 new_rto = stcb->asoc.maxrto; 2643 } 2644 /* we are now returning the RTO */ 2645 return (new_rto); 2646 } 2647 2648 /* 2649 * return a pointer to a contiguous piece of data from the given mbuf chain 2650 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2651 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2652 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2653 */ 2654 caddr_t 2655 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t * in_ptr) 2656 { 2657 uint32_t count; 2658 uint8_t *ptr; 2659 2660 ptr = in_ptr; 2661 if ((off < 0) || (len <= 0)) 2662 return (NULL); 2663 2664 /* find the desired start location */ 2665 while ((m != NULL) && (off > 0)) { 2666 if (off < SCTP_BUF_LEN(m)) 2667 break; 2668 off -= SCTP_BUF_LEN(m); 2669 m = SCTP_BUF_NEXT(m); 2670 } 2671 if (m == NULL) 2672 return (NULL); 2673 2674 /* is the current mbuf large enough (eg. contiguous)? */ 2675 if ((SCTP_BUF_LEN(m) - off) >= len) { 2676 return (mtod(m, caddr_t)+off); 2677 } else { 2678 /* else, it spans more than one mbuf, so save a temp copy... */ 2679 while ((m != NULL) && (len > 0)) { 2680 count = min(SCTP_BUF_LEN(m) - off, len); 2681 bcopy(mtod(m, caddr_t)+off, ptr, count); 2682 len -= count; 2683 ptr += count; 2684 off = 0; 2685 m = SCTP_BUF_NEXT(m); 2686 } 2687 if ((m == NULL) && (len > 0)) 2688 return (NULL); 2689 else 2690 return ((caddr_t)in_ptr); 2691 } 2692 } 2693 2694 2695 2696 struct sctp_paramhdr * 2697 sctp_get_next_param(struct mbuf *m, 2698 int offset, 2699 struct sctp_paramhdr *pull, 2700 int pull_limit) 2701 { 2702 /* This just provides a typed signature to Peter's Pull routine */ 2703 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2704 (uint8_t *) pull)); 2705 } 2706 2707 2708 int 2709 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2710 { 2711 /* 2712 * add padlen bytes of 0 filled padding to the end of the mbuf. If 2713 * padlen is > 3 this routine will fail. 2714 */ 2715 uint8_t *dp; 2716 int i; 2717 2718 if (padlen > 3) { 2719 SCTP_LTRACE_ERR_RET_PKT(m, NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 2720 return (ENOBUFS); 2721 } 2722 if (padlen <= M_TRAILINGSPACE(m)) { 2723 /* 2724 * The easy way. We hope the majority of the time we hit 2725 * here :) 2726 */ 2727 dp = (uint8_t *) (mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 2728 SCTP_BUF_LEN(m) += padlen; 2729 } else { 2730 /* Hard way we must grow the mbuf */ 2731 struct mbuf *tmp; 2732 2733 tmp = sctp_get_mbuf_for_msg(padlen, 0, M_DONTWAIT, 1, MT_DATA); 2734 if (tmp == NULL) { 2735 /* Out of space GAK! we are in big trouble. */ 2736 SCTP_LTRACE_ERR_RET_PKT(m, NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 2737 return (ENOSPC); 2738 } 2739 /* setup and insert in middle */ 2740 SCTP_BUF_LEN(tmp) = padlen; 2741 SCTP_BUF_NEXT(tmp) = NULL; 2742 SCTP_BUF_NEXT(m) = tmp; 2743 dp = mtod(tmp, uint8_t *); 2744 } 2745 /* zero out the pad */ 2746 for (i = 0; i < padlen; i++) { 2747 *dp = 0; 2748 dp++; 2749 } 2750 return (0); 2751 } 2752 2753 int 2754 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2755 { 2756 /* find the last mbuf in chain and pad it */ 2757 struct mbuf *m_at; 2758 2759 m_at = m; 2760 if (last_mbuf) { 2761 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2762 } else { 2763 while (m_at) { 2764 if (SCTP_BUF_NEXT(m_at) == NULL) { 2765 return (sctp_add_pad_tombuf(m_at, padval)); 2766 } 2767 m_at = SCTP_BUF_NEXT(m_at); 2768 } 2769 } 2770 SCTP_LTRACE_ERR_RET_PKT(m, NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 2771 return (EFAULT); 2772 } 2773 2774 static void 2775 sctp_notify_assoc_change(uint32_t event, struct sctp_tcb *stcb, 2776 uint32_t error, void *data, int so_locked 2777 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2778 SCTP_UNUSED 2779 #endif 2780 ) 2781 { 2782 struct mbuf *m_notify; 2783 struct sctp_assoc_change *sac; 2784 struct sctp_queued_to_read *control; 2785 2786 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2787 struct socket *so; 2788 2789 #endif 2790 2791 /* 2792 * For TCP model AND UDP connected sockets we will send an error up 2793 * when an ABORT comes in. 2794 */ 2795 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2796 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2797 ((event == SCTP_COMM_LOST) || (event == SCTP_CANT_STR_ASSOC))) { 2798 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_WAIT) { 2799 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED); 2800 stcb->sctp_socket->so_error = ECONNREFUSED; 2801 } else { 2802 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 2803 stcb->sctp_socket->so_error = ECONNRESET; 2804 } 2805 /* Wake ANY sleepers */ 2806 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2807 so = SCTP_INP_SO(stcb->sctp_ep); 2808 if (!so_locked) { 2809 atomic_add_int(&stcb->asoc.refcnt, 1); 2810 SCTP_TCB_UNLOCK(stcb); 2811 SCTP_SOCKET_LOCK(so, 1); 2812 SCTP_TCB_LOCK(stcb); 2813 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2814 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 2815 SCTP_SOCKET_UNLOCK(so, 1); 2816 return; 2817 } 2818 } 2819 #endif 2820 sorwakeup(stcb->sctp_socket); 2821 sowwakeup(stcb->sctp_socket); 2822 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2823 if (!so_locked) { 2824 SCTP_SOCKET_UNLOCK(so, 1); 2825 } 2826 #endif 2827 } 2828 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2829 /* event not enabled */ 2830 return; 2831 } 2832 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_change), 0, M_DONTWAIT, 1, MT_DATA); 2833 if (m_notify == NULL) 2834 /* no space left */ 2835 return; 2836 SCTP_BUF_LEN(m_notify) = 0; 2837 2838 sac = mtod(m_notify, struct sctp_assoc_change *); 2839 sac->sac_type = SCTP_ASSOC_CHANGE; 2840 sac->sac_flags = 0; 2841 sac->sac_length = sizeof(struct sctp_assoc_change); 2842 sac->sac_state = event; 2843 sac->sac_error = error; 2844 /* XXX verify these stream counts */ 2845 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2846 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2847 sac->sac_assoc_id = sctp_get_associd(stcb); 2848 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_change); 2849 SCTP_BUF_NEXT(m_notify) = NULL; 2850 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2851 0, 0, 0, 0, 0, 0, 2852 m_notify); 2853 if (control == NULL) { 2854 /* no memory */ 2855 sctp_m_freem(m_notify); 2856 return; 2857 } 2858 control->length = SCTP_BUF_LEN(m_notify); 2859 /* not that we need this */ 2860 control->tail_mbuf = m_notify; 2861 control->spec_flags = M_NOTIFICATION; 2862 sctp_add_to_readq(stcb->sctp_ep, stcb, 2863 control, 2864 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, 2865 so_locked); 2866 if (event == SCTP_COMM_LOST) { 2867 /* Wake up any sleeper */ 2868 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2869 so = SCTP_INP_SO(stcb->sctp_ep); 2870 if (!so_locked) { 2871 atomic_add_int(&stcb->asoc.refcnt, 1); 2872 SCTP_TCB_UNLOCK(stcb); 2873 SCTP_SOCKET_LOCK(so, 1); 2874 SCTP_TCB_LOCK(stcb); 2875 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2876 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 2877 SCTP_SOCKET_UNLOCK(so, 1); 2878 return; 2879 } 2880 } 2881 #endif 2882 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 2883 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2884 if (!so_locked) { 2885 SCTP_SOCKET_UNLOCK(so, 1); 2886 } 2887 #endif 2888 } 2889 } 2890 2891 static void 2892 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2893 struct sockaddr *sa, uint32_t error) 2894 { 2895 struct mbuf *m_notify; 2896 struct sctp_paddr_change *spc; 2897 struct sctp_queued_to_read *control; 2898 2899 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVPADDREVNT)) { 2900 /* event not enabled */ 2901 return; 2902 } 2903 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_DONTWAIT, 1, MT_DATA); 2904 if (m_notify == NULL) 2905 return; 2906 SCTP_BUF_LEN(m_notify) = 0; 2907 spc = mtod(m_notify, struct sctp_paddr_change *); 2908 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2909 spc->spc_flags = 0; 2910 spc->spc_length = sizeof(struct sctp_paddr_change); 2911 switch (sa->sa_family) { 2912 case AF_INET: 2913 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2914 break; 2915 #ifdef INET6 2916 case AF_INET6: 2917 { 2918 struct sockaddr_in6 *sin6; 2919 2920 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2921 2922 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr; 2923 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2924 if (sin6->sin6_scope_id == 0) { 2925 /* recover scope_id for user */ 2926 (void)sa6_recoverscope(sin6); 2927 } else { 2928 /* clear embedded scope_id for user */ 2929 in6_clearscope(&sin6->sin6_addr); 2930 } 2931 } 2932 break; 2933 } 2934 #endif 2935 default: 2936 /* TSNH */ 2937 break; 2938 } 2939 spc->spc_state = state; 2940 spc->spc_error = error; 2941 spc->spc_assoc_id = sctp_get_associd(stcb); 2942 2943 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 2944 SCTP_BUF_NEXT(m_notify) = NULL; 2945 2946 /* append to socket */ 2947 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2948 0, 0, 0, 0, 0, 0, 2949 m_notify); 2950 if (control == NULL) { 2951 /* no memory */ 2952 sctp_m_freem(m_notify); 2953 return; 2954 } 2955 control->length = SCTP_BUF_LEN(m_notify); 2956 control->spec_flags = M_NOTIFICATION; 2957 /* not that we need this */ 2958 control->tail_mbuf = m_notify; 2959 sctp_add_to_readq(stcb->sctp_ep, stcb, 2960 control, 2961 &stcb->sctp_socket->so_rcv, 1, 2962 SCTP_READ_LOCK_NOT_HELD, 2963 SCTP_SO_NOT_LOCKED); 2964 } 2965 2966 2967 static void 2968 sctp_notify_send_failed(struct sctp_tcb *stcb, uint32_t error, 2969 struct sctp_tmit_chunk *chk, int so_locked 2970 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2971 SCTP_UNUSED 2972 #endif 2973 ) 2974 { 2975 struct mbuf *m_notify; 2976 struct sctp_send_failed *ssf; 2977 struct sctp_queued_to_read *control; 2978 int length; 2979 2980 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) { 2981 /* event not enabled */ 2982 return; 2983 } 2984 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_send_failed), 0, M_DONTWAIT, 1, MT_DATA); 2985 if (m_notify == NULL) 2986 /* no space left */ 2987 return; 2988 length = sizeof(struct sctp_send_failed) + chk->send_size; 2989 length -= sizeof(struct sctp_data_chunk); 2990 SCTP_BUF_LEN(m_notify) = 0; 2991 ssf = mtod(m_notify, struct sctp_send_failed *); 2992 ssf->ssf_type = SCTP_SEND_FAILED; 2993 if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) 2994 ssf->ssf_flags = SCTP_DATA_UNSENT; 2995 else 2996 ssf->ssf_flags = SCTP_DATA_SENT; 2997 ssf->ssf_length = length; 2998 ssf->ssf_error = error; 2999 /* not exactly what the user sent in, but should be close :) */ 3000 bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); 3001 ssf->ssf_info.sinfo_stream = chk->rec.data.stream_number; 3002 ssf->ssf_info.sinfo_ssn = chk->rec.data.stream_seq; 3003 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 3004 ssf->ssf_info.sinfo_ppid = chk->rec.data.payloadtype; 3005 ssf->ssf_info.sinfo_context = chk->rec.data.context; 3006 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3007 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3008 3009 if (chk->data) { 3010 /* 3011 * trim off the sctp chunk header(it should be there) 3012 */ 3013 if (chk->send_size >= sizeof(struct sctp_data_chunk)) { 3014 m_adj(chk->data, sizeof(struct sctp_data_chunk)); 3015 sctp_mbuf_crush(chk->data); 3016 chk->send_size -= sizeof(struct sctp_data_chunk); 3017 } 3018 } 3019 SCTP_BUF_NEXT(m_notify) = chk->data; 3020 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed); 3021 /* Steal off the mbuf */ 3022 chk->data = NULL; 3023 /* 3024 * For this case, we check the actual socket buffer, since the assoc 3025 * is going away we don't want to overfill the socket buffer for a 3026 * non-reader 3027 */ 3028 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3029 sctp_m_freem(m_notify); 3030 return; 3031 } 3032 /* append to socket */ 3033 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3034 0, 0, 0, 0, 0, 0, 3035 m_notify); 3036 if (control == NULL) { 3037 /* no memory */ 3038 sctp_m_freem(m_notify); 3039 return; 3040 } 3041 control->spec_flags = M_NOTIFICATION; 3042 sctp_add_to_readq(stcb->sctp_ep, stcb, 3043 control, 3044 &stcb->sctp_socket->so_rcv, 1, 3045 SCTP_READ_LOCK_NOT_HELD, 3046 so_locked); 3047 } 3048 3049 3050 static void 3051 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 3052 struct sctp_stream_queue_pending *sp, int so_locked 3053 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3054 SCTP_UNUSED 3055 #endif 3056 ) 3057 { 3058 struct mbuf *m_notify; 3059 struct sctp_send_failed *ssf; 3060 struct sctp_queued_to_read *control; 3061 int length; 3062 3063 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) { 3064 /* event not enabled */ 3065 return; 3066 } 3067 length = sizeof(struct sctp_send_failed) + sp->length; 3068 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_send_failed), 0, M_DONTWAIT, 1, MT_DATA); 3069 if (m_notify == NULL) 3070 /* no space left */ 3071 return; 3072 SCTP_BUF_LEN(m_notify) = 0; 3073 ssf = mtod(m_notify, struct sctp_send_failed *); 3074 ssf->ssf_type = SCTP_SEND_FAILED; 3075 if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) 3076 ssf->ssf_flags = SCTP_DATA_UNSENT; 3077 else 3078 ssf->ssf_flags = SCTP_DATA_SENT; 3079 ssf->ssf_length = length; 3080 ssf->ssf_error = error; 3081 /* not exactly what the user sent in, but should be close :) */ 3082 bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); 3083 ssf->ssf_info.sinfo_stream = sp->stream; 3084 ssf->ssf_info.sinfo_ssn = sp->strseq; 3085 if (sp->some_taken) { 3086 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG; 3087 } else { 3088 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG; 3089 } 3090 ssf->ssf_info.sinfo_ppid = sp->ppid; 3091 ssf->ssf_info.sinfo_context = sp->context; 3092 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3093 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3094 SCTP_BUF_NEXT(m_notify) = sp->data; 3095 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed); 3096 3097 /* Steal off the mbuf */ 3098 sp->data = NULL; 3099 /* 3100 * For this case, we check the actual socket buffer, since the assoc 3101 * is going away we don't want to overfill the socket buffer for a 3102 * non-reader 3103 */ 3104 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3105 sctp_m_freem(m_notify); 3106 return; 3107 } 3108 /* append to socket */ 3109 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3110 0, 0, 0, 0, 0, 0, 3111 m_notify); 3112 if (control == NULL) { 3113 /* no memory */ 3114 sctp_m_freem(m_notify); 3115 return; 3116 } 3117 control->spec_flags = M_NOTIFICATION; 3118 sctp_add_to_readq(stcb->sctp_ep, stcb, 3119 control, 3120 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3121 } 3122 3123 3124 3125 static void 3126 sctp_notify_adaptation_layer(struct sctp_tcb *stcb, 3127 uint32_t error) 3128 { 3129 struct mbuf *m_notify; 3130 struct sctp_adaptation_event *sai; 3131 struct sctp_queued_to_read *control; 3132 3133 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) { 3134 /* event not enabled */ 3135 return; 3136 } 3137 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_DONTWAIT, 1, MT_DATA); 3138 if (m_notify == NULL) 3139 /* no space left */ 3140 return; 3141 SCTP_BUF_LEN(m_notify) = 0; 3142 sai = mtod(m_notify, struct sctp_adaptation_event *); 3143 sai->sai_type = SCTP_ADAPTATION_INDICATION; 3144 sai->sai_flags = 0; 3145 sai->sai_length = sizeof(struct sctp_adaptation_event); 3146 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation; 3147 sai->sai_assoc_id = sctp_get_associd(stcb); 3148 3149 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 3150 SCTP_BUF_NEXT(m_notify) = NULL; 3151 3152 /* append to socket */ 3153 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3154 0, 0, 0, 0, 0, 0, 3155 m_notify); 3156 if (control == NULL) { 3157 /* no memory */ 3158 sctp_m_freem(m_notify); 3159 return; 3160 } 3161 control->length = SCTP_BUF_LEN(m_notify); 3162 control->spec_flags = M_NOTIFICATION; 3163 /* not that we need this */ 3164 control->tail_mbuf = m_notify; 3165 sctp_add_to_readq(stcb->sctp_ep, stcb, 3166 control, 3167 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3168 } 3169 3170 /* This always must be called with the read-queue LOCKED in the INP */ 3171 static void 3172 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, 3173 uint32_t val, int so_locked 3174 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3175 SCTP_UNUSED 3176 #endif 3177 ) 3178 { 3179 struct mbuf *m_notify; 3180 struct sctp_pdapi_event *pdapi; 3181 struct sctp_queued_to_read *control; 3182 struct sockbuf *sb; 3183 3184 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_PDAPIEVNT)) { 3185 /* event not enabled */ 3186 return; 3187 } 3188 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_DONTWAIT, 1, MT_DATA); 3189 if (m_notify == NULL) 3190 /* no space left */ 3191 return; 3192 SCTP_BUF_LEN(m_notify) = 0; 3193 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 3194 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 3195 pdapi->pdapi_flags = 0; 3196 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 3197 pdapi->pdapi_indication = error; 3198 pdapi->pdapi_stream = (val >> 16); 3199 pdapi->pdapi_seq = (val & 0x0000ffff); 3200 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 3201 3202 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 3203 SCTP_BUF_NEXT(m_notify) = NULL; 3204 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3205 0, 0, 0, 0, 0, 0, 3206 m_notify); 3207 if (control == NULL) { 3208 /* no memory */ 3209 sctp_m_freem(m_notify); 3210 return; 3211 } 3212 control->spec_flags = M_NOTIFICATION; 3213 control->length = SCTP_BUF_LEN(m_notify); 3214 /* not that we need this */ 3215 control->tail_mbuf = m_notify; 3216 control->held_length = 0; 3217 control->length = 0; 3218 sb = &stcb->sctp_socket->so_rcv; 3219 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3220 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 3221 } 3222 sctp_sballoc(stcb, sb, m_notify); 3223 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3224 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3225 } 3226 atomic_add_int(&control->length, SCTP_BUF_LEN(m_notify)); 3227 control->end_added = 1; 3228 if (stcb->asoc.control_pdapi) 3229 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 3230 else { 3231 /* we really should not see this case */ 3232 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 3233 } 3234 if (stcb->sctp_ep && stcb->sctp_socket) { 3235 /* This should always be the case */ 3236 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3237 struct socket *so; 3238 3239 so = SCTP_INP_SO(stcb->sctp_ep); 3240 if (!so_locked) { 3241 atomic_add_int(&stcb->asoc.refcnt, 1); 3242 SCTP_TCB_UNLOCK(stcb); 3243 SCTP_SOCKET_LOCK(so, 1); 3244 SCTP_TCB_LOCK(stcb); 3245 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3246 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3247 SCTP_SOCKET_UNLOCK(so, 1); 3248 return; 3249 } 3250 } 3251 #endif 3252 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 3253 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3254 if (!so_locked) { 3255 SCTP_SOCKET_UNLOCK(so, 1); 3256 } 3257 #endif 3258 } 3259 } 3260 3261 static void 3262 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 3263 { 3264 struct mbuf *m_notify; 3265 struct sctp_shutdown_event *sse; 3266 struct sctp_queued_to_read *control; 3267 3268 /* 3269 * For TCP model AND UDP connected sockets we will send an error up 3270 * when an SHUTDOWN completes 3271 */ 3272 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3273 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 3274 /* mark socket closed for read/write and wakeup! */ 3275 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3276 struct socket *so; 3277 3278 so = SCTP_INP_SO(stcb->sctp_ep); 3279 atomic_add_int(&stcb->asoc.refcnt, 1); 3280 SCTP_TCB_UNLOCK(stcb); 3281 SCTP_SOCKET_LOCK(so, 1); 3282 SCTP_TCB_LOCK(stcb); 3283 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3284 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3285 SCTP_SOCKET_UNLOCK(so, 1); 3286 return; 3287 } 3288 #endif 3289 socantsendmore(stcb->sctp_socket); 3290 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3291 SCTP_SOCKET_UNLOCK(so, 1); 3292 #endif 3293 } 3294 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) { 3295 /* event not enabled */ 3296 return; 3297 } 3298 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_DONTWAIT, 1, MT_DATA); 3299 if (m_notify == NULL) 3300 /* no space left */ 3301 return; 3302 sse = mtod(m_notify, struct sctp_shutdown_event *); 3303 sse->sse_type = SCTP_SHUTDOWN_EVENT; 3304 sse->sse_flags = 0; 3305 sse->sse_length = sizeof(struct sctp_shutdown_event); 3306 sse->sse_assoc_id = sctp_get_associd(stcb); 3307 3308 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 3309 SCTP_BUF_NEXT(m_notify) = NULL; 3310 3311 /* append to socket */ 3312 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3313 0, 0, 0, 0, 0, 0, 3314 m_notify); 3315 if (control == NULL) { 3316 /* no memory */ 3317 sctp_m_freem(m_notify); 3318 return; 3319 } 3320 control->spec_flags = M_NOTIFICATION; 3321 control->length = SCTP_BUF_LEN(m_notify); 3322 /* not that we need this */ 3323 control->tail_mbuf = m_notify; 3324 sctp_add_to_readq(stcb->sctp_ep, stcb, 3325 control, 3326 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3327 } 3328 3329 static void 3330 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, 3331 int so_locked 3332 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3333 SCTP_UNUSED 3334 #endif 3335 ) 3336 { 3337 struct mbuf *m_notify; 3338 struct sctp_sender_dry_event *event; 3339 struct sctp_queued_to_read *control; 3340 3341 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_DRYEVNT)) { 3342 /* event not enabled */ 3343 return; 3344 } 3345 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_DONTWAIT, 1, MT_DATA); 3346 if (m_notify == NULL) { 3347 /* no space left */ 3348 return; 3349 } 3350 SCTP_BUF_LEN(m_notify) = 0; 3351 event = mtod(m_notify, struct sctp_sender_dry_event *); 3352 event->sender_dry_type = SCTP_SENDER_DRY_EVENT; 3353 event->sender_dry_flags = 0; 3354 event->sender_dry_length = sizeof(struct sctp_sender_dry_event); 3355 event->sender_dry_assoc_id = sctp_get_associd(stcb); 3356 3357 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event); 3358 SCTP_BUF_NEXT(m_notify) = NULL; 3359 3360 /* append to socket */ 3361 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3362 0, 0, 0, 0, 0, 0, m_notify); 3363 if (control == NULL) { 3364 /* no memory */ 3365 sctp_m_freem(m_notify); 3366 return; 3367 } 3368 control->length = SCTP_BUF_LEN(m_notify); 3369 control->spec_flags = M_NOTIFICATION; 3370 /* not that we need this */ 3371 control->tail_mbuf = m_notify; 3372 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 3373 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3374 } 3375 3376 3377 static void 3378 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, int number_entries, int flag) 3379 { 3380 struct mbuf *m_notify; 3381 struct sctp_queued_to_read *control; 3382 struct sctp_stream_reset_event *strreset; 3383 int len; 3384 3385 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_STREAM_RESETEVNT)) { 3386 /* event not enabled */ 3387 return; 3388 } 3389 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 3390 if (m_notify == NULL) 3391 /* no space left */ 3392 return; 3393 SCTP_BUF_LEN(m_notify) = 0; 3394 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3395 if (len > M_TRAILINGSPACE(m_notify)) { 3396 /* never enough room */ 3397 sctp_m_freem(m_notify); 3398 return; 3399 } 3400 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3401 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3402 strreset->strreset_flags = SCTP_STRRESET_ADD_STREAM | flag; 3403 strreset->strreset_length = len; 3404 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3405 strreset->strreset_list[0] = number_entries; 3406 3407 SCTP_BUF_LEN(m_notify) = len; 3408 SCTP_BUF_NEXT(m_notify) = NULL; 3409 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3410 /* no space */ 3411 sctp_m_freem(m_notify); 3412 return; 3413 } 3414 /* append to socket */ 3415 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3416 0, 0, 0, 0, 0, 0, 3417 m_notify); 3418 if (control == NULL) { 3419 /* no memory */ 3420 sctp_m_freem(m_notify); 3421 return; 3422 } 3423 control->spec_flags = M_NOTIFICATION; 3424 control->length = SCTP_BUF_LEN(m_notify); 3425 /* not that we need this */ 3426 control->tail_mbuf = m_notify; 3427 sctp_add_to_readq(stcb->sctp_ep, stcb, 3428 control, 3429 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3430 } 3431 3432 3433 static void 3434 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3435 int number_entries, uint16_t * list, int flag) 3436 { 3437 struct mbuf *m_notify; 3438 struct sctp_queued_to_read *control; 3439 struct sctp_stream_reset_event *strreset; 3440 int len; 3441 3442 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_STREAM_RESETEVNT)) { 3443 /* event not enabled */ 3444 return; 3445 } 3446 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 3447 if (m_notify == NULL) 3448 /* no space left */ 3449 return; 3450 SCTP_BUF_LEN(m_notify) = 0; 3451 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3452 if (len > M_TRAILINGSPACE(m_notify)) { 3453 /* never enough room */ 3454 sctp_m_freem(m_notify); 3455 return; 3456 } 3457 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3458 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3459 if (number_entries == 0) { 3460 strreset->strreset_flags = flag | SCTP_STRRESET_ALL_STREAMS; 3461 } else { 3462 strreset->strreset_flags = flag | SCTP_STRRESET_STREAM_LIST; 3463 } 3464 strreset->strreset_length = len; 3465 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3466 if (number_entries) { 3467 int i; 3468 3469 for (i = 0; i < number_entries; i++) { 3470 strreset->strreset_list[i] = ntohs(list[i]); 3471 } 3472 } 3473 SCTP_BUF_LEN(m_notify) = len; 3474 SCTP_BUF_NEXT(m_notify) = NULL; 3475 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3476 /* no space */ 3477 sctp_m_freem(m_notify); 3478 return; 3479 } 3480 /* append to socket */ 3481 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3482 0, 0, 0, 0, 0, 0, 3483 m_notify); 3484 if (control == NULL) { 3485 /* no memory */ 3486 sctp_m_freem(m_notify); 3487 return; 3488 } 3489 control->spec_flags = M_NOTIFICATION; 3490 control->length = SCTP_BUF_LEN(m_notify); 3491 /* not that we need this */ 3492 control->tail_mbuf = m_notify; 3493 sctp_add_to_readq(stcb->sctp_ep, stcb, 3494 control, 3495 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3496 } 3497 3498 3499 void 3500 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3501 uint32_t error, void *data, int so_locked 3502 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3503 SCTP_UNUSED 3504 #endif 3505 ) 3506 { 3507 if ((stcb == NULL) || 3508 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3509 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3510 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3511 /* If the socket is gone we are out of here */ 3512 return; 3513 } 3514 if (stcb->sctp_socket->so_rcv.sb_state & SBS_CANTRCVMORE) { 3515 return; 3516 } 3517 if (stcb && ((stcb->asoc.state & SCTP_STATE_COOKIE_WAIT) || 3518 (stcb->asoc.state & SCTP_STATE_COOKIE_ECHOED))) { 3519 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) || 3520 (notification == SCTP_NOTIFY_INTERFACE_UP) || 3521 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) { 3522 /* Don't report these in front states */ 3523 return; 3524 } 3525 } 3526 switch (notification) { 3527 case SCTP_NOTIFY_ASSOC_UP: 3528 if (stcb->asoc.assoc_up_sent == 0) { 3529 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, so_locked); 3530 stcb->asoc.assoc_up_sent = 1; 3531 } 3532 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) { 3533 sctp_notify_adaptation_layer(stcb, error); 3534 } 3535 if (stcb->asoc.peer_supports_auth == 0) { 3536 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3537 NULL, so_locked); 3538 } 3539 break; 3540 case SCTP_NOTIFY_ASSOC_DOWN: 3541 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, so_locked); 3542 break; 3543 case SCTP_NOTIFY_INTERFACE_DOWN: 3544 { 3545 struct sctp_nets *net; 3546 3547 net = (struct sctp_nets *)data; 3548 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3549 (struct sockaddr *)&net->ro._l_addr, error); 3550 break; 3551 } 3552 case SCTP_NOTIFY_INTERFACE_UP: 3553 { 3554 struct sctp_nets *net; 3555 3556 net = (struct sctp_nets *)data; 3557 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3558 (struct sockaddr *)&net->ro._l_addr, error); 3559 break; 3560 } 3561 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3562 { 3563 struct sctp_nets *net; 3564 3565 net = (struct sctp_nets *)data; 3566 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3567 (struct sockaddr *)&net->ro._l_addr, error); 3568 break; 3569 } 3570 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3571 sctp_notify_send_failed2(stcb, error, 3572 (struct sctp_stream_queue_pending *)data, so_locked); 3573 break; 3574 case SCTP_NOTIFY_DG_FAIL: 3575 sctp_notify_send_failed(stcb, error, 3576 (struct sctp_tmit_chunk *)data, so_locked); 3577 break; 3578 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3579 { 3580 uint32_t val; 3581 3582 val = *((uint32_t *) data); 3583 3584 sctp_notify_partial_delivery_indication(stcb, error, val, so_locked); 3585 break; 3586 } 3587 case SCTP_NOTIFY_STRDATA_ERR: 3588 break; 3589 case SCTP_NOTIFY_ASSOC_ABORTED: 3590 if ((stcb) && (((stcb->asoc.state & SCTP_STATE_MASK) == SCTP_STATE_COOKIE_WAIT) || 3591 ((stcb->asoc.state & SCTP_STATE_MASK) == SCTP_STATE_COOKIE_ECHOED))) { 3592 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, NULL, so_locked); 3593 } else { 3594 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, NULL, so_locked); 3595 } 3596 break; 3597 case SCTP_NOTIFY_PEER_OPENED_STREAM: 3598 break; 3599 case SCTP_NOTIFY_STREAM_OPENED_OK: 3600 break; 3601 case SCTP_NOTIFY_ASSOC_RESTART: 3602 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, data, so_locked); 3603 if (stcb->asoc.peer_supports_auth == 0) { 3604 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3605 NULL, so_locked); 3606 } 3607 break; 3608 case SCTP_NOTIFY_HB_RESP: 3609 break; 3610 case SCTP_NOTIFY_STR_RESET_INSTREAM_ADD_OK: 3611 sctp_notify_stream_reset_add(stcb, error, SCTP_STRRESET_INBOUND_STR); 3612 break; 3613 case SCTP_NOTIFY_STR_RESET_ADD_OK: 3614 sctp_notify_stream_reset_add(stcb, error, SCTP_STRRESET_OUTBOUND_STR); 3615 break; 3616 case SCTP_NOTIFY_STR_RESET_ADD_FAIL: 3617 sctp_notify_stream_reset_add(stcb, error, (SCTP_STRRESET_FAILED | SCTP_STRRESET_OUTBOUND_STR)); 3618 break; 3619 3620 case SCTP_NOTIFY_STR_RESET_SEND: 3621 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_OUTBOUND_STR); 3622 break; 3623 case SCTP_NOTIFY_STR_RESET_RECV: 3624 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_INBOUND_STR); 3625 break; 3626 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3627 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_OUTBOUND_STR | SCTP_STRRESET_FAILED)); 3628 break; 3629 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3630 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_INBOUND_STR | SCTP_STRRESET_FAILED)); 3631 break; 3632 case SCTP_NOTIFY_ASCONF_ADD_IP: 3633 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3634 error); 3635 break; 3636 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3637 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3638 error); 3639 break; 3640 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3641 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3642 error); 3643 break; 3644 case SCTP_NOTIFY_ASCONF_SUCCESS: 3645 break; 3646 case SCTP_NOTIFY_ASCONF_FAILED: 3647 break; 3648 case SCTP_NOTIFY_PEER_SHUTDOWN: 3649 sctp_notify_shutdown_event(stcb); 3650 break; 3651 case SCTP_NOTIFY_AUTH_NEW_KEY: 3652 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, error, 3653 (uint16_t) (uintptr_t) data, 3654 so_locked); 3655 break; 3656 case SCTP_NOTIFY_AUTH_FREE_KEY: 3657 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY, error, 3658 (uint16_t) (uintptr_t) data, 3659 so_locked); 3660 break; 3661 case SCTP_NOTIFY_NO_PEER_AUTH: 3662 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, error, 3663 (uint16_t) (uintptr_t) data, 3664 so_locked); 3665 break; 3666 case SCTP_NOTIFY_SENDER_DRY: 3667 sctp_notify_sender_dry_event(stcb, so_locked); 3668 break; 3669 default: 3670 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n", 3671 __FUNCTION__, notification, notification); 3672 break; 3673 } /* end switch */ 3674 } 3675 3676 void 3677 sctp_report_all_outbound(struct sctp_tcb *stcb, int holds_lock, int so_locked 3678 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3679 SCTP_UNUSED 3680 #endif 3681 ) 3682 { 3683 struct sctp_association *asoc; 3684 struct sctp_stream_out *outs; 3685 struct sctp_tmit_chunk *chk; 3686 struct sctp_stream_queue_pending *sp; 3687 int i; 3688 3689 asoc = &stcb->asoc; 3690 3691 if (stcb == NULL) { 3692 return; 3693 } 3694 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3695 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3696 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3697 return; 3698 } 3699 /* now through all the gunk freeing chunks */ 3700 if (holds_lock == 0) { 3701 SCTP_TCB_SEND_LOCK(stcb); 3702 } 3703 /* sent queue SHOULD be empty */ 3704 if (!TAILQ_EMPTY(&asoc->sent_queue)) { 3705 chk = TAILQ_FIRST(&asoc->sent_queue); 3706 while (chk) { 3707 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3708 asoc->sent_queue_cnt--; 3709 if (chk->data != NULL) { 3710 sctp_free_bufspace(stcb, asoc, chk, 1); 3711 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, 3712 SCTP_NOTIFY_DATAGRAM_SENT, chk, so_locked); 3713 if (chk->data) { 3714 sctp_m_freem(chk->data); 3715 chk->data = NULL; 3716 } 3717 } 3718 sctp_free_a_chunk(stcb, chk); 3719 /* sa_ignore FREED_MEMORY */ 3720 chk = TAILQ_FIRST(&asoc->sent_queue); 3721 } 3722 } 3723 /* pending send queue SHOULD be empty */ 3724 if (!TAILQ_EMPTY(&asoc->send_queue)) { 3725 chk = TAILQ_FIRST(&asoc->send_queue); 3726 while (chk) { 3727 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3728 asoc->send_queue_cnt--; 3729 if (chk->data != NULL) { 3730 sctp_free_bufspace(stcb, asoc, chk, 1); 3731 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, 3732 SCTP_NOTIFY_DATAGRAM_UNSENT, chk, so_locked); 3733 if (chk->data) { 3734 sctp_m_freem(chk->data); 3735 chk->data = NULL; 3736 } 3737 } 3738 sctp_free_a_chunk(stcb, chk); 3739 /* sa_ignore FREED_MEMORY */ 3740 chk = TAILQ_FIRST(&asoc->send_queue); 3741 } 3742 } 3743 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 3744 /* For each stream */ 3745 outs = &stcb->asoc.strmout[i]; 3746 /* clean up any sends there */ 3747 stcb->asoc.locked_on_sending = NULL; 3748 sp = TAILQ_FIRST(&outs->outqueue); 3749 while (sp) { 3750 stcb->asoc.stream_queue_cnt--; 3751 TAILQ_REMOVE(&outs->outqueue, sp, next); 3752 sctp_free_spbufspace(stcb, asoc, sp); 3753 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 3754 SCTP_NOTIFY_DATAGRAM_UNSENT, (void *)sp, so_locked); 3755 if (sp->data) { 3756 sctp_m_freem(sp->data); 3757 sp->data = NULL; 3758 } 3759 if (sp->net) 3760 sctp_free_remote_addr(sp->net); 3761 sp->net = NULL; 3762 /* Free the chunk */ 3763 sctp_free_a_strmoq(stcb, sp); 3764 /* sa_ignore FREED_MEMORY */ 3765 sp = TAILQ_FIRST(&outs->outqueue); 3766 } 3767 } 3768 3769 if (holds_lock == 0) { 3770 SCTP_TCB_SEND_UNLOCK(stcb); 3771 } 3772 } 3773 3774 void 3775 sctp_abort_notification(struct sctp_tcb *stcb, int error, int so_locked 3776 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3777 SCTP_UNUSED 3778 #endif 3779 ) 3780 { 3781 3782 if (stcb == NULL) { 3783 return; 3784 } 3785 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3786 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3787 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3788 return; 3789 } 3790 /* Tell them we lost the asoc */ 3791 sctp_report_all_outbound(stcb, 1, so_locked); 3792 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 3793 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 3794 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 3795 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 3796 } 3797 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_ABORTED, stcb, error, NULL, so_locked); 3798 } 3799 3800 void 3801 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3802 struct mbuf *m, int iphlen, struct sctphdr *sh, struct mbuf *op_err, 3803 uint32_t vrf_id, uint16_t port) 3804 { 3805 uint32_t vtag; 3806 3807 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3808 struct socket *so; 3809 3810 #endif 3811 3812 vtag = 0; 3813 if (stcb != NULL) { 3814 /* We have a TCB to abort, send notification too */ 3815 vtag = stcb->asoc.peer_vtag; 3816 sctp_abort_notification(stcb, 0, SCTP_SO_NOT_LOCKED); 3817 /* get the assoc vrf id and table id */ 3818 vrf_id = stcb->asoc.vrf_id; 3819 stcb->asoc.state |= SCTP_STATE_WAS_ABORTED; 3820 } 3821 sctp_send_abort(m, iphlen, sh, vtag, op_err, vrf_id, port); 3822 if (stcb != NULL) { 3823 /* Ok, now lets free it */ 3824 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3825 so = SCTP_INP_SO(inp); 3826 atomic_add_int(&stcb->asoc.refcnt, 1); 3827 SCTP_TCB_UNLOCK(stcb); 3828 SCTP_SOCKET_LOCK(so, 1); 3829 SCTP_TCB_LOCK(stcb); 3830 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3831 #endif 3832 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 3833 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3834 SCTP_SOCKET_UNLOCK(so, 1); 3835 #endif 3836 } 3837 } 3838 3839 #ifdef SCTP_ASOCLOG_OF_TSNS 3840 void 3841 sctp_print_out_track_log(struct sctp_tcb *stcb) 3842 { 3843 #ifdef NOSIY_PRINTS 3844 int i; 3845 3846 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code); 3847 SCTP_PRINTF("IN bound TSN log-aaa\n"); 3848 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) { 3849 SCTP_PRINTF("None rcvd\n"); 3850 goto none_in; 3851 } 3852 if (stcb->asoc.tsn_in_wrapped) { 3853 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) { 3854 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 3855 stcb->asoc.in_tsnlog[i].tsn, 3856 stcb->asoc.in_tsnlog[i].strm, 3857 stcb->asoc.in_tsnlog[i].seq, 3858 stcb->asoc.in_tsnlog[i].flgs, 3859 stcb->asoc.in_tsnlog[i].sz); 3860 } 3861 } 3862 if (stcb->asoc.tsn_in_at) { 3863 for (i = 0; i < stcb->asoc.tsn_in_at; i++) { 3864 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 3865 stcb->asoc.in_tsnlog[i].tsn, 3866 stcb->asoc.in_tsnlog[i].strm, 3867 stcb->asoc.in_tsnlog[i].seq, 3868 stcb->asoc.in_tsnlog[i].flgs, 3869 stcb->asoc.in_tsnlog[i].sz); 3870 } 3871 } 3872 none_in: 3873 SCTP_PRINTF("OUT bound TSN log-aaa\n"); 3874 if ((stcb->asoc.tsn_out_at == 0) && 3875 (stcb->asoc.tsn_out_wrapped == 0)) { 3876 SCTP_PRINTF("None sent\n"); 3877 } 3878 if (stcb->asoc.tsn_out_wrapped) { 3879 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) { 3880 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 3881 stcb->asoc.out_tsnlog[i].tsn, 3882 stcb->asoc.out_tsnlog[i].strm, 3883 stcb->asoc.out_tsnlog[i].seq, 3884 stcb->asoc.out_tsnlog[i].flgs, 3885 stcb->asoc.out_tsnlog[i].sz); 3886 } 3887 } 3888 if (stcb->asoc.tsn_out_at) { 3889 for (i = 0; i < stcb->asoc.tsn_out_at; i++) { 3890 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 3891 stcb->asoc.out_tsnlog[i].tsn, 3892 stcb->asoc.out_tsnlog[i].strm, 3893 stcb->asoc.out_tsnlog[i].seq, 3894 stcb->asoc.out_tsnlog[i].flgs, 3895 stcb->asoc.out_tsnlog[i].sz); 3896 } 3897 } 3898 #endif 3899 } 3900 3901 #endif 3902 3903 void 3904 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3905 int error, struct mbuf *op_err, 3906 int so_locked 3907 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3908 SCTP_UNUSED 3909 #endif 3910 ) 3911 { 3912 uint32_t vtag; 3913 3914 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3915 struct socket *so; 3916 3917 #endif 3918 3919 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3920 so = SCTP_INP_SO(inp); 3921 #endif 3922 if (stcb == NULL) { 3923 /* Got to have a TCB */ 3924 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3925 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3926 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 3927 SCTP_CALLED_DIRECTLY_NOCMPSET); 3928 } 3929 } 3930 return; 3931 } else { 3932 stcb->asoc.state |= SCTP_STATE_WAS_ABORTED; 3933 } 3934 vtag = stcb->asoc.peer_vtag; 3935 /* notify the ulp */ 3936 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) 3937 sctp_abort_notification(stcb, error, so_locked); 3938 /* notify the peer */ 3939 #if defined(SCTP_PANIC_ON_ABORT) 3940 panic("aborting an association"); 3941 #endif 3942 sctp_send_abort_tcb(stcb, op_err, so_locked); 3943 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3944 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 3945 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3946 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3947 } 3948 /* now free the asoc */ 3949 #ifdef SCTP_ASOCLOG_OF_TSNS 3950 sctp_print_out_track_log(stcb); 3951 #endif 3952 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3953 if (!so_locked) { 3954 atomic_add_int(&stcb->asoc.refcnt, 1); 3955 SCTP_TCB_UNLOCK(stcb); 3956 SCTP_SOCKET_LOCK(so, 1); 3957 SCTP_TCB_LOCK(stcb); 3958 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3959 } 3960 #endif 3961 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 3962 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3963 if (!so_locked) { 3964 SCTP_SOCKET_UNLOCK(so, 1); 3965 } 3966 #endif 3967 } 3968 3969 void 3970 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 3971 struct sctp_inpcb *inp, struct mbuf *op_err, uint32_t vrf_id, uint16_t port) 3972 { 3973 struct sctp_chunkhdr *ch, chunk_buf; 3974 unsigned int chk_length; 3975 3976 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 3977 /* Generate a TO address for future reference */ 3978 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 3979 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3980 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 3981 SCTP_CALLED_DIRECTLY_NOCMPSET); 3982 } 3983 } 3984 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3985 sizeof(*ch), (uint8_t *) & chunk_buf); 3986 while (ch != NULL) { 3987 chk_length = ntohs(ch->chunk_length); 3988 if (chk_length < sizeof(*ch)) { 3989 /* break to abort land */ 3990 break; 3991 } 3992 switch (ch->chunk_type) { 3993 case SCTP_COOKIE_ECHO: 3994 /* We hit here only if the assoc is being freed */ 3995 return; 3996 case SCTP_PACKET_DROPPED: 3997 /* we don't respond to pkt-dropped */ 3998 return; 3999 case SCTP_ABORT_ASSOCIATION: 4000 /* we don't respond with an ABORT to an ABORT */ 4001 return; 4002 case SCTP_SHUTDOWN_COMPLETE: 4003 /* 4004 * we ignore it since we are not waiting for it and 4005 * peer is gone 4006 */ 4007 return; 4008 case SCTP_SHUTDOWN_ACK: 4009 sctp_send_shutdown_complete2(m, iphlen, sh, vrf_id, port); 4010 return; 4011 default: 4012 break; 4013 } 4014 offset += SCTP_SIZE32(chk_length); 4015 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4016 sizeof(*ch), (uint8_t *) & chunk_buf); 4017 } 4018 sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port); 4019 } 4020 4021 /* 4022 * check the inbound datagram to make sure there is not an abort inside it, 4023 * if there is return 1, else return 0. 4024 */ 4025 int 4026 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t * vtagfill) 4027 { 4028 struct sctp_chunkhdr *ch; 4029 struct sctp_init_chunk *init_chk, chunk_buf; 4030 int offset; 4031 unsigned int chk_length; 4032 4033 offset = iphlen + sizeof(struct sctphdr); 4034 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 4035 (uint8_t *) & chunk_buf); 4036 while (ch != NULL) { 4037 chk_length = ntohs(ch->chunk_length); 4038 if (chk_length < sizeof(*ch)) { 4039 /* packet is probably corrupt */ 4040 break; 4041 } 4042 /* we seem to be ok, is it an abort? */ 4043 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 4044 /* yep, tell them */ 4045 return (1); 4046 } 4047 if (ch->chunk_type == SCTP_INITIATION) { 4048 /* need to update the Vtag */ 4049 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 4050 offset, sizeof(*init_chk), (uint8_t *) & chunk_buf); 4051 if (init_chk != NULL) { 4052 *vtagfill = ntohl(init_chk->init.initiate_tag); 4053 } 4054 } 4055 /* Nope, move to the next chunk */ 4056 offset += SCTP_SIZE32(chk_length); 4057 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4058 sizeof(*ch), (uint8_t *) & chunk_buf); 4059 } 4060 return (0); 4061 } 4062 4063 /* 4064 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 4065 * set (i.e. it's 0) so, create this function to compare link local scopes 4066 */ 4067 #ifdef INET6 4068 uint32_t 4069 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 4070 { 4071 struct sockaddr_in6 a, b; 4072 4073 /* save copies */ 4074 a = *addr1; 4075 b = *addr2; 4076 4077 if (a.sin6_scope_id == 0) 4078 if (sa6_recoverscope(&a)) { 4079 /* can't get scope, so can't match */ 4080 return (0); 4081 } 4082 if (b.sin6_scope_id == 0) 4083 if (sa6_recoverscope(&b)) { 4084 /* can't get scope, so can't match */ 4085 return (0); 4086 } 4087 if (a.sin6_scope_id != b.sin6_scope_id) 4088 return (0); 4089 4090 return (1); 4091 } 4092 4093 /* 4094 * returns a sockaddr_in6 with embedded scope recovered and removed 4095 */ 4096 struct sockaddr_in6 * 4097 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 4098 { 4099 /* check and strip embedded scope junk */ 4100 if (addr->sin6_family == AF_INET6) { 4101 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 4102 if (addr->sin6_scope_id == 0) { 4103 *store = *addr; 4104 if (!sa6_recoverscope(store)) { 4105 /* use the recovered scope */ 4106 addr = store; 4107 } 4108 } else { 4109 /* else, return the original "to" addr */ 4110 in6_clearscope(&addr->sin6_addr); 4111 } 4112 } 4113 } 4114 return (addr); 4115 } 4116 4117 #endif 4118 4119 /* 4120 * are the two addresses the same? currently a "scopeless" check returns: 1 4121 * if same, 0 if not 4122 */ 4123 int 4124 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 4125 { 4126 4127 /* must be valid */ 4128 if (sa1 == NULL || sa2 == NULL) 4129 return (0); 4130 4131 /* must be the same family */ 4132 if (sa1->sa_family != sa2->sa_family) 4133 return (0); 4134 4135 switch (sa1->sa_family) { 4136 #ifdef INET6 4137 case AF_INET6: 4138 { 4139 /* IPv6 addresses */ 4140 struct sockaddr_in6 *sin6_1, *sin6_2; 4141 4142 sin6_1 = (struct sockaddr_in6 *)sa1; 4143 sin6_2 = (struct sockaddr_in6 *)sa2; 4144 return (SCTP6_ARE_ADDR_EQUAL(sin6_1, 4145 sin6_2)); 4146 } 4147 #endif 4148 case AF_INET: 4149 { 4150 /* IPv4 addresses */ 4151 struct sockaddr_in *sin_1, *sin_2; 4152 4153 sin_1 = (struct sockaddr_in *)sa1; 4154 sin_2 = (struct sockaddr_in *)sa2; 4155 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 4156 } 4157 default: 4158 /* we don't do these... */ 4159 return (0); 4160 } 4161 } 4162 4163 void 4164 sctp_print_address(struct sockaddr *sa) 4165 { 4166 #ifdef INET6 4167 char ip6buf[INET6_ADDRSTRLEN]; 4168 4169 ip6buf[0] = 0; 4170 #endif 4171 4172 switch (sa->sa_family) { 4173 #ifdef INET6 4174 case AF_INET6: 4175 { 4176 struct sockaddr_in6 *sin6; 4177 4178 sin6 = (struct sockaddr_in6 *)sa; 4179 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n", 4180 ip6_sprintf(ip6buf, &sin6->sin6_addr), 4181 ntohs(sin6->sin6_port), 4182 sin6->sin6_scope_id); 4183 break; 4184 } 4185 #endif 4186 case AF_INET: 4187 { 4188 struct sockaddr_in *sin; 4189 unsigned char *p; 4190 4191 sin = (struct sockaddr_in *)sa; 4192 p = (unsigned char *)&sin->sin_addr; 4193 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n", 4194 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 4195 break; 4196 } 4197 default: 4198 SCTP_PRINTF("?\n"); 4199 break; 4200 } 4201 } 4202 4203 void 4204 sctp_print_address_pkt(struct ip *iph, struct sctphdr *sh) 4205 { 4206 switch (iph->ip_v) { 4207 case IPVERSION: 4208 { 4209 struct sockaddr_in lsa, fsa; 4210 4211 bzero(&lsa, sizeof(lsa)); 4212 lsa.sin_len = sizeof(lsa); 4213 lsa.sin_family = AF_INET; 4214 lsa.sin_addr = iph->ip_src; 4215 lsa.sin_port = sh->src_port; 4216 bzero(&fsa, sizeof(fsa)); 4217 fsa.sin_len = sizeof(fsa); 4218 fsa.sin_family = AF_INET; 4219 fsa.sin_addr = iph->ip_dst; 4220 fsa.sin_port = sh->dest_port; 4221 SCTP_PRINTF("src: "); 4222 sctp_print_address((struct sockaddr *)&lsa); 4223 SCTP_PRINTF("dest: "); 4224 sctp_print_address((struct sockaddr *)&fsa); 4225 break; 4226 } 4227 #ifdef INET6 4228 case IPV6_VERSION >> 4: 4229 { 4230 struct ip6_hdr *ip6; 4231 struct sockaddr_in6 lsa6, fsa6; 4232 4233 ip6 = (struct ip6_hdr *)iph; 4234 bzero(&lsa6, sizeof(lsa6)); 4235 lsa6.sin6_len = sizeof(lsa6); 4236 lsa6.sin6_family = AF_INET6; 4237 lsa6.sin6_addr = ip6->ip6_src; 4238 lsa6.sin6_port = sh->src_port; 4239 bzero(&fsa6, sizeof(fsa6)); 4240 fsa6.sin6_len = sizeof(fsa6); 4241 fsa6.sin6_family = AF_INET6; 4242 fsa6.sin6_addr = ip6->ip6_dst; 4243 fsa6.sin6_port = sh->dest_port; 4244 SCTP_PRINTF("src: "); 4245 sctp_print_address((struct sockaddr *)&lsa6); 4246 SCTP_PRINTF("dest: "); 4247 sctp_print_address((struct sockaddr *)&fsa6); 4248 break; 4249 } 4250 #endif 4251 default: 4252 /* TSNH */ 4253 break; 4254 } 4255 } 4256 4257 void 4258 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 4259 struct sctp_inpcb *new_inp, 4260 struct sctp_tcb *stcb, 4261 int waitflags) 4262 { 4263 /* 4264 * go through our old INP and pull off any control structures that 4265 * belong to stcb and move then to the new inp. 4266 */ 4267 struct socket *old_so, *new_so; 4268 struct sctp_queued_to_read *control, *nctl; 4269 struct sctp_readhead tmp_queue; 4270 struct mbuf *m; 4271 int error = 0; 4272 4273 old_so = old_inp->sctp_socket; 4274 new_so = new_inp->sctp_socket; 4275 TAILQ_INIT(&tmp_queue); 4276 error = sblock(&old_so->so_rcv, waitflags); 4277 if (error) { 4278 /* 4279 * Gak, can't get sblock, we have a problem. data will be 4280 * left stranded.. and we don't dare look at it since the 4281 * other thread may be reading something. Oh well, its a 4282 * screwed up app that does a peeloff OR a accept while 4283 * reading from the main socket... actually its only the 4284 * peeloff() case, since I think read will fail on a 4285 * listening socket.. 4286 */ 4287 return; 4288 } 4289 /* lock the socket buffers */ 4290 SCTP_INP_READ_LOCK(old_inp); 4291 control = TAILQ_FIRST(&old_inp->read_queue); 4292 /* Pull off all for out target stcb */ 4293 while (control) { 4294 nctl = TAILQ_NEXT(control, next); 4295 if (control->stcb == stcb) { 4296 /* remove it we want it */ 4297 TAILQ_REMOVE(&old_inp->read_queue, control, next); 4298 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 4299 m = control->data; 4300 while (m) { 4301 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4302 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4303 } 4304 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 4305 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4306 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4307 } 4308 m = SCTP_BUF_NEXT(m); 4309 } 4310 } 4311 control = nctl; 4312 } 4313 SCTP_INP_READ_UNLOCK(old_inp); 4314 /* Remove the sb-lock on the old socket */ 4315 4316 sbunlock(&old_so->so_rcv); 4317 /* Now we move them over to the new socket buffer */ 4318 control = TAILQ_FIRST(&tmp_queue); 4319 SCTP_INP_READ_LOCK(new_inp); 4320 while (control) { 4321 nctl = TAILQ_NEXT(control, next); 4322 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 4323 m = control->data; 4324 while (m) { 4325 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4326 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4327 } 4328 sctp_sballoc(stcb, &new_so->so_rcv, m); 4329 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4330 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4331 } 4332 m = SCTP_BUF_NEXT(m); 4333 } 4334 control = nctl; 4335 } 4336 SCTP_INP_READ_UNLOCK(new_inp); 4337 } 4338 4339 void 4340 sctp_add_to_readq(struct sctp_inpcb *inp, 4341 struct sctp_tcb *stcb, 4342 struct sctp_queued_to_read *control, 4343 struct sockbuf *sb, 4344 int end, 4345 int inp_read_lock_held, 4346 int so_locked 4347 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4348 SCTP_UNUSED 4349 #endif 4350 ) 4351 { 4352 /* 4353 * Here we must place the control on the end of the socket read 4354 * queue AND increment sb_cc so that select will work properly on 4355 * read. 4356 */ 4357 struct mbuf *m, *prev = NULL; 4358 4359 if (inp == NULL) { 4360 /* Gak, TSNH!! */ 4361 #ifdef INVARIANTS 4362 panic("Gak, inp NULL on add_to_readq"); 4363 #endif 4364 return; 4365 } 4366 if (inp_read_lock_held == 0) 4367 SCTP_INP_READ_LOCK(inp); 4368 if (!(control->spec_flags & M_NOTIFICATION)) { 4369 atomic_add_int(&inp->total_recvs, 1); 4370 if (!control->do_not_ref_stcb) { 4371 atomic_add_int(&stcb->total_recvs, 1); 4372 } 4373 } 4374 m = control->data; 4375 control->held_length = 0; 4376 control->length = 0; 4377 while (m) { 4378 if (SCTP_BUF_LEN(m) == 0) { 4379 /* Skip mbufs with NO length */ 4380 if (prev == NULL) { 4381 /* First one */ 4382 control->data = sctp_m_free(m); 4383 m = control->data; 4384 } else { 4385 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 4386 m = SCTP_BUF_NEXT(prev); 4387 } 4388 if (m == NULL) { 4389 control->tail_mbuf = prev; 4390 } 4391 continue; 4392 } 4393 prev = m; 4394 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4395 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4396 } 4397 sctp_sballoc(stcb, sb, m); 4398 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4399 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4400 } 4401 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 4402 m = SCTP_BUF_NEXT(m); 4403 } 4404 if (prev != NULL) { 4405 control->tail_mbuf = prev; 4406 } else { 4407 /* Everything got collapsed out?? */ 4408 if (inp_read_lock_held == 0) 4409 SCTP_INP_READ_UNLOCK(inp); 4410 return; 4411 } 4412 if (end) { 4413 control->end_added = 1; 4414 } 4415 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 4416 if (inp_read_lock_held == 0) 4417 SCTP_INP_READ_UNLOCK(inp); 4418 if (inp && inp->sctp_socket) { 4419 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { 4420 SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); 4421 } else { 4422 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4423 struct socket *so; 4424 4425 so = SCTP_INP_SO(inp); 4426 if (!so_locked) { 4427 atomic_add_int(&stcb->asoc.refcnt, 1); 4428 SCTP_TCB_UNLOCK(stcb); 4429 SCTP_SOCKET_LOCK(so, 1); 4430 SCTP_TCB_LOCK(stcb); 4431 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4432 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4433 SCTP_SOCKET_UNLOCK(so, 1); 4434 return; 4435 } 4436 } 4437 #endif 4438 sctp_sorwakeup(inp, inp->sctp_socket); 4439 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4440 if (!so_locked) { 4441 SCTP_SOCKET_UNLOCK(so, 1); 4442 } 4443 #endif 4444 } 4445 } 4446 } 4447 4448 4449 int 4450 sctp_append_to_readq(struct sctp_inpcb *inp, 4451 struct sctp_tcb *stcb, 4452 struct sctp_queued_to_read *control, 4453 struct mbuf *m, 4454 int end, 4455 int ctls_cumack, 4456 struct sockbuf *sb) 4457 { 4458 /* 4459 * A partial delivery API event is underway. OR we are appending on 4460 * the reassembly queue. 4461 * 4462 * If PDAPI this means we need to add m to the end of the data. 4463 * Increase the length in the control AND increment the sb_cc. 4464 * Otherwise sb is NULL and all we need to do is put it at the end 4465 * of the mbuf chain. 4466 */ 4467 int len = 0; 4468 struct mbuf *mm, *tail = NULL, *prev = NULL; 4469 4470 if (inp) { 4471 SCTP_INP_READ_LOCK(inp); 4472 } 4473 if (control == NULL) { 4474 get_out: 4475 if (inp) { 4476 SCTP_INP_READ_UNLOCK(inp); 4477 } 4478 return (-1); 4479 } 4480 if (control->end_added) { 4481 /* huh this one is complete? */ 4482 goto get_out; 4483 } 4484 mm = m; 4485 if (mm == NULL) { 4486 goto get_out; 4487 } 4488 while (mm) { 4489 if (SCTP_BUF_LEN(mm) == 0) { 4490 /* Skip mbufs with NO lenght */ 4491 if (prev == NULL) { 4492 /* First one */ 4493 m = sctp_m_free(mm); 4494 mm = m; 4495 } else { 4496 SCTP_BUF_NEXT(prev) = sctp_m_free(mm); 4497 mm = SCTP_BUF_NEXT(prev); 4498 } 4499 continue; 4500 } 4501 prev = mm; 4502 len += SCTP_BUF_LEN(mm); 4503 if (sb) { 4504 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4505 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(mm)); 4506 } 4507 sctp_sballoc(stcb, sb, mm); 4508 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4509 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4510 } 4511 } 4512 mm = SCTP_BUF_NEXT(mm); 4513 } 4514 if (prev) { 4515 tail = prev; 4516 } else { 4517 /* Really there should always be a prev */ 4518 if (m == NULL) { 4519 /* Huh nothing left? */ 4520 #ifdef INVARIANTS 4521 panic("Nothing left to add?"); 4522 #else 4523 goto get_out; 4524 #endif 4525 } 4526 tail = m; 4527 } 4528 if (control->tail_mbuf) { 4529 /* append */ 4530 SCTP_BUF_NEXT(control->tail_mbuf) = m; 4531 control->tail_mbuf = tail; 4532 } else { 4533 /* nothing there */ 4534 #ifdef INVARIANTS 4535 if (control->data != NULL) { 4536 panic("This should NOT happen"); 4537 } 4538 #endif 4539 control->data = m; 4540 control->tail_mbuf = tail; 4541 } 4542 atomic_add_int(&control->length, len); 4543 if (end) { 4544 /* message is complete */ 4545 if (stcb && (control == stcb->asoc.control_pdapi)) { 4546 stcb->asoc.control_pdapi = NULL; 4547 } 4548 control->held_length = 0; 4549 control->end_added = 1; 4550 } 4551 if (stcb == NULL) { 4552 control->do_not_ref_stcb = 1; 4553 } 4554 /* 4555 * When we are appending in partial delivery, the cum-ack is used 4556 * for the actual pd-api highest tsn on this mbuf. The true cum-ack 4557 * is populated in the outbound sinfo structure from the true cumack 4558 * if the association exists... 4559 */ 4560 control->sinfo_tsn = control->sinfo_cumtsn = ctls_cumack; 4561 if (inp) { 4562 SCTP_INP_READ_UNLOCK(inp); 4563 } 4564 if (inp && inp->sctp_socket) { 4565 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { 4566 SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); 4567 } else { 4568 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4569 struct socket *so; 4570 4571 so = SCTP_INP_SO(inp); 4572 atomic_add_int(&stcb->asoc.refcnt, 1); 4573 SCTP_TCB_UNLOCK(stcb); 4574 SCTP_SOCKET_LOCK(so, 1); 4575 SCTP_TCB_LOCK(stcb); 4576 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4577 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4578 SCTP_SOCKET_UNLOCK(so, 1); 4579 return (0); 4580 } 4581 #endif 4582 sctp_sorwakeup(inp, inp->sctp_socket); 4583 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4584 SCTP_SOCKET_UNLOCK(so, 1); 4585 #endif 4586 } 4587 } 4588 return (0); 4589 } 4590 4591 4592 4593 /*************HOLD THIS COMMENT FOR PATCH FILE OF 4594 *************ALTERNATE ROUTING CODE 4595 */ 4596 4597 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 4598 *************ALTERNATE ROUTING CODE 4599 */ 4600 4601 struct mbuf * 4602 sctp_generate_invmanparam(int err) 4603 { 4604 /* Return a MBUF with a invalid mandatory parameter */ 4605 struct mbuf *m; 4606 4607 m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_DONTWAIT, 1, MT_DATA); 4608 if (m) { 4609 struct sctp_paramhdr *ph; 4610 4611 SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); 4612 ph = mtod(m, struct sctp_paramhdr *); 4613 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 4614 ph->param_type = htons(err); 4615 } 4616 return (m); 4617 } 4618 4619 #ifdef SCTP_MBCNT_LOGGING 4620 void 4621 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 4622 struct sctp_tmit_chunk *tp1, int chk_cnt) 4623 { 4624 if (tp1->data == NULL) { 4625 return; 4626 } 4627 asoc->chunks_on_out_queue -= chk_cnt; 4628 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) { 4629 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 4630 asoc->total_output_queue_size, 4631 tp1->book_size, 4632 0, 4633 tp1->mbcnt); 4634 } 4635 if (asoc->total_output_queue_size >= tp1->book_size) { 4636 atomic_add_int(&asoc->total_output_queue_size, -tp1->book_size); 4637 } else { 4638 asoc->total_output_queue_size = 0; 4639 } 4640 4641 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 4642 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 4643 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 4644 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 4645 } else { 4646 stcb->sctp_socket->so_snd.sb_cc = 0; 4647 4648 } 4649 } 4650 } 4651 4652 #endif 4653 4654 int 4655 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4656 int reason, int so_locked 4657 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4658 SCTP_UNUSED 4659 #endif 4660 ) 4661 { 4662 struct sctp_stream_out *strq; 4663 struct sctp_tmit_chunk *chk = NULL; 4664 struct sctp_stream_queue_pending *sp; 4665 uint16_t stream = 0, seq = 0; 4666 uint8_t foundeom = 0; 4667 int ret_sz = 0; 4668 int notdone; 4669 int do_wakeup_routine = 0; 4670 4671 stream = tp1->rec.data.stream_number; 4672 seq = tp1->rec.data.stream_seq; 4673 do { 4674 ret_sz += tp1->book_size; 4675 if (tp1->data != NULL) { 4676 if (tp1->sent < SCTP_DATAGRAM_RESEND) { 4677 sctp_flight_size_decrease(tp1); 4678 sctp_total_flight_decrease(stcb, tp1); 4679 } 4680 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4681 stcb->asoc.peers_rwnd += tp1->send_size; 4682 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh); 4683 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, reason, tp1, so_locked); 4684 if (tp1->data) { 4685 sctp_m_freem(tp1->data); 4686 tp1->data = NULL; 4687 } 4688 do_wakeup_routine = 1; 4689 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4690 stcb->asoc.sent_queue_cnt_removeable--; 4691 } 4692 } 4693 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4694 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4695 SCTP_DATA_NOT_FRAG) { 4696 /* not frag'ed we ae done */ 4697 notdone = 0; 4698 foundeom = 1; 4699 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4700 /* end of frag, we are done */ 4701 notdone = 0; 4702 foundeom = 1; 4703 } else { 4704 /* 4705 * Its a begin or middle piece, we must mark all of 4706 * it 4707 */ 4708 notdone = 1; 4709 tp1 = TAILQ_NEXT(tp1, sctp_next); 4710 } 4711 } while (tp1 && notdone); 4712 if (foundeom == 0) { 4713 /* 4714 * The multi-part message was scattered across the send and 4715 * sent queue. 4716 */ 4717 next_on_sent: 4718 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue); 4719 /* 4720 * recurse throught the send_queue too, starting at the 4721 * beginning. 4722 */ 4723 if ((tp1) && 4724 (tp1->rec.data.stream_number == stream) && 4725 (tp1->rec.data.stream_seq == seq)) { 4726 /* 4727 * save to chk in case we have some on stream out 4728 * queue. If so and we have an un-transmitted one we 4729 * don't have to fudge the TSN. 4730 */ 4731 chk = tp1; 4732 ret_sz += tp1->book_size; 4733 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4734 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, reason, tp1, so_locked); 4735 if (tp1->data) { 4736 sctp_m_freem(tp1->data); 4737 tp1->data = NULL; 4738 } 4739 /* No flight involved here book the size to 0 */ 4740 tp1->book_size = 0; 4741 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4742 foundeom = 1; 4743 } 4744 do_wakeup_routine = 1; 4745 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4746 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4747 /* 4748 * on to the sent queue so we can wait for it to be 4749 * passed by. 4750 */ 4751 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4752 sctp_next); 4753 stcb->asoc.send_queue_cnt--; 4754 stcb->asoc.sent_queue_cnt++; 4755 goto next_on_sent; 4756 } 4757 } 4758 if (foundeom == 0) { 4759 /* 4760 * Still no eom found. That means there is stuff left on the 4761 * stream out queue.. yuck. 4762 */ 4763 strq = &stcb->asoc.strmout[stream]; 4764 SCTP_TCB_SEND_LOCK(stcb); 4765 sp = TAILQ_FIRST(&strq->outqueue); 4766 while (sp->strseq <= seq) { 4767 /* Check if its our SEQ */ 4768 if (sp->strseq == seq) { 4769 sp->discard_rest = 1; 4770 /* 4771 * We may need to put a chunk on the queue 4772 * that holds the TSN that would have been 4773 * sent with the LAST bit. 4774 */ 4775 if (chk == NULL) { 4776 /* Yep, we have to */ 4777 sctp_alloc_a_chunk(stcb, chk); 4778 if (chk == NULL) { 4779 /* 4780 * we are hosed. All we can 4781 * do is nothing.. which 4782 * will cause an abort if 4783 * the peer is paying 4784 * attention. 4785 */ 4786 goto oh_well; 4787 } 4788 memset(chk, 0, sizeof(*chk)); 4789 chk->rec.data.rcv_flags = SCTP_DATA_LAST_FRAG; 4790 chk->sent = SCTP_FORWARD_TSN_SKIP; 4791 chk->asoc = &stcb->asoc; 4792 chk->rec.data.stream_seq = sp->strseq; 4793 chk->rec.data.stream_number = sp->stream; 4794 chk->rec.data.payloadtype = sp->ppid; 4795 chk->rec.data.context = sp->context; 4796 chk->flags = sp->act_flags; 4797 chk->whoTo = sp->net; 4798 atomic_add_int(&chk->whoTo->ref_count, 1); 4799 chk->rec.data.TSN_seq = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); 4800 stcb->asoc.pr_sctp_cnt++; 4801 chk->pr_sctp_on = 1; 4802 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); 4803 stcb->asoc.sent_queue_cnt++; 4804 stcb->asoc.pr_sctp_cnt++; 4805 } else { 4806 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 4807 } 4808 oh_well: 4809 if (sp->data) { 4810 /* 4811 * Pull any data to free up the SB 4812 * and allow sender to "add more" 4813 * whilc we will throw away :-) 4814 */ 4815 sctp_free_spbufspace(stcb, &stcb->asoc, 4816 sp); 4817 ret_sz += sp->length; 4818 do_wakeup_routine = 1; 4819 sp->some_taken = 1; 4820 sctp_m_freem(sp->data); 4821 sp->length = 0; 4822 sp->data = NULL; 4823 sp->tail_mbuf = NULL; 4824 } 4825 break; 4826 } else { 4827 /* Next one please */ 4828 sp = TAILQ_NEXT(sp, next); 4829 } 4830 } /* End while */ 4831 SCTP_TCB_SEND_UNLOCK(stcb); 4832 } 4833 if (do_wakeup_routine) { 4834 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4835 struct socket *so; 4836 4837 so = SCTP_INP_SO(stcb->sctp_ep); 4838 if (!so_locked) { 4839 atomic_add_int(&stcb->asoc.refcnt, 1); 4840 SCTP_TCB_UNLOCK(stcb); 4841 SCTP_SOCKET_LOCK(so, 1); 4842 SCTP_TCB_LOCK(stcb); 4843 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4844 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 4845 /* assoc was freed while we were unlocked */ 4846 SCTP_SOCKET_UNLOCK(so, 1); 4847 return (ret_sz); 4848 } 4849 } 4850 #endif 4851 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 4852 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4853 if (!so_locked) { 4854 SCTP_SOCKET_UNLOCK(so, 1); 4855 } 4856 #endif 4857 } 4858 return (ret_sz); 4859 } 4860 4861 /* 4862 * checks to see if the given address, sa, is one that is currently known by 4863 * the kernel note: can't distinguish the same address on multiple interfaces 4864 * and doesn't handle multiple addresses with different zone/scope id's note: 4865 * ifa_ifwithaddr() compares the entire sockaddr struct 4866 */ 4867 struct sctp_ifa * 4868 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr, 4869 int holds_lock) 4870 { 4871 struct sctp_laddr *laddr; 4872 4873 if (holds_lock == 0) { 4874 SCTP_INP_RLOCK(inp); 4875 } 4876 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 4877 if (laddr->ifa == NULL) 4878 continue; 4879 if (addr->sa_family != laddr->ifa->address.sa.sa_family) 4880 continue; 4881 if (addr->sa_family == AF_INET) { 4882 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 4883 laddr->ifa->address.sin.sin_addr.s_addr) { 4884 /* found him. */ 4885 if (holds_lock == 0) { 4886 SCTP_INP_RUNLOCK(inp); 4887 } 4888 return (laddr->ifa); 4889 break; 4890 } 4891 } 4892 #ifdef INET6 4893 if (addr->sa_family == AF_INET6) { 4894 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 4895 &laddr->ifa->address.sin6)) { 4896 /* found him. */ 4897 if (holds_lock == 0) { 4898 SCTP_INP_RUNLOCK(inp); 4899 } 4900 return (laddr->ifa); 4901 break; 4902 } 4903 } 4904 #endif 4905 } 4906 if (holds_lock == 0) { 4907 SCTP_INP_RUNLOCK(inp); 4908 } 4909 return (NULL); 4910 } 4911 4912 uint32_t 4913 sctp_get_ifa_hash_val(struct sockaddr *addr) 4914 { 4915 if (addr->sa_family == AF_INET) { 4916 struct sockaddr_in *sin; 4917 4918 sin = (struct sockaddr_in *)addr; 4919 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16)); 4920 } else if (addr->sa_family == AF_INET6) { 4921 struct sockaddr_in6 *sin6; 4922 uint32_t hash_of_addr; 4923 4924 sin6 = (struct sockaddr_in6 *)addr; 4925 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] + 4926 sin6->sin6_addr.s6_addr32[1] + 4927 sin6->sin6_addr.s6_addr32[2] + 4928 sin6->sin6_addr.s6_addr32[3]); 4929 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16)); 4930 return (hash_of_addr); 4931 } 4932 return (0); 4933 } 4934 4935 struct sctp_ifa * 4936 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) 4937 { 4938 struct sctp_ifa *sctp_ifap; 4939 struct sctp_vrf *vrf; 4940 struct sctp_ifalist *hash_head; 4941 uint32_t hash_of_addr; 4942 4943 if (holds_lock == 0) 4944 SCTP_IPI_ADDR_RLOCK(); 4945 4946 vrf = sctp_find_vrf(vrf_id); 4947 if (vrf == NULL) { 4948 stage_right: 4949 if (holds_lock == 0) 4950 SCTP_IPI_ADDR_RUNLOCK(); 4951 return (NULL); 4952 } 4953 hash_of_addr = sctp_get_ifa_hash_val(addr); 4954 4955 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 4956 if (hash_head == NULL) { 4957 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ", 4958 hash_of_addr, (uint32_t) vrf->vrf_addr_hashmark, 4959 (uint32_t) (hash_of_addr & vrf->vrf_addr_hashmark)); 4960 sctp_print_address(addr); 4961 SCTP_PRINTF("No such bucket for address\n"); 4962 if (holds_lock == 0) 4963 SCTP_IPI_ADDR_RUNLOCK(); 4964 4965 return (NULL); 4966 } 4967 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) { 4968 if (sctp_ifap == NULL) { 4969 #ifdef INVARIANTS 4970 panic("Huh LIST_FOREACH corrupt"); 4971 goto stage_right; 4972 #else 4973 SCTP_PRINTF("LIST corrupt of sctp_ifap's?\n"); 4974 goto stage_right; 4975 #endif 4976 } 4977 if (addr->sa_family != sctp_ifap->address.sa.sa_family) 4978 continue; 4979 if (addr->sa_family == AF_INET) { 4980 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 4981 sctp_ifap->address.sin.sin_addr.s_addr) { 4982 /* found him. */ 4983 if (holds_lock == 0) 4984 SCTP_IPI_ADDR_RUNLOCK(); 4985 return (sctp_ifap); 4986 break; 4987 } 4988 } 4989 #ifdef INET6 4990 if (addr->sa_family == AF_INET6) { 4991 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 4992 &sctp_ifap->address.sin6)) { 4993 /* found him. */ 4994 if (holds_lock == 0) 4995 SCTP_IPI_ADDR_RUNLOCK(); 4996 return (sctp_ifap); 4997 break; 4998 } 4999 } 5000 #endif 5001 } 5002 if (holds_lock == 0) 5003 SCTP_IPI_ADDR_RUNLOCK(); 5004 return (NULL); 5005 } 5006 5007 static void 5008 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t * freed_so_far, int hold_rlock, 5009 uint32_t rwnd_req) 5010 { 5011 /* User pulled some data, do we need a rwnd update? */ 5012 int r_unlocked = 0; 5013 uint32_t dif, rwnd; 5014 struct socket *so = NULL; 5015 5016 if (stcb == NULL) 5017 return; 5018 5019 atomic_add_int(&stcb->asoc.refcnt, 1); 5020 5021 if (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | 5022 SCTP_STATE_SHUTDOWN_RECEIVED | 5023 SCTP_STATE_SHUTDOWN_ACK_SENT)) { 5024 /* Pre-check If we are freeing no update */ 5025 goto no_lock; 5026 } 5027 SCTP_INP_INCR_REF(stcb->sctp_ep); 5028 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5029 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5030 goto out; 5031 } 5032 so = stcb->sctp_socket; 5033 if (so == NULL) { 5034 goto out; 5035 } 5036 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 5037 /* Have you have freed enough to look */ 5038 *freed_so_far = 0; 5039 /* Yep, its worth a look and the lock overhead */ 5040 5041 /* Figure out what the rwnd would be */ 5042 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 5043 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 5044 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 5045 } else { 5046 dif = 0; 5047 } 5048 if (dif >= rwnd_req) { 5049 if (hold_rlock) { 5050 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 5051 r_unlocked = 1; 5052 } 5053 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5054 /* 5055 * One last check before we allow the guy possibly 5056 * to get in. There is a race, where the guy has not 5057 * reached the gate. In that case 5058 */ 5059 goto out; 5060 } 5061 SCTP_TCB_LOCK(stcb); 5062 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5063 /* No reports here */ 5064 SCTP_TCB_UNLOCK(stcb); 5065 goto out; 5066 } 5067 SCTP_STAT_INCR(sctps_wu_sacks_sent); 5068 sctp_send_sack(stcb); 5069 5070 sctp_chunk_output(stcb->sctp_ep, stcb, 5071 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); 5072 /* make sure no timer is running */ 5073 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 5074 SCTP_TCB_UNLOCK(stcb); 5075 } else { 5076 /* Update how much we have pending */ 5077 stcb->freed_by_sorcv_sincelast = dif; 5078 } 5079 out: 5080 if (so && r_unlocked && hold_rlock) { 5081 SCTP_INP_READ_LOCK(stcb->sctp_ep); 5082 } 5083 SCTP_INP_DECR_REF(stcb->sctp_ep); 5084 no_lock: 5085 atomic_add_int(&stcb->asoc.refcnt, -1); 5086 return; 5087 } 5088 5089 int 5090 sctp_sorecvmsg(struct socket *so, 5091 struct uio *uio, 5092 struct mbuf **mp, 5093 struct sockaddr *from, 5094 int fromlen, 5095 int *msg_flags, 5096 struct sctp_sndrcvinfo *sinfo, 5097 int filling_sinfo) 5098 { 5099 /* 5100 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 5101 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 5102 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 5103 * On the way out we may send out any combination of: 5104 * MSG_NOTIFICATION MSG_EOR 5105 * 5106 */ 5107 struct sctp_inpcb *inp = NULL; 5108 int my_len = 0; 5109 int cp_len = 0, error = 0; 5110 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 5111 struct mbuf *m = NULL, *embuf = NULL; 5112 struct sctp_tcb *stcb = NULL; 5113 int wakeup_read_socket = 0; 5114 int freecnt_applied = 0; 5115 int out_flags = 0, in_flags = 0; 5116 int block_allowed = 1; 5117 uint32_t freed_so_far = 0; 5118 uint32_t copied_so_far = 0; 5119 int in_eeor_mode = 0; 5120 int no_rcv_needed = 0; 5121 uint32_t rwnd_req = 0; 5122 int hold_sblock = 0; 5123 int hold_rlock = 0; 5124 int slen = 0; 5125 uint32_t held_length = 0; 5126 int sockbuf_lock = 0; 5127 5128 if (uio == NULL) { 5129 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5130 return (EINVAL); 5131 } 5132 if (msg_flags) { 5133 in_flags = *msg_flags; 5134 if (in_flags & MSG_PEEK) 5135 SCTP_STAT_INCR(sctps_read_peeks); 5136 } else { 5137 in_flags = 0; 5138 } 5139 slen = uio->uio_resid; 5140 5141 /* Pull in and set up our int flags */ 5142 if (in_flags & MSG_OOB) { 5143 /* Out of band's NOT supported */ 5144 return (EOPNOTSUPP); 5145 } 5146 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 5147 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5148 return (EINVAL); 5149 } 5150 if ((in_flags & (MSG_DONTWAIT 5151 | MSG_NBIO 5152 )) || 5153 SCTP_SO_IS_NBIO(so)) { 5154 block_allowed = 0; 5155 } 5156 /* setup the endpoint */ 5157 inp = (struct sctp_inpcb *)so->so_pcb; 5158 if (inp == NULL) { 5159 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 5160 return (EFAULT); 5161 } 5162 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT); 5163 /* Must be at least a MTU's worth */ 5164 if (rwnd_req < SCTP_MIN_RWND) 5165 rwnd_req = SCTP_MIN_RWND; 5166 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 5167 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5168 sctp_misc_ints(SCTP_SORECV_ENTER, 5169 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, uio->uio_resid); 5170 } 5171 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5172 sctp_misc_ints(SCTP_SORECV_ENTERPL, 5173 rwnd_req, block_allowed, so->so_rcv.sb_cc, uio->uio_resid); 5174 } 5175 error = sblock(&so->so_rcv, (block_allowed ? SBL_WAIT : 0)); 5176 sockbuf_lock = 1; 5177 if (error) { 5178 goto release_unlocked; 5179 } 5180 restart: 5181 5182 5183 restart_nosblocks: 5184 if (hold_sblock == 0) { 5185 SOCKBUF_LOCK(&so->so_rcv); 5186 hold_sblock = 1; 5187 } 5188 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5189 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5190 goto out; 5191 } 5192 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 5193 if (so->so_error) { 5194 error = so->so_error; 5195 if ((in_flags & MSG_PEEK) == 0) 5196 so->so_error = 0; 5197 goto out; 5198 } else { 5199 if (so->so_rcv.sb_cc == 0) { 5200 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5201 /* indicate EOF */ 5202 error = 0; 5203 goto out; 5204 } 5205 } 5206 } 5207 if ((so->so_rcv.sb_cc <= held_length) && block_allowed) { 5208 /* we need to wait for data */ 5209 if ((so->so_rcv.sb_cc == 0) && 5210 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5211 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 5212 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5213 /* 5214 * For active open side clear flags for 5215 * re-use passive open is blocked by 5216 * connect. 5217 */ 5218 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5219 /* 5220 * You were aborted, passive side 5221 * always hits here 5222 */ 5223 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5224 error = ECONNRESET; 5225 /* 5226 * You get this once if you are 5227 * active open side 5228 */ 5229 if (!(inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 5230 /* 5231 * Remove flag if on the 5232 * active open side 5233 */ 5234 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_ABORTED; 5235 } 5236 } 5237 so->so_state &= ~(SS_ISCONNECTING | 5238 SS_ISDISCONNECTING | 5239 SS_ISCONFIRMING | 5240 SS_ISCONNECTED); 5241 if (error == 0) { 5242 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5243 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5244 error = ENOTCONN; 5245 } else { 5246 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_CONNECTED; 5247 } 5248 } 5249 goto out; 5250 } 5251 } 5252 error = sbwait(&so->so_rcv); 5253 if (error) { 5254 goto out; 5255 } 5256 held_length = 0; 5257 goto restart_nosblocks; 5258 } else if (so->so_rcv.sb_cc == 0) { 5259 if (so->so_error) { 5260 error = so->so_error; 5261 if ((in_flags & MSG_PEEK) == 0) 5262 so->so_error = 0; 5263 } else { 5264 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5265 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 5266 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5267 /* 5268 * For active open side clear flags 5269 * for re-use passive open is 5270 * blocked by connect. 5271 */ 5272 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5273 /* 5274 * You were aborted, passive 5275 * side always hits here 5276 */ 5277 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5278 error = ECONNRESET; 5279 /* 5280 * You get this once if you 5281 * are active open side 5282 */ 5283 if (!(inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 5284 /* 5285 * Remove flag if on 5286 * the active open 5287 * side 5288 */ 5289 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_ABORTED; 5290 } 5291 } 5292 so->so_state &= ~(SS_ISCONNECTING | 5293 SS_ISDISCONNECTING | 5294 SS_ISCONFIRMING | 5295 SS_ISCONNECTED); 5296 if (error == 0) { 5297 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5298 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5299 error = ENOTCONN; 5300 } else { 5301 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_CONNECTED; 5302 } 5303 } 5304 goto out; 5305 } 5306 } 5307 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK); 5308 error = EWOULDBLOCK; 5309 } 5310 goto out; 5311 } 5312 if (hold_sblock == 1) { 5313 SOCKBUF_UNLOCK(&so->so_rcv); 5314 hold_sblock = 0; 5315 } 5316 /* we possibly have data we can read */ 5317 /* sa_ignore FREED_MEMORY */ 5318 control = TAILQ_FIRST(&inp->read_queue); 5319 if (control == NULL) { 5320 /* 5321 * This could be happening since the appender did the 5322 * increment but as not yet did the tailq insert onto the 5323 * read_queue 5324 */ 5325 if (hold_rlock == 0) { 5326 SCTP_INP_READ_LOCK(inp); 5327 hold_rlock = 1; 5328 } 5329 control = TAILQ_FIRST(&inp->read_queue); 5330 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 5331 #ifdef INVARIANTS 5332 panic("Huh, its non zero and nothing on control?"); 5333 #endif 5334 so->so_rcv.sb_cc = 0; 5335 } 5336 SCTP_INP_READ_UNLOCK(inp); 5337 hold_rlock = 0; 5338 goto restart; 5339 } 5340 if ((control->length == 0) && 5341 (control->do_not_ref_stcb)) { 5342 /* 5343 * Clean up code for freeing assoc that left behind a 5344 * pdapi.. maybe a peer in EEOR that just closed after 5345 * sending and never indicated a EOR. 5346 */ 5347 if (hold_rlock == 0) { 5348 hold_rlock = 1; 5349 SCTP_INP_READ_LOCK(inp); 5350 } 5351 control->held_length = 0; 5352 if (control->data) { 5353 /* Hmm there is data here .. fix */ 5354 struct mbuf *m_tmp; 5355 int cnt = 0; 5356 5357 m_tmp = control->data; 5358 while (m_tmp) { 5359 cnt += SCTP_BUF_LEN(m_tmp); 5360 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5361 control->tail_mbuf = m_tmp; 5362 control->end_added = 1; 5363 } 5364 m_tmp = SCTP_BUF_NEXT(m_tmp); 5365 } 5366 control->length = cnt; 5367 } else { 5368 /* remove it */ 5369 TAILQ_REMOVE(&inp->read_queue, control, next); 5370 /* Add back any hiddend data */ 5371 sctp_free_remote_addr(control->whoFrom); 5372 sctp_free_a_readq(stcb, control); 5373 } 5374 if (hold_rlock) { 5375 hold_rlock = 0; 5376 SCTP_INP_READ_UNLOCK(inp); 5377 } 5378 goto restart; 5379 } 5380 if ((control->length == 0) && 5381 (control->end_added == 1)) { 5382 /* 5383 * Do we also need to check for (control->pdapi_aborted == 5384 * 1)? 5385 */ 5386 if (hold_rlock == 0) { 5387 hold_rlock = 1; 5388 SCTP_INP_READ_LOCK(inp); 5389 } 5390 TAILQ_REMOVE(&inp->read_queue, control, next); 5391 if (control->data) { 5392 #ifdef INVARIANTS 5393 panic("control->data not null but control->length == 0"); 5394 #else 5395 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n"); 5396 sctp_m_freem(control->data); 5397 control->data = NULL; 5398 #endif 5399 } 5400 if (control->aux_data) { 5401 sctp_m_free(control->aux_data); 5402 control->aux_data = NULL; 5403 } 5404 sctp_free_remote_addr(control->whoFrom); 5405 sctp_free_a_readq(stcb, control); 5406 if (hold_rlock) { 5407 hold_rlock = 0; 5408 SCTP_INP_READ_UNLOCK(inp); 5409 } 5410 goto restart; 5411 } 5412 if (control->length == 0) { 5413 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 5414 (filling_sinfo)) { 5415 /* find a more suitable one then this */ 5416 ctl = TAILQ_NEXT(control, next); 5417 while (ctl) { 5418 if ((ctl->stcb != control->stcb) && (ctl->length) && 5419 (ctl->some_taken || 5420 (ctl->spec_flags & M_NOTIFICATION) || 5421 ((ctl->do_not_ref_stcb == 0) && 5422 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0))) 5423 ) { 5424 /*- 5425 * If we have a different TCB next, and there is data 5426 * present. If we have already taken some (pdapi), OR we can 5427 * ref the tcb and no delivery as started on this stream, we 5428 * take it. Note we allow a notification on a different 5429 * assoc to be delivered.. 5430 */ 5431 control = ctl; 5432 goto found_one; 5433 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) && 5434 (ctl->length) && 5435 ((ctl->some_taken) || 5436 ((ctl->do_not_ref_stcb == 0) && 5437 ((ctl->spec_flags & M_NOTIFICATION) == 0) && 5438 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) { 5439 /*- 5440 * If we have the same tcb, and there is data present, and we 5441 * have the strm interleave feature present. Then if we have 5442 * taken some (pdapi) or we can refer to tht tcb AND we have 5443 * not started a delivery for this stream, we can take it. 5444 * Note we do NOT allow a notificaiton on the same assoc to 5445 * be delivered. 5446 */ 5447 control = ctl; 5448 goto found_one; 5449 } 5450 ctl = TAILQ_NEXT(ctl, next); 5451 } 5452 } 5453 /* 5454 * if we reach here, not suitable replacement is available 5455 * <or> fragment interleave is NOT on. So stuff the sb_cc 5456 * into the our held count, and its time to sleep again. 5457 */ 5458 held_length = so->so_rcv.sb_cc; 5459 control->held_length = so->so_rcv.sb_cc; 5460 goto restart; 5461 } 5462 /* Clear the held length since there is something to read */ 5463 control->held_length = 0; 5464 if (hold_rlock) { 5465 SCTP_INP_READ_UNLOCK(inp); 5466 hold_rlock = 0; 5467 } 5468 found_one: 5469 /* 5470 * If we reach here, control has a some data for us to read off. 5471 * Note that stcb COULD be NULL. 5472 */ 5473 control->some_taken++; 5474 if (hold_sblock) { 5475 SOCKBUF_UNLOCK(&so->so_rcv); 5476 hold_sblock = 0; 5477 } 5478 stcb = control->stcb; 5479 if (stcb) { 5480 if ((control->do_not_ref_stcb == 0) && 5481 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { 5482 if (freecnt_applied == 0) 5483 stcb = NULL; 5484 } else if (control->do_not_ref_stcb == 0) { 5485 /* you can't free it on me please */ 5486 /* 5487 * The lock on the socket buffer protects us so the 5488 * free code will stop. But since we used the 5489 * socketbuf lock and the sender uses the tcb_lock 5490 * to increment, we need to use the atomic add to 5491 * the refcnt 5492 */ 5493 if (freecnt_applied) { 5494 #ifdef INVARIANTS 5495 panic("refcnt already incremented"); 5496 #else 5497 printf("refcnt already incremented?\n"); 5498 #endif 5499 } else { 5500 atomic_add_int(&stcb->asoc.refcnt, 1); 5501 freecnt_applied = 1; 5502 } 5503 /* 5504 * Setup to remember how much we have not yet told 5505 * the peer our rwnd has opened up. Note we grab the 5506 * value from the tcb from last time. Note too that 5507 * sack sending clears this when a sack is sent, 5508 * which is fine. Once we hit the rwnd_req, we then 5509 * will go to the sctp_user_rcvd() that will not 5510 * lock until it KNOWs it MUST send a WUP-SACK. 5511 */ 5512 freed_so_far = stcb->freed_by_sorcv_sincelast; 5513 stcb->freed_by_sorcv_sincelast = 0; 5514 } 5515 } 5516 if (stcb && 5517 ((control->spec_flags & M_NOTIFICATION) == 0) && 5518 control->do_not_ref_stcb == 0) { 5519 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1; 5520 } 5521 /* First lets get off the sinfo and sockaddr info */ 5522 if ((sinfo) && filling_sinfo) { 5523 memcpy(sinfo, control, sizeof(struct sctp_nonpad_sndrcvinfo)); 5524 nxt = TAILQ_NEXT(control, next); 5525 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) { 5526 struct sctp_extrcvinfo *s_extra; 5527 5528 s_extra = (struct sctp_extrcvinfo *)sinfo; 5529 if ((nxt) && 5530 (nxt->length)) { 5531 s_extra->sreinfo_next_flags = SCTP_NEXT_MSG_AVAIL; 5532 if (nxt->sinfo_flags & SCTP_UNORDERED) { 5533 s_extra->sreinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 5534 } 5535 if (nxt->spec_flags & M_NOTIFICATION) { 5536 s_extra->sreinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION; 5537 } 5538 s_extra->sreinfo_next_aid = nxt->sinfo_assoc_id; 5539 s_extra->sreinfo_next_length = nxt->length; 5540 s_extra->sreinfo_next_ppid = nxt->sinfo_ppid; 5541 s_extra->sreinfo_next_stream = nxt->sinfo_stream; 5542 if (nxt->tail_mbuf != NULL) { 5543 if (nxt->end_added) { 5544 s_extra->sreinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 5545 } 5546 } 5547 } else { 5548 /* 5549 * we explicitly 0 this, since the memcpy 5550 * got some other things beyond the older 5551 * sinfo_ that is on the control's structure 5552 * :-D 5553 */ 5554 nxt = NULL; 5555 s_extra->sreinfo_next_flags = SCTP_NO_NEXT_MSG; 5556 s_extra->sreinfo_next_aid = 0; 5557 s_extra->sreinfo_next_length = 0; 5558 s_extra->sreinfo_next_ppid = 0; 5559 s_extra->sreinfo_next_stream = 0; 5560 } 5561 } 5562 /* 5563 * update off the real current cum-ack, if we have an stcb. 5564 */ 5565 if ((control->do_not_ref_stcb == 0) && stcb) 5566 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5567 /* 5568 * mask off the high bits, we keep the actual chunk bits in 5569 * there. 5570 */ 5571 sinfo->sinfo_flags &= 0x00ff; 5572 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { 5573 sinfo->sinfo_flags |= SCTP_UNORDERED; 5574 } 5575 } 5576 #ifdef SCTP_ASOCLOG_OF_TSNS 5577 { 5578 int index, newindex; 5579 struct sctp_pcbtsn_rlog *entry; 5580 5581 do { 5582 index = inp->readlog_index; 5583 newindex = index + 1; 5584 if (newindex >= SCTP_READ_LOG_SIZE) { 5585 newindex = 0; 5586 } 5587 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0); 5588 entry = &inp->readlog[index]; 5589 entry->vtag = control->sinfo_assoc_id; 5590 entry->strm = control->sinfo_stream; 5591 entry->seq = control->sinfo_ssn; 5592 entry->sz = control->length; 5593 entry->flgs = control->sinfo_flags; 5594 } 5595 #endif 5596 if (fromlen && from) { 5597 struct sockaddr *to; 5598 5599 #ifdef INET 5600 cp_len = min((size_t)fromlen, (size_t)control->whoFrom->ro._l_addr.sin.sin_len); 5601 memcpy(from, &control->whoFrom->ro._l_addr, cp_len); 5602 ((struct sockaddr_in *)from)->sin_port = control->port_from; 5603 #else 5604 /* No AF_INET use AF_INET6 */ 5605 cp_len = min((size_t)fromlen, (size_t)control->whoFrom->ro._l_addr.sin6.sin6_len); 5606 memcpy(from, &control->whoFrom->ro._l_addr, cp_len); 5607 ((struct sockaddr_in6 *)from)->sin6_port = control->port_from; 5608 #endif 5609 5610 to = from; 5611 #if defined(INET) && defined(INET6) 5612 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) && 5613 (to->sa_family == AF_INET) && 5614 ((size_t)fromlen >= sizeof(struct sockaddr_in6))) { 5615 struct sockaddr_in *sin; 5616 struct sockaddr_in6 sin6; 5617 5618 sin = (struct sockaddr_in *)to; 5619 bzero(&sin6, sizeof(sin6)); 5620 sin6.sin6_family = AF_INET6; 5621 sin6.sin6_len = sizeof(struct sockaddr_in6); 5622 sin6.sin6_addr.s6_addr32[2] = htonl(0xffff); 5623 bcopy(&sin->sin_addr, 5624 &sin6.sin6_addr.s6_addr32[3], 5625 sizeof(sin6.sin6_addr.s6_addr32[3])); 5626 sin6.sin6_port = sin->sin_port; 5627 memcpy(from, (caddr_t)&sin6, sizeof(sin6)); 5628 } 5629 #endif 5630 #if defined(INET6) 5631 { 5632 struct sockaddr_in6 lsa6, *to6; 5633 5634 to6 = (struct sockaddr_in6 *)to; 5635 sctp_recover_scope_mac(to6, (&lsa6)); 5636 } 5637 #endif 5638 } 5639 /* now copy out what data we can */ 5640 if (mp == NULL) { 5641 /* copy out each mbuf in the chain up to length */ 5642 get_more_data: 5643 m = control->data; 5644 while (m) { 5645 /* Move out all we can */ 5646 cp_len = (int)uio->uio_resid; 5647 my_len = (int)SCTP_BUF_LEN(m); 5648 if (cp_len > my_len) { 5649 /* not enough in this buf */ 5650 cp_len = my_len; 5651 } 5652 if (hold_rlock) { 5653 SCTP_INP_READ_UNLOCK(inp); 5654 hold_rlock = 0; 5655 } 5656 if (cp_len > 0) 5657 error = uiomove(mtod(m, char *), cp_len, uio); 5658 /* re-read */ 5659 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5660 goto release; 5661 } 5662 if ((control->do_not_ref_stcb == 0) && stcb && 5663 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5664 no_rcv_needed = 1; 5665 } 5666 if (error) { 5667 /* error we are out of here */ 5668 goto release; 5669 } 5670 if ((SCTP_BUF_NEXT(m) == NULL) && 5671 (cp_len >= SCTP_BUF_LEN(m)) && 5672 ((control->end_added == 0) || 5673 (control->end_added && 5674 (TAILQ_NEXT(control, next) == NULL))) 5675 ) { 5676 SCTP_INP_READ_LOCK(inp); 5677 hold_rlock = 1; 5678 } 5679 if (cp_len == SCTP_BUF_LEN(m)) { 5680 if ((SCTP_BUF_NEXT(m) == NULL) && 5681 (control->end_added)) { 5682 out_flags |= MSG_EOR; 5683 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5684 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5685 } 5686 if (control->spec_flags & M_NOTIFICATION) { 5687 out_flags |= MSG_NOTIFICATION; 5688 } 5689 /* we ate up the mbuf */ 5690 if (in_flags & MSG_PEEK) { 5691 /* just looking */ 5692 m = SCTP_BUF_NEXT(m); 5693 copied_so_far += cp_len; 5694 } else { 5695 /* dispose of the mbuf */ 5696 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5697 sctp_sblog(&so->so_rcv, 5698 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5699 } 5700 sctp_sbfree(control, stcb, &so->so_rcv, m); 5701 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5702 sctp_sblog(&so->so_rcv, 5703 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5704 } 5705 embuf = m; 5706 copied_so_far += cp_len; 5707 freed_so_far += cp_len; 5708 freed_so_far += MSIZE; 5709 atomic_subtract_int(&control->length, cp_len); 5710 control->data = sctp_m_free(m); 5711 m = control->data; 5712 /* 5713 * been through it all, must hold sb 5714 * lock ok to null tail 5715 */ 5716 if (control->data == NULL) { 5717 #ifdef INVARIANTS 5718 if ((control->end_added == 0) || 5719 (TAILQ_NEXT(control, next) == NULL)) { 5720 /* 5721 * If the end is not 5722 * added, OR the 5723 * next is NOT null 5724 * we MUST have the 5725 * lock. 5726 */ 5727 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 5728 panic("Hmm we don't own the lock?"); 5729 } 5730 } 5731 #endif 5732 control->tail_mbuf = NULL; 5733 #ifdef INVARIANTS 5734 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 5735 panic("end_added, nothing left and no MSG_EOR"); 5736 } 5737 #endif 5738 } 5739 } 5740 } else { 5741 /* Do we need to trim the mbuf? */ 5742 if (control->spec_flags & M_NOTIFICATION) { 5743 out_flags |= MSG_NOTIFICATION; 5744 } 5745 if ((in_flags & MSG_PEEK) == 0) { 5746 SCTP_BUF_RESV_UF(m, cp_len); 5747 SCTP_BUF_LEN(m) -= cp_len; 5748 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5749 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); 5750 } 5751 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5752 if ((control->do_not_ref_stcb == 0) && 5753 stcb) { 5754 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5755 } 5756 copied_so_far += cp_len; 5757 embuf = m; 5758 freed_so_far += cp_len; 5759 freed_so_far += MSIZE; 5760 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5761 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5762 SCTP_LOG_SBRESULT, 0); 5763 } 5764 atomic_subtract_int(&control->length, cp_len); 5765 } else { 5766 copied_so_far += cp_len; 5767 } 5768 } 5769 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) { 5770 break; 5771 } 5772 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5773 (control->do_not_ref_stcb == 0) && 5774 (freed_so_far >= rwnd_req)) { 5775 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5776 } 5777 } /* end while(m) */ 5778 /* 5779 * At this point we have looked at it all and we either have 5780 * a MSG_EOR/or read all the user wants... <OR> 5781 * control->length == 0. 5782 */ 5783 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) { 5784 /* we are done with this control */ 5785 if (control->length == 0) { 5786 if (control->data) { 5787 #ifdef INVARIANTS 5788 panic("control->data not null at read eor?"); 5789 #else 5790 SCTP_PRINTF("Strange, data left in the control buffer .. invarients would panic?\n"); 5791 sctp_m_freem(control->data); 5792 control->data = NULL; 5793 #endif 5794 } 5795 done_with_control: 5796 if (TAILQ_NEXT(control, next) == NULL) { 5797 /* 5798 * If we don't have a next we need a 5799 * lock, if there is a next 5800 * interrupt is filling ahead of us 5801 * and we don't need a lock to 5802 * remove this guy (which is the 5803 * head of the queue). 5804 */ 5805 if (hold_rlock == 0) { 5806 SCTP_INP_READ_LOCK(inp); 5807 hold_rlock = 1; 5808 } 5809 } 5810 TAILQ_REMOVE(&inp->read_queue, control, next); 5811 /* Add back any hiddend data */ 5812 if (control->held_length) { 5813 held_length = 0; 5814 control->held_length = 0; 5815 wakeup_read_socket = 1; 5816 } 5817 if (control->aux_data) { 5818 sctp_m_free(control->aux_data); 5819 control->aux_data = NULL; 5820 } 5821 no_rcv_needed = control->do_not_ref_stcb; 5822 sctp_free_remote_addr(control->whoFrom); 5823 control->data = NULL; 5824 sctp_free_a_readq(stcb, control); 5825 control = NULL; 5826 if ((freed_so_far >= rwnd_req) && 5827 (no_rcv_needed == 0)) 5828 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5829 5830 } else { 5831 /* 5832 * The user did not read all of this 5833 * message, turn off the returned MSG_EOR 5834 * since we are leaving more behind on the 5835 * control to read. 5836 */ 5837 #ifdef INVARIANTS 5838 if (control->end_added && 5839 (control->data == NULL) && 5840 (control->tail_mbuf == NULL)) { 5841 panic("Gak, control->length is corrupt?"); 5842 } 5843 #endif 5844 no_rcv_needed = control->do_not_ref_stcb; 5845 out_flags &= ~MSG_EOR; 5846 } 5847 } 5848 if (out_flags & MSG_EOR) { 5849 goto release; 5850 } 5851 if ((uio->uio_resid == 0) || 5852 ((in_eeor_mode) && (copied_so_far >= max(so->so_rcv.sb_lowat, 1))) 5853 ) { 5854 goto release; 5855 } 5856 /* 5857 * If I hit here the receiver wants more and this message is 5858 * NOT done (pd-api). So two questions. Can we block? if not 5859 * we are done. Did the user NOT set MSG_WAITALL? 5860 */ 5861 if (block_allowed == 0) { 5862 goto release; 5863 } 5864 /* 5865 * We need to wait for more data a few things: - We don't 5866 * sbunlock() so we don't get someone else reading. - We 5867 * must be sure to account for the case where what is added 5868 * is NOT to our control when we wakeup. 5869 */ 5870 5871 /* 5872 * Do we need to tell the transport a rwnd update might be 5873 * needed before we go to sleep? 5874 */ 5875 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5876 ((freed_so_far >= rwnd_req) && 5877 (control->do_not_ref_stcb == 0) && 5878 (no_rcv_needed == 0))) { 5879 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5880 } 5881 wait_some_more: 5882 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 5883 goto release; 5884 } 5885 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 5886 goto release; 5887 5888 if (hold_rlock == 1) { 5889 SCTP_INP_READ_UNLOCK(inp); 5890 hold_rlock = 0; 5891 } 5892 if (hold_sblock == 0) { 5893 SOCKBUF_LOCK(&so->so_rcv); 5894 hold_sblock = 1; 5895 } 5896 if ((copied_so_far) && (control->length == 0) && 5897 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) { 5898 goto release; 5899 } 5900 if (so->so_rcv.sb_cc <= control->held_length) { 5901 error = sbwait(&so->so_rcv); 5902 if (error) { 5903 goto release; 5904 } 5905 control->held_length = 0; 5906 } 5907 if (hold_sblock) { 5908 SOCKBUF_UNLOCK(&so->so_rcv); 5909 hold_sblock = 0; 5910 } 5911 if (control->length == 0) { 5912 /* still nothing here */ 5913 if (control->end_added == 1) { 5914 /* he aborted, or is done i.e.did a shutdown */ 5915 out_flags |= MSG_EOR; 5916 if (control->pdapi_aborted) { 5917 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5918 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5919 5920 out_flags |= MSG_TRUNC; 5921 } else { 5922 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5923 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5924 } 5925 goto done_with_control; 5926 } 5927 if (so->so_rcv.sb_cc > held_length) { 5928 control->held_length = so->so_rcv.sb_cc; 5929 held_length = 0; 5930 } 5931 goto wait_some_more; 5932 } else if (control->data == NULL) { 5933 /* 5934 * we must re-sync since data is probably being 5935 * added 5936 */ 5937 SCTP_INP_READ_LOCK(inp); 5938 if ((control->length > 0) && (control->data == NULL)) { 5939 /* 5940 * big trouble.. we have the lock and its 5941 * corrupt? 5942 */ 5943 #ifdef INVARIANTS 5944 panic("Impossible data==NULL length !=0"); 5945 #endif 5946 out_flags |= MSG_EOR; 5947 out_flags |= MSG_TRUNC; 5948 control->length = 0; 5949 SCTP_INP_READ_UNLOCK(inp); 5950 goto done_with_control; 5951 } 5952 SCTP_INP_READ_UNLOCK(inp); 5953 /* We will fall around to get more data */ 5954 } 5955 goto get_more_data; 5956 } else { 5957 /*- 5958 * Give caller back the mbuf chain, 5959 * store in uio_resid the length 5960 */ 5961 wakeup_read_socket = 0; 5962 if ((control->end_added == 0) || 5963 (TAILQ_NEXT(control, next) == NULL)) { 5964 /* Need to get rlock */ 5965 if (hold_rlock == 0) { 5966 SCTP_INP_READ_LOCK(inp); 5967 hold_rlock = 1; 5968 } 5969 } 5970 if (control->end_added) { 5971 out_flags |= MSG_EOR; 5972 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5973 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5974 } 5975 if (control->spec_flags & M_NOTIFICATION) { 5976 out_flags |= MSG_NOTIFICATION; 5977 } 5978 uio->uio_resid = control->length; 5979 *mp = control->data; 5980 m = control->data; 5981 while (m) { 5982 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5983 sctp_sblog(&so->so_rcv, 5984 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5985 } 5986 sctp_sbfree(control, stcb, &so->so_rcv, m); 5987 freed_so_far += SCTP_BUF_LEN(m); 5988 freed_so_far += MSIZE; 5989 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5990 sctp_sblog(&so->so_rcv, 5991 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5992 } 5993 m = SCTP_BUF_NEXT(m); 5994 } 5995 control->data = control->tail_mbuf = NULL; 5996 control->length = 0; 5997 if (out_flags & MSG_EOR) { 5998 /* Done with this control */ 5999 goto done_with_control; 6000 } 6001 } 6002 release: 6003 if (hold_rlock == 1) { 6004 SCTP_INP_READ_UNLOCK(inp); 6005 hold_rlock = 0; 6006 } 6007 if (hold_sblock == 1) { 6008 SOCKBUF_UNLOCK(&so->so_rcv); 6009 hold_sblock = 0; 6010 } 6011 sbunlock(&so->so_rcv); 6012 sockbuf_lock = 0; 6013 6014 release_unlocked: 6015 if (hold_sblock) { 6016 SOCKBUF_UNLOCK(&so->so_rcv); 6017 hold_sblock = 0; 6018 } 6019 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 6020 if ((freed_so_far >= rwnd_req) && 6021 (control && (control->do_not_ref_stcb == 0)) && 6022 (no_rcv_needed == 0)) 6023 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6024 } 6025 out: 6026 if (msg_flags) { 6027 *msg_flags = out_flags; 6028 } 6029 if (((out_flags & MSG_EOR) == 0) && 6030 ((in_flags & MSG_PEEK) == 0) && 6031 (sinfo) && 6032 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO))) { 6033 struct sctp_extrcvinfo *s_extra; 6034 6035 s_extra = (struct sctp_extrcvinfo *)sinfo; 6036 s_extra->sreinfo_next_flags = SCTP_NO_NEXT_MSG; 6037 } 6038 if (hold_rlock == 1) { 6039 SCTP_INP_READ_UNLOCK(inp); 6040 hold_rlock = 0; 6041 } 6042 if (hold_sblock) { 6043 SOCKBUF_UNLOCK(&so->so_rcv); 6044 hold_sblock = 0; 6045 } 6046 if (sockbuf_lock) { 6047 sbunlock(&so->so_rcv); 6048 } 6049 if (freecnt_applied) { 6050 /* 6051 * The lock on the socket buffer protects us so the free 6052 * code will stop. But since we used the socketbuf lock and 6053 * the sender uses the tcb_lock to increment, we need to use 6054 * the atomic add to the refcnt. 6055 */ 6056 if (stcb == NULL) { 6057 #ifdef INVARIANTS 6058 panic("stcb for refcnt has gone NULL?"); 6059 goto stage_left; 6060 #else 6061 goto stage_left; 6062 #endif 6063 } 6064 atomic_add_int(&stcb->asoc.refcnt, -1); 6065 freecnt_applied = 0; 6066 /* Save the value back for next time */ 6067 stcb->freed_by_sorcv_sincelast = freed_so_far; 6068 } 6069 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 6070 if (stcb) { 6071 sctp_misc_ints(SCTP_SORECV_DONE, 6072 freed_so_far, 6073 ((uio) ? (slen - uio->uio_resid) : slen), 6074 stcb->asoc.my_rwnd, 6075 so->so_rcv.sb_cc); 6076 } else { 6077 sctp_misc_ints(SCTP_SORECV_DONE, 6078 freed_so_far, 6079 ((uio) ? (slen - uio->uio_resid) : slen), 6080 0, 6081 so->so_rcv.sb_cc); 6082 } 6083 } 6084 stage_left: 6085 if (wakeup_read_socket) { 6086 sctp_sorwakeup(inp, so); 6087 } 6088 return (error); 6089 } 6090 6091 6092 #ifdef SCTP_MBUF_LOGGING 6093 struct mbuf * 6094 sctp_m_free(struct mbuf *m) 6095 { 6096 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6097 if (SCTP_BUF_IS_EXTENDED(m)) { 6098 sctp_log_mb(m, SCTP_MBUF_IFREE); 6099 } 6100 } 6101 return (m_free(m)); 6102 } 6103 6104 void 6105 sctp_m_freem(struct mbuf *mb) 6106 { 6107 while (mb != NULL) 6108 mb = sctp_m_free(mb); 6109 } 6110 6111 #endif 6112 6113 int 6114 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id) 6115 { 6116 /* 6117 * Given a local address. For all associations that holds the 6118 * address, request a peer-set-primary. 6119 */ 6120 struct sctp_ifa *ifa; 6121 struct sctp_laddr *wi; 6122 6123 ifa = sctp_find_ifa_by_addr(sa, vrf_id, 0); 6124 if (ifa == NULL) { 6125 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL); 6126 return (EADDRNOTAVAIL); 6127 } 6128 /* 6129 * Now that we have the ifa we must awaken the iterator with this 6130 * message. 6131 */ 6132 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6133 if (wi == NULL) { 6134 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 6135 return (ENOMEM); 6136 } 6137 /* Now incr the count and int wi structure */ 6138 SCTP_INCR_LADDR_COUNT(); 6139 bzero(wi, sizeof(*wi)); 6140 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 6141 wi->ifa = ifa; 6142 wi->action = SCTP_SET_PRIM_ADDR; 6143 atomic_add_int(&ifa->refcount, 1); 6144 6145 /* Now add it to the work queue */ 6146 SCTP_WQ_ADDR_LOCK(); 6147 /* 6148 * Should this really be a tailq? As it is we will process the 6149 * newest first :-0 6150 */ 6151 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 6152 SCTP_WQ_ADDR_UNLOCK(); 6153 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 6154 (struct sctp_inpcb *)NULL, 6155 (struct sctp_tcb *)NULL, 6156 (struct sctp_nets *)NULL); 6157 return (0); 6158 } 6159 6160 6161 int 6162 sctp_soreceive(struct socket *so, 6163 struct sockaddr **psa, 6164 struct uio *uio, 6165 struct mbuf **mp0, 6166 struct mbuf **controlp, 6167 int *flagsp) 6168 { 6169 int error, fromlen; 6170 uint8_t sockbuf[256]; 6171 struct sockaddr *from; 6172 struct sctp_extrcvinfo sinfo; 6173 int filling_sinfo = 1; 6174 struct sctp_inpcb *inp; 6175 6176 inp = (struct sctp_inpcb *)so->so_pcb; 6177 /* pickup the assoc we are reading from */ 6178 if (inp == NULL) { 6179 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6180 return (EINVAL); 6181 } 6182 if ((sctp_is_feature_off(inp, 6183 SCTP_PCB_FLAGS_RECVDATAIOEVNT)) || 6184 (controlp == NULL)) { 6185 /* user does not want the sndrcv ctl */ 6186 filling_sinfo = 0; 6187 } 6188 if (psa) { 6189 from = (struct sockaddr *)sockbuf; 6190 fromlen = sizeof(sockbuf); 6191 from->sa_len = 0; 6192 } else { 6193 from = NULL; 6194 fromlen = 0; 6195 } 6196 6197 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, 6198 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 6199 if ((controlp) && (filling_sinfo)) { 6200 /* copy back the sinfo in a CMSG format */ 6201 if (filling_sinfo) 6202 *controlp = sctp_build_ctl_nchunk(inp, 6203 (struct sctp_sndrcvinfo *)&sinfo); 6204 else 6205 *controlp = NULL; 6206 } 6207 if (psa) { 6208 /* copy back the address info */ 6209 if (from && from->sa_len) { 6210 *psa = sodupsockaddr(from, M_NOWAIT); 6211 } else { 6212 *psa = NULL; 6213 } 6214 } 6215 return (error); 6216 } 6217 6218 6219 int 6220 sctp_l_soreceive(struct socket *so, 6221 struct sockaddr **name, 6222 struct uio *uio, 6223 char **controlp, 6224 int *controllen, 6225 int *flag) 6226 { 6227 int error, fromlen; 6228 uint8_t sockbuf[256]; 6229 struct sockaddr *from; 6230 struct sctp_extrcvinfo sinfo; 6231 int filling_sinfo = 1; 6232 struct sctp_inpcb *inp; 6233 6234 inp = (struct sctp_inpcb *)so->so_pcb; 6235 /* pickup the assoc we are reading from */ 6236 if (inp == NULL) { 6237 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6238 return (EINVAL); 6239 } 6240 if ((sctp_is_feature_off(inp, 6241 SCTP_PCB_FLAGS_RECVDATAIOEVNT)) || 6242 (controlp == NULL)) { 6243 /* user does not want the sndrcv ctl */ 6244 filling_sinfo = 0; 6245 } 6246 if (name) { 6247 from = (struct sockaddr *)sockbuf; 6248 fromlen = sizeof(sockbuf); 6249 from->sa_len = 0; 6250 } else { 6251 from = NULL; 6252 fromlen = 0; 6253 } 6254 6255 error = sctp_sorecvmsg(so, uio, 6256 (struct mbuf **)NULL, 6257 from, fromlen, flag, 6258 (struct sctp_sndrcvinfo *)&sinfo, 6259 filling_sinfo); 6260 if ((controlp) && (filling_sinfo)) { 6261 /* 6262 * copy back the sinfo in a CMSG format note that the caller 6263 * has reponsibility for freeing the memory. 6264 */ 6265 if (filling_sinfo) 6266 *controlp = sctp_build_ctl_cchunk(inp, 6267 controllen, 6268 (struct sctp_sndrcvinfo *)&sinfo); 6269 } 6270 if (name) { 6271 /* copy back the address info */ 6272 if (from && from->sa_len) { 6273 *name = sodupsockaddr(from, M_WAIT); 6274 } else { 6275 *name = NULL; 6276 } 6277 } 6278 return (error); 6279 } 6280 6281 6282 6283 6284 6285 6286 6287 int 6288 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr, 6289 int totaddr, int *error) 6290 { 6291 int added = 0; 6292 int i; 6293 struct sctp_inpcb *inp; 6294 struct sockaddr *sa; 6295 size_t incr = 0; 6296 6297 sa = addr; 6298 inp = stcb->sctp_ep; 6299 *error = 0; 6300 for (i = 0; i < totaddr; i++) { 6301 if (sa->sa_family == AF_INET) { 6302 incr = sizeof(struct sockaddr_in); 6303 if (sctp_add_remote_addr(stcb, sa, SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 6304 /* assoc gone no un-lock */ 6305 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6306 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_USRREQ + SCTP_LOC_7); 6307 *error = ENOBUFS; 6308 goto out_now; 6309 } 6310 added++; 6311 } else if (sa->sa_family == AF_INET6) { 6312 incr = sizeof(struct sockaddr_in6); 6313 if (sctp_add_remote_addr(stcb, sa, SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 6314 /* assoc gone no un-lock */ 6315 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6316 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_USRREQ + SCTP_LOC_8); 6317 *error = ENOBUFS; 6318 goto out_now; 6319 } 6320 added++; 6321 } 6322 sa = (struct sockaddr *)((caddr_t)sa + incr); 6323 } 6324 out_now: 6325 return (added); 6326 } 6327 6328 struct sctp_tcb * 6329 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, 6330 int *totaddr, int *num_v4, int *num_v6, int *error, 6331 int limit, int *bad_addr) 6332 { 6333 struct sockaddr *sa; 6334 struct sctp_tcb *stcb = NULL; 6335 size_t incr, at, i; 6336 6337 at = incr = 0; 6338 sa = addr; 6339 *error = *num_v6 = *num_v4 = 0; 6340 /* account and validate addresses */ 6341 for (i = 0; i < (size_t)*totaddr; i++) { 6342 if (sa->sa_family == AF_INET) { 6343 (*num_v4) += 1; 6344 incr = sizeof(struct sockaddr_in); 6345 if (sa->sa_len != incr) { 6346 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6347 *error = EINVAL; 6348 *bad_addr = 1; 6349 return (NULL); 6350 } 6351 } else if (sa->sa_family == AF_INET6) { 6352 struct sockaddr_in6 *sin6; 6353 6354 sin6 = (struct sockaddr_in6 *)sa; 6355 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6356 /* Must be non-mapped for connectx */ 6357 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6358 *error = EINVAL; 6359 *bad_addr = 1; 6360 return (NULL); 6361 } 6362 (*num_v6) += 1; 6363 incr = sizeof(struct sockaddr_in6); 6364 if (sa->sa_len != incr) { 6365 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6366 *error = EINVAL; 6367 *bad_addr = 1; 6368 return (NULL); 6369 } 6370 } else { 6371 *totaddr = i; 6372 /* we are done */ 6373 break; 6374 } 6375 SCTP_INP_INCR_REF(inp); 6376 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL); 6377 if (stcb != NULL) { 6378 /* Already have or am bring up an association */ 6379 return (stcb); 6380 } else { 6381 SCTP_INP_DECR_REF(inp); 6382 } 6383 if ((at + incr) > (size_t)limit) { 6384 *totaddr = i; 6385 break; 6386 } 6387 sa = (struct sockaddr *)((caddr_t)sa + incr); 6388 } 6389 return ((struct sctp_tcb *)NULL); 6390 } 6391 6392 /* 6393 * sctp_bindx(ADD) for one address. 6394 * assumes all arguments are valid/checked by caller. 6395 */ 6396 void 6397 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp, 6398 struct sockaddr *sa, sctp_assoc_t assoc_id, 6399 uint32_t vrf_id, int *error, void *p) 6400 { 6401 struct sockaddr *addr_touse; 6402 6403 #ifdef INET6 6404 struct sockaddr_in sin; 6405 6406 #endif 6407 6408 /* see if we're bound all already! */ 6409 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6410 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6411 *error = EINVAL; 6412 return; 6413 } 6414 addr_touse = sa; 6415 #if defined(INET6) && !defined(__Userspace__) /* TODO port in6_sin6_2_sin */ 6416 if (sa->sa_family == AF_INET6) { 6417 struct sockaddr_in6 *sin6; 6418 6419 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6420 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6421 *error = EINVAL; 6422 return; 6423 } 6424 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6425 /* can only bind v6 on PF_INET6 sockets */ 6426 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6427 *error = EINVAL; 6428 return; 6429 } 6430 sin6 = (struct sockaddr_in6 *)addr_touse; 6431 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6432 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6433 SCTP_IPV6_V6ONLY(inp)) { 6434 /* can't bind v4-mapped on PF_INET sockets */ 6435 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6436 *error = EINVAL; 6437 return; 6438 } 6439 in6_sin6_2_sin(&sin, sin6); 6440 addr_touse = (struct sockaddr *)&sin; 6441 } 6442 } 6443 #endif 6444 if (sa->sa_family == AF_INET) { 6445 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6446 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6447 *error = EINVAL; 6448 return; 6449 } 6450 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6451 SCTP_IPV6_V6ONLY(inp)) { 6452 /* can't bind v4 on PF_INET sockets */ 6453 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6454 *error = EINVAL; 6455 return; 6456 } 6457 } 6458 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 6459 if (p == NULL) { 6460 /* Can't get proc for Net/Open BSD */ 6461 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6462 *error = EINVAL; 6463 return; 6464 } 6465 *error = sctp_inpcb_bind(so, addr_touse, NULL, p); 6466 return; 6467 } 6468 /* 6469 * No locks required here since bind and mgmt_ep_sa all do their own 6470 * locking. If we do something for the FIX: below we may need to 6471 * lock in that case. 6472 */ 6473 if (assoc_id == 0) { 6474 /* add the address */ 6475 struct sctp_inpcb *lep; 6476 struct sockaddr_in *lsin = (struct sockaddr_in *)addr_touse; 6477 6478 /* validate the incoming port */ 6479 if ((lsin->sin_port != 0) && 6480 (lsin->sin_port != inp->sctp_lport)) { 6481 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6482 *error = EINVAL; 6483 return; 6484 } else { 6485 /* user specified 0 port, set it to existing port */ 6486 lsin->sin_port = inp->sctp_lport; 6487 } 6488 6489 lep = sctp_pcb_findep(addr_touse, 1, 0, vrf_id); 6490 if (lep != NULL) { 6491 /* 6492 * We must decrement the refcount since we have the 6493 * ep already and are binding. No remove going on 6494 * here. 6495 */ 6496 SCTP_INP_DECR_REF(lep); 6497 } 6498 if (lep == inp) { 6499 /* already bound to it.. ok */ 6500 return; 6501 } else if (lep == NULL) { 6502 ((struct sockaddr_in *)addr_touse)->sin_port = 0; 6503 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6504 SCTP_ADD_IP_ADDRESS, 6505 vrf_id, NULL); 6506 } else { 6507 *error = EADDRINUSE; 6508 } 6509 if (*error) 6510 return; 6511 } else { 6512 /* 6513 * FIX: decide whether we allow assoc based bindx 6514 */ 6515 } 6516 } 6517 6518 /* 6519 * sctp_bindx(DELETE) for one address. 6520 * assumes all arguments are valid/checked by caller. 6521 */ 6522 void 6523 sctp_bindx_delete_address(struct socket *so, struct sctp_inpcb *inp, 6524 struct sockaddr *sa, sctp_assoc_t assoc_id, 6525 uint32_t vrf_id, int *error) 6526 { 6527 struct sockaddr *addr_touse; 6528 6529 #ifdef INET6 6530 struct sockaddr_in sin; 6531 6532 #endif 6533 6534 /* see if we're bound all already! */ 6535 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6536 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6537 *error = EINVAL; 6538 return; 6539 } 6540 addr_touse = sa; 6541 #if defined(INET6) && !defined(__Userspace__) /* TODO port in6_sin6_2_sin */ 6542 if (sa->sa_family == AF_INET6) { 6543 struct sockaddr_in6 *sin6; 6544 6545 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6546 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6547 *error = EINVAL; 6548 return; 6549 } 6550 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6551 /* can only bind v6 on PF_INET6 sockets */ 6552 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6553 *error = EINVAL; 6554 return; 6555 } 6556 sin6 = (struct sockaddr_in6 *)addr_touse; 6557 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6558 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6559 SCTP_IPV6_V6ONLY(inp)) { 6560<