1 /*-
2 * Copyright (c) 1984, 1985, 1986, 1987, 1993
3 * The Regents of the University of California.
4 * Copyright (c) 2004-2006 Robert N. M. Watson
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * Copyright (c) 1995, Mike Mitchell
32 * All rights reserved.
33 *
34 * Redistribution and use in source and binary forms, with or without
35 * modification, are permitted provided that the following conditions
36 * are met:
37 * 1. Redistributions of source code must retain the above copyright
38 * notice, this list of conditions and the following disclaimer.
39 * 2. Redistributions in binary form must reproduce the above copyright
40 * notice, this list of conditions and the following disclaimer in the
41 * documentation and/or other materials provided with the distribution.
42 * 3. All advertising materials mentioning features or use of this software
43 * must display the following acknowledgement:
44 * This product includes software developed by the University of
45 * California, Berkeley and its contributors.
46 * 4. Neither the name of the University nor the names of its contributors
47 * may be used to endorse or promote products derived from this software
48 * without specific prior written permission.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE.
61 *
62 * @(#)spx_usrreq.h
63 */
64
65 #include <sys/cdefs.h>
66 __FBSDID("$FreeBSD: src/sys/netipx/spx_usrreq.c,v 1.90 2008/10/23 15:53:51 des Exp $");
67
68 #include <sys/param.h>
69 #include <sys/lock.h>
70 #include <sys/malloc.h>
71 #include <sys/mbuf.h>
72 #include <sys/mutex.h>
73 #include <sys/proc.h>
74 #include <sys/protosw.h>
75 #include <sys/signalvar.h>
76 #include <sys/socket.h>
77 #include <sys/socketvar.h>
78 #include <sys/sx.h>
79 #include <sys/systm.h>
80
81 #include <net/route.h>
82 #include <netinet/tcp_fsm.h>
83
84 #include <netipx/ipx.h>
85 #include <netipx/ipx_pcb.h>
86 #include <netipx/ipx_var.h>
87 #include <netipx/spx.h>
88 #include <netipx/spx_debug.h>
89 #include <netipx/spx_timer.h>
90 #include <netipx/spx_var.h>
91
92 /*
93 * SPX protocol implementation.
94 */
95 static struct mtx spx_mtx; /* Protects only spx_iss. */
96 static u_short spx_iss;
97 static u_short spx_newchecks[50];
98 static int spx_hardnosed;
99 static int spx_use_delack = 0;
100 static int traceallspxs = 0;
101 static struct spx_istat spx_istat;
102 static int spxrexmtthresh = 3;
103
104 #define SPX_LOCK_INIT() mtx_init(&spx_mtx, "spx_mtx", NULL, MTX_DEF)
105 #define SPX_LOCK() mtx_lock(&spx_mtx)
106 #define SPX_UNLOCK() mtx_unlock(&spx_mtx)
107
108 /* Following was struct spxstat spxstat; */
109 #ifndef spxstat
110 #define spxstat spx_istat.newstats
111 #endif
112
113 static const int spx_backoff[SPX_MAXRXTSHIFT+1] =
114 { 1, 2, 4, 8, 16, 32, 64, 64, 64, 64, 64, 64, 64 };
115
116 static void spx_close(struct spxpcb *cb);
117 static void spx_disconnect(struct spxpcb *cb);
118 static void spx_drop(struct spxpcb *cb, int errno);
119 static int spx_output(struct spxpcb *cb, struct mbuf *m0);
120 static int spx_reass(struct spxpcb *cb, struct spx *si);
121 static void spx_setpersist(struct spxpcb *cb);
122 static void spx_template(struct spxpcb *cb);
123 static void spx_timers(struct spxpcb *cb, int timer);
124 static void spx_usrclosed(struct spxpcb *cb);
125
126 static void spx_usr_abort(struct socket *so);
127 static int spx_accept(struct socket *so, struct sockaddr **nam);
128 static int spx_attach(struct socket *so, int proto, struct thread *td);
129 static int spx_bind(struct socket *so, struct sockaddr *nam, struct thread *td);
130 static void spx_usr_close(struct socket *so);
131 static int spx_connect(struct socket *so, struct sockaddr *nam,
132 struct thread *td);
133 static void spx_detach(struct socket *so);
134 static void spx_pcbdetach(struct ipxpcb *ipxp);
135 static int spx_usr_disconnect(struct socket *so);
136 static int spx_listen(struct socket *so, int backlog, struct thread *td);
137 static int spx_rcvd(struct socket *so, int flags);
138 static int spx_rcvoob(struct socket *so, struct mbuf *m, int flags);
139 static int spx_send(struct socket *so, int flags, struct mbuf *m,
140 struct sockaddr *addr, struct mbuf *control,
141 struct thread *td);
142 static int spx_shutdown(struct socket *so);
143 static int spx_sp_attach(struct socket *so, int proto, struct thread *td);
144
145 struct pr_usrreqs spx_usrreqs = {
146 .pru_abort = spx_usr_abort,
147 .pru_accept = spx_accept,
148 .pru_attach = spx_attach,
149 .pru_bind = spx_bind,
150 .pru_connect = spx_connect,
151 .pru_control = ipx_control,
152 .pru_detach = spx_detach,
153 .pru_disconnect = spx_usr_disconnect,
154 .pru_listen = spx_listen,
155 .pru_peeraddr = ipx_peeraddr,
156 .pru_rcvd = spx_rcvd,
157 .pru_rcvoob = spx_rcvoob,
158 .pru_send = spx_send,
159 .pru_shutdown = spx_shutdown,
160 .pru_sockaddr = ipx_sockaddr,
161 .pru_close = spx_usr_close,
162 };
163
164 struct pr_usrreqs spx_usrreq_sps = {
165 .pru_abort = spx_usr_abort,
166 .pru_accept = spx_accept,
167 .pru_attach = spx_sp_attach,
168 .pru_bind = spx_bind,
169 .pru_connect = spx_connect,
170 .pru_control = ipx_control,
171 .pru_detach = spx_detach,
172 .pru_disconnect = spx_usr_disconnect,
173 .pru_listen = spx_listen,
174 .pru_peeraddr = ipx_peeraddr,
175 .pru_rcvd = spx_rcvd,
176 .pru_rcvoob = spx_rcvoob,
177 .pru_send = spx_send,
178 .pru_shutdown = spx_shutdown,
179 .pru_sockaddr = ipx_sockaddr,
180 .pru_close = spx_usr_close,
181 };
182
183 void
184 spx_init(void)
185 {
186
187 SPX_LOCK_INIT();
188 spx_iss = 1; /* WRONG !! should fish it out of TODR */
189 }
190
191 void
192 spx_input(struct mbuf *m, struct ipxpcb *ipxp)
193 {
194 struct spxpcb *cb;
195 struct spx *si = mtod(m, struct spx *);
196 struct socket *so;
197 struct spx spx_savesi;
198 int dropsocket = 0;
199 short ostate = 0;
200
201 spxstat.spxs_rcvtotal++;
202 KASSERT(ipxp != NULL, ("spx_input: ipxpcb == NULL"));
203
204 /*
205 * spx_input() assumes that the caller will hold both the pcb list
206 * lock and also the ipxp lock. spx_input() will release both before
207 * returning, and may in fact trade in the ipxp lock for another pcb
208 * lock following sonewconn().
209 */
210 IPX_LIST_LOCK_ASSERT();
211 IPX_LOCK_ASSERT(ipxp);
212
213 cb = ipxtospxpcb(ipxp);
214 KASSERT(cb != NULL, ("spx_input: cb == NULL"));
215
216 if (ipxp->ipxp_flags & IPXP_DROPPED)
217 goto drop;
218
219 if (m->m_len < sizeof(*si)) {
220 if ((m = m_pullup(m, sizeof(*si))) == NULL) {
221 IPX_UNLOCK(ipxp);
222 IPX_LIST_UNLOCK();
223 spxstat.spxs_rcvshort++;
224 return;
225 }
226 si = mtod(m, struct spx *);
227 }
228 si->si_seq = ntohs(si->si_seq);
229 si->si_ack = ntohs(si->si_ack);
230 si->si_alo = ntohs(si->si_alo);
231
232 so = ipxp->ipxp_socket;
233 KASSERT(so != NULL, ("spx_input: so == NULL"));
234
235 if (so->so_options & SO_DEBUG || traceallspxs) {
236 ostate = cb->s_state;
237 spx_savesi = *si;
238 }
239 if (so->so_options & SO_ACCEPTCONN) {
240 struct spxpcb *ocb = cb;
241
242 so = sonewconn(so, 0);
243 if (so == NULL)
244 goto drop;
245
246 /*
247 * This is ugly, but ....
248 *
249 * Mark socket as temporary until we're committed to keeping
250 * it. The code at ``drop'' and ``dropwithreset'' check the
251 * flag dropsocket to see if the temporary socket created
252 * here should be discarded. We mark the socket as
253 * discardable until we're committed to it below in
254 * TCPS_LISTEN.
255 *
256 * XXXRW: In the new world order of real kernel parallelism,
257 * temporarily allocating the socket when we're "not sure"
258 * seems like a bad idea, as we might race to remove it if
259 * the listen socket is closed...?
260 *
261 * We drop the lock of the listen socket ipxp, and acquire
262 * the lock of the new socket ippx.
263 */
264 dropsocket++;
265 IPX_UNLOCK(ipxp);
266 ipxp = (struct ipxpcb *)so->so_pcb;
267 IPX_LOCK(ipxp);
268 ipxp->ipxp_laddr = si->si_dna;
269 cb = ipxtospxpcb(ipxp);
270 cb->s_mtu = ocb->s_mtu; /* preserve sockopts */
271 cb->s_flags = ocb->s_flags; /* preserve sockopts */
272 cb->s_flags2 = ocb->s_flags2; /* preserve sockopts */
273 cb->s_state = TCPS_LISTEN;
274 }
275 IPX_LOCK_ASSERT(ipxp);
276
277 /*
278 * Packet received on connection. Reset idle time and keep-alive
279 * timer.
280 */
281 cb->s_idle = 0;
282 cb->s_timer[SPXT_KEEP] = SPXTV_KEEP;
283
284 switch (cb->s_state) {
285 case TCPS_LISTEN:{
286 struct sockaddr_ipx *sipx, ssipx;
287 struct ipx_addr laddr;
288
289 /*
290 * If somebody here was carying on a conversation and went
291 * away, and his pen pal thinks he can still talk, we get the
292 * misdirected packet.
293 */
294 if (spx_hardnosed && (si->si_did != 0 || si->si_seq != 0)) {
295 spx_istat.gonawy++;
296 goto dropwithreset;
297 }
298 sipx = &ssipx;
299 bzero(sipx, sizeof *sipx);
300 sipx->sipx_len = sizeof(*sipx);
301 sipx->sipx_family = AF_IPX;
302 sipx->sipx_addr = si->si_sna;
303 laddr = ipxp->ipxp_laddr;
304 if (ipx_nullhost(laddr))
305 ipxp->ipxp_laddr = si->si_dna;
306 if (ipx_pcbconnect(ipxp, (struct sockaddr *)sipx, &thread0)) {
307 ipxp->ipxp_laddr = laddr;
308 spx_istat.noconn++;
309 goto drop;
310 }
311 spx_template(cb);
312 dropsocket = 0; /* committed to socket */
313 cb->s_did = si->si_sid;
314 cb->s_rack = si->si_ack;
315 cb->s_ralo = si->si_alo;
316 #define THREEWAYSHAKE
317 #ifdef THREEWAYSHAKE
318 cb->s_state = TCPS_SYN_RECEIVED;
319 cb->s_force = 1 + SPXT_KEEP;
320 spxstat.spxs_accepts++;
321 cb->s_timer[SPXT_KEEP] = SPXTV_KEEP;
322 }
323 break;
324
325 case TCPS_SYN_RECEIVED: {
326 /*
327 * This state means that we have heard a response to our
328 * acceptance of their connection. It is probably logically
329 * unnecessary in this implementation.
330 */
331 if (si->si_did != cb->s_sid) {
332 spx_istat.wrncon++;
333 goto drop;
334 }
335 #endif
336 ipxp->ipxp_fport = si->si_sport;
337 cb->s_timer[SPXT_REXMT] = 0;
338 cb->s_timer[SPXT_KEEP] = SPXTV_KEEP;
339 soisconnected(so);
340 cb->s_state = TCPS_ESTABLISHED;
341 spxstat.spxs_accepts++;
342 }
343 break;
344
345 case TCPS_SYN_SENT:
346 /*
347 * This state means that we have gotten a response to our
348 * attempt to establish a connection. We fill in the data
349 * from the other side, telling us which port to respond to,
350 * instead of the well-known one we might have sent to in the
351 * first place. We also require that this is a response to
352 * our connection id.
353 */
354 if (si->si_did != cb->s_sid) {
355 spx_istat.notme++;
356 goto drop;
357 }
358 spxstat.spxs_connects++;
359 cb->s_did = si->si_sid;
360 cb->s_rack = si->si_ack;
361 cb->s_ralo = si->si_alo;
362 cb->s_dport = ipxp->ipxp_fport = si->si_sport;
363 cb->s_timer[SPXT_REXMT] = 0;
364 cb->s_flags |= SF_ACKNOW;
365 soisconnected(so);
366 cb->s_state = TCPS_ESTABLISHED;
367
368 /*
369 * Use roundtrip time of connection request for initial rtt.
370 */
371 if (cb->s_rtt) {
372 cb->s_srtt = cb->s_rtt << 3;
373 cb->s_rttvar = cb->s_rtt << 1;
374 SPXT_RANGESET(cb->s_rxtcur,
375 ((cb->s_srtt >> 2) + cb->s_rttvar) >> 1,
376 SPXTV_MIN, SPXTV_REXMTMAX);
377 cb->s_rtt = 0;
378 }
379 }
380
381 if (so->so_options & SO_DEBUG || traceallspxs)
382 spx_trace(SA_INPUT, (u_char)ostate, cb, &spx_savesi, 0);
383
384 m->m_len -= sizeof(struct ipx);
385 m->m_pkthdr.len -= sizeof(struct ipx);
386 m->m_data += sizeof(struct ipx);
387
388 if (spx_reass(cb, si))
389 m_freem(m);
390 if (cb->s_force || (cb->s_flags & (SF_ACKNOW|SF_WIN|SF_RXT)))
391 spx_output(cb, NULL);
392 cb->s_flags &= ~(SF_WIN|SF_RXT);
393 IPX_UNLOCK(ipxp);
394 IPX_LIST_UNLOCK();
395 return;
396
397 dropwithreset:
398 IPX_LOCK_ASSERT(ipxp);
399 if (cb == NULL || (cb->s_ipxpcb->ipxp_socket->so_options & SO_DEBUG ||
400 traceallspxs))
401 spx_trace(SA_DROP, (u_char)ostate, cb, &spx_savesi, 0);
402 IPX_UNLOCK(ipxp);
403 if (dropsocket) {
404 struct socket *head;
405 ACCEPT_LOCK();
406 KASSERT((so->so_qstate & SQ_INCOMP) != 0,
407 ("spx_input: nascent socket not SQ_INCOMP on soabort()"));
408 head = so->so_head;
409 TAILQ_REMOVE(&head->so_incomp, so, so_list);
410 head->so_incqlen--;
411 so->so_qstate &= ~SQ_INCOMP;
412 so->so_head = NULL;
413 ACCEPT_UNLOCK();
414 soabort(so);
415 }
416 IPX_LIST_UNLOCK();
417 m_freem(m);
418 return;
419
420 drop:
421 IPX_LOCK_ASSERT(ipxp);
422 if (cb->s_ipxpcb->ipxp_socket->so_options & SO_DEBUG || traceallspxs)
423 spx_trace(SA_DROP, (u_char)ostate, cb, &spx_savesi, 0);
424 IPX_UNLOCK(ipxp);
425 IPX_LIST_UNLOCK();
426 m_freem(m);
427 }
428
429 /*
430 * This is structurally similar to the tcp reassembly routine but its
431 * function is somewhat different: it merely queues packets up, and
432 * suppresses duplicates.
433 */
434 static int
435 spx_reass(struct spxpcb *cb, struct spx *si)
436 {
437 struct spx_q *q;
438 struct mbuf *m;
439 struct socket *so = cb->s_ipxpcb->ipxp_socket;
440 char packetp = cb->s_flags & SF_HI;
441 int incr;
442 char wakeup = 0;
443
444 IPX_LOCK_ASSERT(cb->s_ipxpcb);
445
446 if (si == SI(0))
447 goto present;
448
449 /*
450 * Update our news from them.
451 */
452 if (si->si_cc & SPX_SA)
453 cb->s_flags |= (spx_use_delack ? SF_DELACK : SF_ACKNOW);
454 if (SSEQ_GT(si->si_alo, cb->s_ralo))
455 cb->s_flags |= SF_WIN;
456 if (SSEQ_LEQ(si->si_ack, cb->s_rack)) {
457 if ((si->si_cc & SPX_SP) && cb->s_rack != (cb->s_smax + 1)) {
458 spxstat.spxs_rcvdupack++;
459
460 /*
461 * If this is a completely duplicate ack and other
462 * conditions hold, we assume a packet has been
463 * dropped and retransmit it exactly as in
464 * tcp_input().
465 */
466 if (si->si_ack != cb->s_rack ||
467 si->si_alo != cb->s_ralo)
468 cb->s_dupacks = 0;
469 else if (++cb->s_dupacks == spxrexmtthresh) {
470 u_short onxt = cb->s_snxt;
471 int cwnd = cb->s_cwnd;
472
473 cb->s_snxt = si->si_ack;
474 cb->s_cwnd = CUNIT;
475 cb->s_force = 1 + SPXT_REXMT;
476 spx_output(cb, NULL);
477 cb->s_timer[SPXT_REXMT] = cb->s_rxtcur;
478 cb->s_rtt = 0;
479 if (cwnd >= 4 * CUNIT)
480 cb->s_cwnd = cwnd / 2;
481 if (SSEQ_GT(onxt, cb->s_snxt))
482 cb->s_snxt = onxt;
483 return (1);
484 }
485 } else
486 cb->s_dupacks = 0;
487 goto update_window;
488 }
489 cb->s_dupacks = 0;
490
491 /*
492 * If our correspondent acknowledges data we haven't sent TCP would
493 * drop the packet after acking. We'll be a little more permissive.
494 */
495 if (SSEQ_GT(si->si_ack, (cb->s_smax + 1))) {
496 spxstat.spxs_rcvacktoomuch++;
497 si->si_ack = cb->s_smax + 1;
498 }
499 spxstat.spxs_rcvackpack++;
500
501 /*
502 * If transmit timer is running and timed sequence number was acked,
503 * update smoothed round trip time. See discussion of algorithm in
504 * tcp_input.c
505 */
506 if (cb->s_rtt && SSEQ_GT(si->si_ack, cb->s_rtseq)) {
507 spxstat.spxs_rttupdated++;
508 if (cb->s_srtt != 0) {
509 short delta;
510 delta = cb->s_rtt - (cb->s_srtt >> 3);
511 if ((cb->s_srtt += delta) <= 0)
512 cb->s_srtt = 1;
513 if (delta < 0)
514 delta = -delta;
515 delta -= (cb->s_rttvar >> 2);
516 if ((cb->s_rttvar += delta) <= 0)
517 cb->s_rttvar = 1;
518 } else {
519 /*
520 * No rtt measurement yet.
521 */
522 cb->s_srtt = cb->s_rtt << 3;
523 cb->s_rttvar = cb->s_rtt << 1;
524 }
525 cb->s_rtt = 0;
526 cb->s_rxtshift = 0;
527 SPXT_RANGESET(cb->s_rxtcur,
528 ((cb->s_srtt >> 2) + cb->s_rttvar) >> 1,
529 SPXTV_MIN, SPXTV_REXMTMAX);
530 }
531
532 /*
533 * If all outstanding data is acked, stop retransmit timer and
534 * remember to restart (more output or persist). If there is more
535 * data to be acked, restart retransmit timer, using current
536 * (possibly backed-off) value;
537 */
538 if (si->si_ack == cb->s_smax + 1) {
539 cb->s_timer[SPXT_REXMT] = 0;
540 cb->s_flags |= SF_RXT;
541 } else if (cb->s_timer[SPXT_PERSIST] == 0)
542 cb->s_timer[SPXT_REXMT] = cb->s_rxtcur;
543
544 /*
545 * When new data is acked, open the congestion window. If the window
546 * gives us less than ssthresh packets in flight, open exponentially
547 * (maxseg at a time). Otherwise open linearly (maxseg^2 / cwnd at a
548 * time).
549 */
550 incr = CUNIT;
551 if (cb->s_cwnd > cb->s_ssthresh)
552 incr = max(incr * incr / cb->s_cwnd, 1);
553 cb->s_cwnd = min(cb->s_cwnd + incr, cb->s_cwmx);
554
555 /*
556 * Trim Acked data from output queue.
557 */
558 SOCKBUF_LOCK(&so->so_snd);
559 while ((m = so->so_snd.sb_mb) != NULL) {
560 if (SSEQ_LT((mtod(m, struct spx *))->si_seq, si->si_ack))
561 sbdroprecord_locked(&so->so_snd);
562 else
563 break;
564 }
565 sowwakeup_locked(so);
566 cb->s_rack = si->si_ack;
567 update_window:
568 if (SSEQ_LT(cb->s_snxt, cb->s_rack))
569 cb->s_snxt = cb->s_rack;
570 if (SSEQ_LT(cb->s_swl1, si->si_seq) || ((cb->s_swl1 == si->si_seq &&
571 (SSEQ_LT(cb->s_swl2, si->si_ack))) ||
572 (cb->s_swl2 == si->si_ack && SSEQ_LT(cb->s_ralo, si->si_alo)))) {
573 /* keep track of pure window updates */
574 if ((si->si_cc & SPX_SP) && cb->s_swl2 == si->si_ack
575 && SSEQ_LT(cb->s_ralo, si->si_alo)) {
576 spxstat.spxs_rcvwinupd++;
577 spxstat.spxs_rcvdupack--;
578 }
579 cb->s_ralo = si->si_alo;
580 cb->s_swl1 = si->si_seq;
581 cb->s_swl2 = si->si_ack;
582 cb->s_swnd = (1 + si->si_alo - si->si_ack);
583 if (cb->s_swnd > cb->s_smxw)
584 cb->s_smxw = cb->s_swnd;
585 cb->s_flags |= SF_WIN;
586 }
587
588 /*
589 * If this packet number is higher than that which we have allocated
590 * refuse it, unless urgent.
591 */
592 if (SSEQ_GT(si->si_seq, cb->s_alo)) {
593 if (si->si_cc & SPX_SP) {
594 spxstat.spxs_rcvwinprobe++;
595 return (1);
596 } else
597 spxstat.spxs_rcvpackafterwin++;
598 if (si->si_cc & SPX_OB) {
599 if (SSEQ_GT(si->si_seq, cb->s_alo + 60))
600 return (1); /* else queue this packet; */
601 } else {
602 #ifdef BROKEN
603 /*
604 * XXXRW: This is broken on at least one count:
605 * spx_close() will free the ipxp and related parts,
606 * which are then touched by spx_input() after the
607 * return from spx_reass().
608 */
609 /*struct socket *so = cb->s_ipxpcb->ipxp_socket;
610 if (so->so_state && SS_NOFDREF) {
611 spx_close(cb);
612 } else
613 would crash system*/
614 #endif
615 spx_istat.notyet++;
616 return (1);
617 }
618 }
619
620 /*
621 * If this is a system packet, we don't need to queue it up, and
622 * won't update acknowledge #.
623 */
624 if (si->si_cc & SPX_SP)
625 return (1);
626
627 /*
628 * We have already seen this packet, so drop.
629 */
630 if (SSEQ_LT(si->si_seq, cb->s_ack)) {
631 spx_istat.bdreas++;
632 spxstat.spxs_rcvduppack++;
633 if (si->si_seq == cb->s_ack - 1)
634 spx_istat.lstdup++;
635 return (1);
636 }
637
638 /*
639 * Loop through all packets queued up to insert in appropriate
640 * sequence.
641 */
642 for (q = cb->s_q.si_next; q != &cb->s_q; q = q->si_next) {
643 if (si->si_seq == SI(q)->si_seq) {
644 spxstat.spxs_rcvduppack++;
645 return (1);
646 }
647 if (SSEQ_LT(si->si_seq, SI(q)->si_seq)) {
648 spxstat.spxs_rcvoopack++;
649 break;
650 }
651 }
652 insque(si, q->si_prev);
653
654 /*
655 * If this packet is urgent, inform process
656 */
657 if (si->si_cc & SPX_OB) {
658 cb->s_iobc = ((char *)si)[1 + sizeof(*si)];
659 sohasoutofband(so);
660 cb->s_oobflags |= SF_IOOB;
661 }
662 present:
663 #define SPINC sizeof(struct spxhdr)
664 SOCKBUF_LOCK(&so->so_rcv);
665
666 /*
667 * Loop through all packets queued up to update acknowledge number,
668 * and present all acknowledged data to user; if in packet interface
669 * mode, show packet headers.
670 */
671 for (q = cb->s_q.si_next; q != &cb->s_q; q = q->si_next) {
672 if (SI(q)->si_seq == cb->s_ack) {
673 cb->s_ack++;
674 m = dtom(q);
675 if (SI(q)->si_cc & SPX_OB) {
676 cb->s_oobflags &= ~SF_IOOB;
677 if (so->so_rcv.sb_cc)
678 so->so_oobmark = so->so_rcv.sb_cc;
679 else
680 so->so_rcv.sb_state |= SBS_RCVATMARK;
681 }
682 q = q->si_prev;
683 remque(q->si_next);
684 wakeup = 1;
685 spxstat.spxs_rcvpack++;
686 #ifdef SF_NEWCALL
687 if (cb->s_flags2 & SF_NEWCALL) {
688 struct spxhdr *sp = mtod(m, struct spxhdr *);
689 u_char dt = sp->spx_dt;
690 spx_newchecks[4]++;
691 if (dt != cb->s_rhdr.spx_dt) {
692 struct mbuf *mm =
693 m_getclr(M_DONTWAIT, MT_CONTROL);
694 spx_newchecks[0]++;
695 if (mm != NULL) {
696 u_short *s =
697 mtod(mm, u_short *);
698 cb->s_rhdr.spx_dt = dt;
699 mm->m_len = 5; /*XXX*/
700 s[0] = 5;
701 s[1] = 1;
702 *(u_char *)(&s[2]) = dt;
703 sbappend_locked(&so->so_rcv, mm);
704 }
705 }
706 if (sp->spx_cc & SPX_OB) {
707 MCHTYPE(m, MT_OOBDATA);
708 spx_newchecks[1]++;
709 so->so_oobmark = 0;
710 so->so_rcv.sb_state &= ~SBS_RCVATMARK;
711 }
712 if (packetp == 0) {
713 m->m_data += SPINC;
714 m->m_len -= SPINC;
715 m->m_pkthdr.len -= SPINC;
716 }
717 if ((sp->spx_cc & SPX_EM) || packetp) {
718 sbappendrecord_locked(&so->so_rcv, m);
719 spx_newchecks[9]++;
720 } else
721 sbappend_locked(&so->so_rcv, m);
722 } else
723 #endif
724 if (packetp)
725 sbappendrecord_locked(&so->so_rcv, m);
726 else {
727 cb->s_rhdr = *mtod(m, struct spxhdr *);
728 m->m_data += SPINC;
729 m->m_len -= SPINC;
730 m->m_pkthdr.len -= SPINC;
731 sbappend_locked(&so->so_rcv, m);
732 }
733 } else
734 break;
735 }
736 if (wakeup)
737 sorwakeup_locked(so);
738 else
739 SOCKBUF_UNLOCK(&so->so_rcv);
740 return (0);
741 }
742
743 void
744 spx_ctlinput(int cmd, struct sockaddr *arg_as_sa, void *dummy)
745 {
746
747 /* Currently, nothing. */
748 }
749
750 static int
751 spx_output(struct spxpcb *cb, struct mbuf *m0)
752 {
753 struct socket *so = cb->s_ipxpcb->ipxp_socket;
754 struct mbuf *m;
755 struct spx *si = NULL;
756 struct sockbuf *sb = &so->so_snd;
757 int len = 0, win, rcv_win;
758 short span, off, recordp = 0;
759 u_short alo;
760 int error = 0, sendalot;
761 #ifdef notdef
762 int idle;
763 #endif
764 struct mbuf *mprev;
765
766 IPX_LOCK_ASSERT(cb->s_ipxpcb);
767
768 if (m0 != NULL) {
769 int mtu = cb->s_mtu;
770 int datalen;
771
772 /*
773 * Make sure that packet isn't too big.
774 */
775 for (m = m0; m != NULL; m = m->m_next) {
776 mprev = m;
777 len += m->m_len;
778 if (m->m_flags & M_EOR)
779 recordp = 1;
780 }
781 datalen = (cb->s_flags & SF_HO) ?
782 len - sizeof(struct spxhdr) : len;
783 if (datalen > mtu) {
784 if (cb->s_flags & SF_PI) {
785 m_freem(m0);
786 return (EMSGSIZE);
787 } else {
788 int oldEM = cb->s_cc & SPX_EM;
789
790 cb->s_cc &= ~SPX_EM;
791 while (len > mtu) {
792 m = m_copym(m0, 0, mtu, M_DONTWAIT);
793 if (m == NULL) {
794 cb->s_cc |= oldEM;
795 m_freem(m0);
796 return (ENOBUFS);
797 }
798 if (cb->s_flags & SF_NEWCALL) {
799 struct mbuf *mm = m;
800 spx_newchecks[7]++;
801 while (mm != NULL) {
802 mm->m_flags &= ~M_EOR;
803 mm = mm->m_next;
804 }
805 }
806 error = spx_output(cb, m);
807 if (error) {
808 cb->s_cc |= oldEM;
809 m_freem(m0);
810 return (error);
811 }
812 m_adj(m0, mtu);
813 len -= mtu;
814 }
815 cb->s_cc |= oldEM;
816 }
817 }
818
819 /*
820 * Force length even, by adding a "garbage byte" if
821 * necessary.
822 */
823 if (len & 1) {
824 m = mprev;
825 if (M_TRAILINGSPACE(m) >= 1)
826 m->m_len++;
827 else {
828 struct mbuf *m1 = m_get(M_DONTWAIT, MT_DATA);
829
830 if (m1 == NULL) {
831 m_freem(m0);
832 return (ENOBUFS);
833 }
834 m1->m_len = 1;
835 *(mtod(m1, u_char *)) = 0;
836 m->m_next = m1;
837 }
838 }
839 m = m_gethdr(M_DONTWAIT, MT_DATA);
840 if (m == NULL) {
841 m_freem(m0);
842 return (ENOBUFS);
843 }
844
845 /*
846 * Fill in mbuf with extended SP header and addresses and
847 * length put into network format.
848 */
849 MH_ALIGN(m, sizeof(struct spx));
850 m->m_len = sizeof(struct spx);
851 m->m_next = m0;
852 si = mtod(m, struct spx *);
853 si->si_i = *cb->s_ipx;
854 si->si_s = cb->s_shdr;
855 if ((cb->s_flags & SF_PI) && (cb->s_flags & SF_HO)) {
856 struct spxhdr *sh;
857 if (m0->m_len < sizeof(*sh)) {
858 if((m0 = m_pullup(m0, sizeof(*sh))) == NULL) {
859 m_free(m);
860 m_freem(m0);
861 return (EINVAL);
862 }
863 m->m_next = m0;
864 }
865 sh = mtod(m0, struct spxhdr *);
866 si->si_dt = sh->spx_dt;
867 si->si_cc |= sh->spx_cc & SPX_EM;
868 m0->m_len -= sizeof(*sh);
869 m0->m_data += sizeof(*sh);
870 len -= sizeof(*sh);
871 }
872 len += sizeof(*si);
873 if ((cb->s_flags2 & SF_NEWCALL) && recordp) {
874 si->si_cc |= SPX_EM;
875 spx_newchecks[8]++;
876 }
877 if (cb->s_oobflags & SF_SOOB) {
878 /*
879 * Per jqj@cornell: Make sure OB packets convey
880 * exactly 1 byte. If the packet is 1 byte or
881 * larger, we have already guaranted there to be at
882 * least one garbage byte for the checksum, and extra
883 * bytes shouldn't hurt!
884 */
885 if (len > sizeof(*si)) {
886 si->si_cc |= SPX_OB;
887 len = (1 + sizeof(*si));
888 }
889 }
890 si->si_len = htons((u_short)len);
891 m->m_pkthdr.len = ((len - 1) | 1) + 1;
892
893 /*
894 * Queue stuff up for output.
895 */
896 sbappendrecord(sb, m);
897 cb->s_seq++;
898 }
899 #ifdef notdef
900 idle = (cb->s_smax == (cb->s_rack - 1));
901 #endif
902 again:
903 sendalot = 0;
904 off = cb->s_snxt - cb->s_rack;
905 win = min(cb->s_swnd, (cb->s_cwnd / CUNIT));
906
907 /*
908 * If in persist timeout with window of 0, send a probe. Otherwise,
909 * if window is small but non-zero and timer expired, send what we
910 * can and go into transmit state.
911 */
912 if (cb->s_force == 1 + SPXT_PERSIST) {
913 if (win != 0) {
914 cb |