diff options
Diffstat (limited to 'freebsd/sys/netinet/sctp_input.c')
| -rw-r--r-- | freebsd/sys/netinet/sctp_input.c | 2241 |
1 files changed, 1208 insertions, 1033 deletions
diff --git a/freebsd/sys/netinet/sctp_input.c b/freebsd/sys/netinet/sctp_input.c index 965bec86..817a95f7 100644 --- a/freebsd/sys/netinet/sctp_input.c +++ b/freebsd/sys/netinet/sctp_input.c @@ -2,16 +2,18 @@ /*- * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. + * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. + * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * a) Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * this list of conditions and the following disclaimer. * * b) Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the distribution. + * the documentation and/or other materials provided with the distribution. * * c) Neither the name of Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived @@ -30,8 +32,6 @@ * THE POSSIBILITY OF SUCH DAMAGE. */ -/* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */ - #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); @@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/sctp_timer.h> #include <netinet/sctp_crc32.h> #include <netinet/udp.h> +#include <sys/smp.h> @@ -81,61 +82,38 @@ sctp_stop_all_cookie_timers(struct sctp_tcb *stcb) /* INIT handler */ static void -sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, - struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb, - struct sctp_nets *net, int *abort_no_unlock, uint32_t vrf_id, uint16_t port) +sctp_handle_init(struct mbuf *m, int iphlen, int offset, + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, + struct sctp_init_chunk *cp, struct sctp_inpcb *inp, + struct sctp_tcb *stcb, int *abort_no_unlock, + uint8_t use_mflowid, uint32_t mflowid, + uint32_t vrf_id, uint16_t port) { struct sctp_init *init; struct mbuf *op_err; - uint32_t init_limit; SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", - stcb); + (void *)stcb); if (stcb == NULL) { SCTP_INP_RLOCK(inp); - if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { - goto outnow; - } - } - op_err = NULL; - init = &cp->init; - /* First are we accepting? */ - if ((inp->sctp_socket->so_qlimit == 0) && (stcb == NULL)) { - SCTPDBG(SCTP_DEBUG_INPUT2, - "sctp_handle_init: Abort, so_qlimit:%d\n", - inp->sctp_socket->so_qlimit); - /* - * FIX ME ?? What about TCP model and we have a - * match/restart case? Actually no fix is needed. the lookup - * will always find the existing assoc so stcb would not be - * NULL. It may be questionable to do this since we COULD - * just send back the INIT-ACK and hope that the app did - * accept()'s by the time the COOKIE was sent. But there is - * a price to pay for COOKIE generation and I don't want to - * pay it on the chance that the app will actually do some - * accepts(). The App just looses and should NOT be in this - * state :-) - */ - sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, - vrf_id, port); - if (stcb) - *abort_no_unlock = 1; - goto outnow; } + /* validate length */ if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { - /* Invalid length */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, + sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, + use_mflowid, mflowid, vrf_id, port); if (stcb) *abort_no_unlock = 1; goto outnow; } /* validate parameters */ + init = &cp->init; if (init->initiate_tag == 0) { /* protocol error... send abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, + sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, + use_mflowid, mflowid, vrf_id, port); if (stcb) *abort_no_unlock = 1; @@ -144,7 +122,8 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { /* invalid parameter... send abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, + sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, + use_mflowid, mflowid, vrf_id, port); if (stcb) *abort_no_unlock = 1; @@ -153,7 +132,8 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, if (init->num_inbound_streams == 0) { /* protocol error... send abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, + sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, + use_mflowid, mflowid, vrf_id, port); if (stcb) *abort_no_unlock = 1; @@ -162,25 +142,64 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, if (init->num_outbound_streams == 0) { /* protocol error... send abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, + sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, + use_mflowid, mflowid, vrf_id, port); if (stcb) *abort_no_unlock = 1; goto outnow; } - init_limit = offset + ntohs(cp->ch.chunk_length); if (sctp_validate_init_auth_params(m, offset + sizeof(*cp), - init_limit)) { + offset + ntohs(cp->ch.chunk_length))) { /* auth parameter(s) error... send abort */ - sctp_abort_association(inp, stcb, m, iphlen, sh, NULL, vrf_id, port); + sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, NULL, + use_mflowid, mflowid, + vrf_id, port); if (stcb) *abort_no_unlock = 1; goto outnow; } - /* send an INIT-ACK w/cookie */ - SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n"); - sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp, vrf_id, port, - ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED)); + /* + * We are only accepting if we have a socket with positive + * so_qlimit. + */ + if ((stcb == NULL) && + ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || + (inp->sctp_socket == NULL) || + (inp->sctp_socket->so_qlimit == 0))) { + /* + * FIX ME ?? What about TCP model and we have a + * match/restart case? Actually no fix is needed. the lookup + * will always find the existing assoc so stcb would not be + * NULL. It may be questionable to do this since we COULD + * just send back the INIT-ACK and hope that the app did + * accept()'s by the time the COOKIE was sent. But there is + * a price to pay for COOKIE generation and I don't want to + * pay it on the chance that the app will actually do some + * accepts(). The App just looses and should NOT be in this + * state :-) + */ + if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) { + sctp_send_abort(m, iphlen, src, dst, sh, 0, NULL, + use_mflowid, mflowid, + vrf_id, port); + } + goto outnow; + } + if ((stcb != NULL) && + (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { + SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); + sctp_send_shutdown_ack(stcb, NULL); + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); + } else { + SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n"); + sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, src, dst, + sh, cp, + use_mflowid, mflowid, + vrf_id, port, + ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED)); + } outnow: if (stcb == NULL) { SCTP_INP_RUNLOCK(inp); @@ -192,11 +211,15 @@ outnow: */ int -sctp_is_there_unsent_data(struct sctp_tcb *stcb) +sctp_is_there_unsent_data(struct sctp_tcb *stcb, int so_locked +#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) + SCTP_UNUSED +#endif +) { int unsent_data = 0; + unsigned int i; struct sctp_stream_queue_pending *sp; - struct sctp_stream_out *strq; struct sctp_association *asoc; /* @@ -207,12 +230,11 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb) */ asoc = &stcb->asoc; SCTP_TCB_SEND_LOCK(stcb); - if (!TAILQ_EMPTY(&asoc->out_wheel)) { + if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { /* Check to see if some data queued */ - TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) { - is_there_another: + for (i = 0; i < stcb->asoc.streamoutcnt; i++) { /* sa_ignore FREED_MEMORY */ - sp = TAILQ_FIRST(&strq->outqueue); + sp = TAILQ_FIRST(&stcb->asoc.strmout[i].outqueue); if (sp == NULL) { continue; } @@ -233,7 +255,7 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb) sp->put_last_out); } atomic_subtract_int(&stcb->asoc.stream_queue_cnt, 1); - TAILQ_REMOVE(&strq->outqueue, sp, next); + TAILQ_REMOVE(&stcb->asoc.strmout[i].outqueue, sp, next); if (sp->net) { sctp_free_remote_addr(sp->net); sp->net = NULL; @@ -242,11 +264,10 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb) sctp_m_freem(sp->data); sp->data = NULL; } - sctp_free_a_strmoq(stcb, sp); - goto is_there_another; + sctp_free_a_strmoq(stcb, sp, so_locked); } else { unsent_data++; - continue; + break; } } } @@ -255,8 +276,7 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb) } static int -sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, - struct sctp_nets *net) +sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb) { struct sctp_init *init; struct sctp_association *asoc; @@ -268,11 +288,13 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, /* save off parameters */ asoc->peer_vtag = ntohl(init->initiate_tag); asoc->peers_rwnd = ntohl(init->a_rwnd); + /* init tsn's */ + asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1; + if (!TAILQ_EMPTY(&asoc->nets)) { /* update any ssthresh's that may have a default */ TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { lnet->ssthresh = asoc->peers_rwnd; - if (SCTP_BASE_SYSCTL(sctp_logging_level) & (SCTP_CWND_MONITOR_ENABLE | SCTP_CWND_LOGGING_ENABLE)) { sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION); } @@ -282,43 +304,43 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) { unsigned int newcnt; struct sctp_stream_out *outs; - struct sctp_stream_queue_pending *sp; - struct sctp_tmit_chunk *chk, *chk_next; + struct sctp_stream_queue_pending *sp, *nsp; + struct sctp_tmit_chunk *chk, *nchk; /* abandon the upper streams */ newcnt = ntohs(init->num_inbound_streams); - if (!TAILQ_EMPTY(&asoc->send_queue)) { - chk = TAILQ_FIRST(&asoc->send_queue); - while (chk) { - chk_next = TAILQ_NEXT(chk, sctp_next); - if (chk->rec.data.stream_number >= newcnt) { - TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); - asoc->send_queue_cnt--; - if (chk->data != NULL) { - sctp_free_bufspace(stcb, asoc, chk, 1); - sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, - SCTP_NOTIFY_DATAGRAM_UNSENT, chk, SCTP_SO_NOT_LOCKED); - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } + TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { + if (chk->rec.data.stream_number >= newcnt) { + TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); + asoc->send_queue_cnt--; + if (asoc->strmout[chk->rec.data.stream_number].chunks_on_queues > 0) { + asoc->strmout[chk->rec.data.stream_number].chunks_on_queues--; +#ifdef INVARIANTS + } else { + panic("No chunks on the queues for sid %u.", chk->rec.data.stream_number); +#endif + } + if (chk->data != NULL) { + sctp_free_bufspace(stcb, asoc, chk, 1); + sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, + 0, chk, SCTP_SO_NOT_LOCKED); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; } - sctp_free_a_chunk(stcb, chk); - /* sa_ignore FREED_MEMORY */ } - chk = chk_next; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + /* sa_ignore FREED_MEMORY */ } } if (asoc->strmout) { for (i = newcnt; i < asoc->pre_open_streams; i++) { outs = &asoc->strmout[i]; - sp = TAILQ_FIRST(&outs->outqueue); - while (sp) { + TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { TAILQ_REMOVE(&outs->outqueue, sp, next); asoc->stream_queue_cnt--; sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, - stcb, SCTP_NOTIFY_DATAGRAM_UNSENT, - sp, SCTP_SO_NOT_LOCKED); + stcb, 0, sp, SCTP_SO_NOT_LOCKED); if (sp->data) { sctp_m_freem(sp->data); sp->data = NULL; @@ -328,9 +350,8 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, sp->net = NULL; } /* Free the chunk */ - sctp_free_a_strmoq(stcb, sp); + sctp_free_a_strmoq(stcb, sp, SCTP_SO_NOT_LOCKED); /* sa_ignore FREED_MEMORY */ - sp = TAILQ_FIRST(&outs->outqueue); } } } @@ -339,8 +360,7 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, } SCTP_TCB_SEND_UNLOCK(stcb); asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams; - /* init tsn's */ - asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1; + /* EY - nr_sack: initialize highest tsn in nr_mapping_array */ asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { @@ -351,24 +371,22 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, asoc->mapping_array_base_tsn = ntohl(init->initial_tsn); asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->asconf_seq_in; - asoc->last_echo_tsn = asoc->asconf_seq_in; + asoc->advanced_peer_ack_point = asoc->last_acked_seq; /* open the requested streams */ if (asoc->strmin != NULL) { /* Free the old ones */ - struct sctp_queued_to_read *ctl; + struct sctp_queued_to_read *ctl, *nctl; for (i = 0; i < asoc->streamincnt; i++) { - ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue); - while (ctl) { + TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) { TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next); sctp_free_remote_addr(ctl->whoFrom); ctl->whoFrom = NULL; sctp_m_freem(ctl->data); ctl->data = NULL; sctp_free_a_readq(stcb, ctl); - ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue); } } SCTP_FREE(asoc->strmin, SCTP_M_STRMI); @@ -413,8 +431,11 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb, */ static int sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, - struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, - struct sctp_nets *net, int *abort_no_unlock, uint32_t vrf_id) + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, + struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, + struct sctp_nets *net, int *abort_no_unlock, + uint8_t use_mflowid, uint32_t mflowid, + uint32_t vrf_id) { struct sctp_association *asoc; struct mbuf *op_err; @@ -431,40 +452,40 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, &abort_flag, (struct sctp_chunkhdr *)cp, &nat_friendly); if (abort_flag) { /* Send an abort and notify peer */ - sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_CAUSE_PROTOCOL_VIOLATION, op_err, SCTP_SO_NOT_LOCKED); + sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_no_unlock = 1; return (-1); } asoc = &stcb->asoc; asoc->peer_supports_nat = (uint8_t) nat_friendly; /* process the peer's parameters in the INIT-ACK */ - retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net); + retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb); if (retval < 0) { return (retval); } initack_limit = offset + ntohs(cp->ch.chunk_length); /* load all addresses */ - if ((retval = sctp_load_addresses_from_init(stcb, m, iphlen, - (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh, - NULL))) { + if ((retval = sctp_load_addresses_from_init(stcb, m, + (offset + sizeof(struct sctp_init_chunk)), initack_limit, + src, dst, NULL))) { /* Huh, we should abort */ SCTPDBG(SCTP_DEBUG_INPUT1, "Load addresses from INIT causes an abort %d\n", retval); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, - NULL, 0, net->port); + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, NULL, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; return (-1); } /* if the peer doesn't support asconf, flush the asconf queue */ if (asoc->peer_supports_asconf == 0) { - struct sctp_asconf_addr *aparam; + struct sctp_asconf_addr *param, *nparam; - while (!TAILQ_EMPTY(&asoc->asconf_queue)) { - /* sa_ignore FREED_MEMORY */ - aparam = TAILQ_FIRST(&asoc->asconf_queue); - TAILQ_REMOVE(&asoc->asconf_queue, aparam, next); - SCTP_FREE(aparam, SCTP_M_ASC_ADDR); + TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { + TAILQ_REMOVE(&asoc->asconf_queue, param, next); + SCTP_FREE(param, SCTP_M_ASC_ADDR); } } stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, @@ -495,7 +516,8 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4); /* calculate the RTO */ - net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, sctp_align_safe_nocopy); + net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, sctp_align_safe_nocopy, + SCTP_RTT_FROM_NON_DATA); retval = sctp_send_cookie_echo(m, offset, stcb, net); if (retval < 0) { @@ -527,7 +549,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, mp->resv = 0; } sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, - sh, op_err, 0, net->port); + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; } return (retval); @@ -540,38 +564,58 @@ sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, struct sctp_tcb *stcb, struct sctp_nets *net) { struct sockaddr_storage store; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; struct sctp_nets *r_net, *f_net; struct timeval tv; int req_prim = 0; + uint16_t old_error_counter; + +#ifdef INET + struct sockaddr_in *sin; + +#endif +#ifdef INET6 + struct sockaddr_in6 *sin6; + +#endif if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) { /* Invalid length */ return; } - sin = (struct sockaddr_in *)&store; - sin6 = (struct sockaddr_in6 *)&store; - memset(&store, 0, sizeof(store)); - if (cp->heartbeat.hb_info.addr_family == AF_INET && - cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) { - sin->sin_family = cp->heartbeat.hb_info.addr_family; - sin->sin_len = cp->heartbeat.hb_info.addr_len; - sin->sin_port = stcb->rport; - memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address, - sizeof(sin->sin_addr)); - } else if (cp->heartbeat.hb_info.addr_family == AF_INET6 && - cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) { - sin6->sin6_family = cp->heartbeat.hb_info.addr_family; - sin6->sin6_len = cp->heartbeat.hb_info.addr_len; - sin6->sin6_port = stcb->rport; - memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address, - sizeof(sin6->sin6_addr)); - } else { + switch (cp->heartbeat.hb_info.addr_family) { +#ifdef INET + case AF_INET: + if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) { + sin = (struct sockaddr_in *)&store; + sin->sin_family = cp->heartbeat.hb_info.addr_family; + sin->sin_len = cp->heartbeat.hb_info.addr_len; + sin->sin_port = stcb->rport; + memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address, + sizeof(sin->sin_addr)); + } else { + return; + } + break; +#endif +#ifdef INET6 + case AF_INET6: + if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) { + sin6 = (struct sockaddr_in6 *)&store; + sin6->sin6_family = cp->heartbeat.hb_info.addr_family; + sin6->sin6_len = cp->heartbeat.hb_info.addr_len; + sin6->sin6_port = stcb->rport; + memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address, + sizeof(sin6->sin6_addr)); + } else { + return; + } + break; +#endif + default: return; } - r_net = sctp_findnet(stcb, (struct sockaddr *)sin); + r_net = sctp_findnet(stcb, (struct sockaddr *)&store); if (r_net == NULL) { SCTPDBG(SCTP_DEBUG_INPUT1, "Huh? I can't find the address I sent it to, discard\n"); return; @@ -586,7 +630,6 @@ sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; if (r_net->dest_state & SCTP_ADDR_REQ_PRIMARY) { stcb->asoc.primary_destination = r_net; - r_net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY; r_net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY; f_net = TAILQ_FIRST(&stcb->asoc.nets); if (f_net != r_net) { @@ -603,43 +646,37 @@ sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, } sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, stcb, 0, (void *)r_net, SCTP_SO_NOT_LOCKED); + sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3); + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net); } + old_error_counter = r_net->error_count; r_net->error_count = 0; r_net->hb_responded = 1; tv.tv_sec = cp->heartbeat.hb_info.time_value_1; tv.tv_usec = cp->heartbeat.hb_info.time_value_2; - if (r_net->dest_state & SCTP_ADDR_NOT_REACHABLE) { - r_net->dest_state &= ~SCTP_ADDR_NOT_REACHABLE; + /* Now lets do a RTO with this */ + r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, sctp_align_safe_nocopy, + SCTP_RTT_FROM_NON_DATA); + if (!(r_net->dest_state & SCTP_ADDR_REACHABLE)) { r_net->dest_state |= SCTP_ADDR_REACHABLE; sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb, - SCTP_HEARTBEAT_SUCCESS, (void *)r_net, SCTP_SO_NOT_LOCKED); - /* now was it the primary? if so restore */ - if (r_net->dest_state & SCTP_ADDR_WAS_PRIMARY) { - (void)sctp_set_primary_addr(stcb, (struct sockaddr *)NULL, r_net); - } + 0, (void *)r_net, SCTP_SO_NOT_LOCKED); } - /* - * JRS 5/14/07 - If CMT PF is on and the destination is in PF state, - * set the destination to active state and set the cwnd to one or - * two MTU's based on whether PF1 or PF2 is being used. If a T3 - * timer is running, for the destination, stop the timer because a - * PF-heartbeat was received. - */ - if ((stcb->asoc.sctp_cmt_on_off == 1) && - (stcb->asoc.sctp_cmt_pf > 0) && - ((net->dest_state & SCTP_ADDR_PF) == SCTP_ADDR_PF)) { - if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { - sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, - stcb, net, - SCTP_FROM_SCTP_INPUT + SCTP_LOC_5); - } - net->dest_state &= ~SCTP_ADDR_PF; - net->cwnd = net->mtu * stcb->asoc.sctp_cmt_pf; - SCTPDBG(SCTP_DEBUG_INPUT1, "Destination %p moved from PF to reachable with cwnd %d.\n", - net, net->cwnd); + if (r_net->dest_state & SCTP_ADDR_PF) { + r_net->dest_state &= ~SCTP_ADDR_PF; + stcb->asoc.cc_functions.sctp_cwnd_update_exit_pf(stcb, net); + } + if (old_error_counter > 0) { + sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3); + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net); + } + if (r_net == stcb->asoc.primary_destination) { + if (stcb->asoc.alternate) { + /* release the alternate, primary is good */ + sctp_free_remote_addr(stcb->asoc.alternate); + stcb->asoc.alternate = NULL; + } } - /* Now lets do a RTO with this */ - r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, sctp_align_safe_nocopy); /* Mobility adaptation */ if (req_prim) { if ((sctp_is_mobility_feature_on(stcb->sctp_ep, @@ -730,61 +767,51 @@ sctp_handle_nat_missing_state(struct sctp_tcb *stcb, static void -sctp_handle_abort(struct sctp_abort_chunk *cp, +sctp_handle_abort(struct sctp_abort_chunk *abort, struct sctp_tcb *stcb, struct sctp_nets *net) { -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif uint16_t len; + uint16_t error; SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: handling ABORT\n"); if (stcb == NULL) return; - len = ntohs(cp->ch.chunk_length); + len = ntohs(abort->ch.chunk_length); if (len > sizeof(struct sctp_chunkhdr)) { /* * Need to check the cause codes for our two magic nat * aborts which don't kill the assoc necessarily. */ - struct sctp_abort_chunk *cpnext; struct sctp_missing_nat_state *natc; - uint16_t cause; - cpnext = cp; - cpnext++; - natc = (struct sctp_missing_nat_state *)cpnext; - cause = ntohs(natc->cause); - if (cause == SCTP_CAUSE_NAT_COLLIDING_STATE) { + natc = (struct sctp_missing_nat_state *)(abort + 1); + error = ntohs(natc->cause); + if (error == SCTP_CAUSE_NAT_COLLIDING_STATE) { SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state abort flags:%x\n", - cp->ch.chunk_flags); + abort->ch.chunk_flags); if (sctp_handle_nat_colliding_state(stcb)) { return; } - } else if (cause == SCTP_CAUSE_NAT_MISSING_STATE) { + } else if (error == SCTP_CAUSE_NAT_MISSING_STATE) { SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state abort flags:%x\n", - cp->ch.chunk_flags); + abort->ch.chunk_flags); if (sctp_handle_nat_missing_state(stcb, net)) { return; } } + } else { + error = 0; } /* stop any receive timers */ sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_6); /* notify user of the abort and clean up... */ - sctp_abort_notification(stcb, 0, SCTP_SO_NOT_LOCKED); + sctp_abort_notification(stcb, 1, error, abort, SCTP_SO_NOT_LOCKED); /* free the tcb */ -#if defined(SCTP_PANIC_ON_ABORT) - printf("stcb:%p state:%d rport:%d net:%p\n", - stcb, stcb->asoc.state, stcb->rport, net); - if (!(stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { - panic("Received an ABORT"); - } else { - printf("No panic its in state %x closed\n", stcb->asoc.state); - } -#endif SCTP_STAT_INCR_COUNTER32(sctps_aborted); if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { @@ -793,7 +820,7 @@ sctp_handle_abort(struct sctp_abort_chunk *cp, #ifdef SCTP_ASOCLOG_OF_TSNS sctp_print_out_track_log(stcb); #endif -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -804,20 +831,49 @@ sctp_handle_abort(struct sctp_abort_chunk *cp, stcb->asoc.state |= SCTP_STATE_WAS_ABORTED; (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_6); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: finished\n"); } static void +sctp_start_net_timers(struct sctp_tcb *stcb) +{ + uint32_t cnt_hb_sent; + struct sctp_nets *net; + + cnt_hb_sent = 0; + TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { + /* + * For each network start: 1) A pmtu timer. 2) A HB timer 3) + * If the dest in unconfirmed send a hb as well if under + * max_hb_burst have been sent. + */ + sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net); + if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && + (cnt_hb_sent < SCTP_BASE_SYSCTL(sctp_hb_maxburst))) { + sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); + cnt_hb_sent++; + } + } + if (cnt_hb_sent) { + sctp_chunk_output(stcb->sctp_ep, stcb, + SCTP_OUTPUT_FROM_COOKIE_ACK, + SCTP_SO_NOT_LOCKED); + } +} + + +static void sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag) { struct sctp_association *asoc; int some_on_streamwheel; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif @@ -835,7 +891,7 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, /* Shutdown NOT the expected size */ return; } else { - sctp_update_acked(stcb, cp, net, abort_flag); + sctp_update_acked(stcb, cp, abort_flag); if (*abort_flag) { return; } @@ -849,7 +905,7 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, asoc->control_pdapi->pdapi_aborted = 1; asoc->control_pdapi = NULL; SCTP_INP_READ_UNLOCK(stcb->sctp_ep); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -863,7 +919,7 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, } #endif sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } @@ -892,7 +948,7 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_8); } /* Now is there unsent data on a stream somewhere? */ - some_on_streamwheel = sctp_is_there_unsent_data(stcb); + some_on_streamwheel = sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED); if (!TAILQ_EMPTY(&asoc->send_queue) || !TAILQ_EMPTY(&asoc->sent_queue) || @@ -902,7 +958,6 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, } else { /* no outstanding data to send, so move on... */ /* send SHUTDOWN-ACK */ - sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination); /* move to SHUTDOWN-ACK-SENT state */ if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) || (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { @@ -911,19 +966,20 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT); SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); sctp_stop_timers_for_shutdown(stcb); + sctp_send_shutdown_ack(stcb, net); sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep, stcb, net); } } static void -sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp, +sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp SCTP_UNUSED, struct sctp_tcb *stcb, struct sctp_nets *net) { struct sctp_association *asoc; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; so = SCTP_INP_SO(stcb->sctp_ep); @@ -957,7 +1013,7 @@ sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp, asoc->control_pdapi->pdapi_aborted = 1; asoc->control_pdapi = NULL; SCTP_INP_READ_UNLOCK(stcb->sctp_ep); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); @@ -970,15 +1026,15 @@ sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp, } #endif sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } /* are the queues empty? */ if (!TAILQ_EMPTY(&asoc->send_queue) || !TAILQ_EMPTY(&asoc->sent_queue) || - !TAILQ_EMPTY(&asoc->out_wheel)) { - sctp_report_all_outbound(stcb, 0, SCTP_SO_NOT_LOCKED); + !stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { + sctp_report_all_outbound(stcb, 0, 0, SCTP_SO_NOT_LOCKED); } /* stop the timer */ sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_9); @@ -986,16 +1042,15 @@ sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp, sctp_send_shutdown_complete(stcb, net, 0); /* notify upper layer protocol */ if (stcb->sctp_socket) { - sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { - /* Set the connected flag to disconnected */ - stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0; + stcb->sctp_socket->so_snd.sb_cc = 0; } + sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); } SCTP_STAT_INCR_COUNTER32(sctps_shutdown); /* free the TCB but first save off the ep */ -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); @@ -1004,7 +1059,7 @@ sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp, #endif (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_10); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } @@ -1059,11 +1114,6 @@ sctp_process_unrecog_param(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr) case SCTP_HAS_NAT_SUPPORT: stcb->asoc.peer_supports_nat = 0; break; - case SCTP_ECN_NONCE_SUPPORTED: - stcb->asoc.peer_supports_ecn_nonce = 0; - stcb->asoc.ecn_nonce_allowed = 0; - stcb->asoc.ecn_allowed = 0; - break; case SCTP_ADD_IP_ADDRESS: case SCTP_DEL_IP_ADDRESS: case SCTP_SET_PRIM_ADDR: @@ -1090,12 +1140,12 @@ sctp_handle_error(struct sctp_chunkhdr *ch, { int chklen; struct sctp_paramhdr *phdr; - uint16_t error_type; + uint16_t error, error_type; uint16_t error_len; struct sctp_association *asoc; int adjust; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif @@ -1105,6 +1155,7 @@ sctp_handle_error(struct sctp_chunkhdr *ch, phdr = (struct sctp_paramhdr *)((caddr_t)ch + sizeof(struct sctp_chunkhdr)); chklen = ntohs(ch->chunk_length) - sizeof(struct sctp_chunkhdr); + error = 0; while ((size_t)chklen >= sizeof(struct sctp_paramhdr)) { /* Process an Error Cause */ error_type = ntohs(phdr->param_type); @@ -1115,6 +1166,10 @@ sctp_handle_error(struct sctp_chunkhdr *ch, chklen, error_len); return (0); } + if (error == 0) { + /* report the first error cause */ + error = error_type; + } switch (error_type) { case SCTP_CAUSE_INVALID_STREAM: case SCTP_CAUSE_MISSING_PARAM: @@ -1151,9 +1206,9 @@ sctp_handle_error(struct sctp_chunkhdr *ch, asoc->stale_cookie_count++; if (asoc->stale_cookie_count > asoc->max_init_times) { - sctp_abort_notification(stcb, 0, SCTP_SO_NOT_LOCKED); + sctp_abort_notification(stcb, 0, 0, NULL, SCTP_SO_NOT_LOCKED); /* now free the asoc */ -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -1163,7 +1218,7 @@ sctp_handle_error(struct sctp_chunkhdr *ch, #endif (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_11); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif return (-1); @@ -1231,13 +1286,17 @@ sctp_handle_error(struct sctp_chunkhdr *ch, chklen -= adjust; phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust); } + sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, error, ch, SCTP_SO_NOT_LOCKED); return (0); } static int sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, - struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, - struct sctp_nets *net, int *abort_no_unlock, uint32_t vrf_id) + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, + struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, + struct sctp_nets *net, int *abort_no_unlock, + uint8_t use_mflowid, uint32_t mflowid, + uint32_t vrf_id) { struct sctp_init_ack *init_ack; struct mbuf *op_err; @@ -1253,8 +1312,10 @@ sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { /* Invalid length */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, - op_err, 0, net->port); + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; return (-1); } @@ -1263,32 +1324,40 @@ sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, if (init_ack->initiate_tag == 0) { /* protocol error... send an abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, - op_err, 0, net->port); + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; return (-1); } if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { /* protocol error... send an abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, - op_err, 0, net->port); + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; return (-1); } if (init_ack->num_inbound_streams == 0) { /* protocol error... send an abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, - op_err, 0, net->port); + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; return (-1); } if (init_ack->num_outbound_streams == 0) { /* protocol error... send an abort */ op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, - op_err, 0, net->port); + sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, net->port); *abort_no_unlock = 1; return (-1); } @@ -1310,8 +1379,10 @@ sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, stcb, 0, (void *)stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); } - if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, - net, abort_no_unlock, vrf_id) < 0) { + if (sctp_process_init_ack(m, iphlen, offset, src, dst, sh, cp, stcb, + net, abort_no_unlock, + use_mflowid, mflowid, + vrf_id) < 0) { /* error in parsing parameters */ return (-1); } @@ -1362,10 +1433,12 @@ sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, static struct sctp_tcb * sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, struct sctp_inpcb *inp, struct sctp_nets **netp, struct sockaddr *init_src, int *notification, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, + uint8_t use_mflowid, uint32_t mflowid, uint32_t vrf_id, uint16_t port); @@ -1377,10 +1450,13 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, */ static struct sctp_tcb * sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets **netp, - struct sockaddr *init_src, int *notification, sctp_assoc_t * sac_assoc_id, - uint32_t vrf_id, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, uint16_t port) + struct sockaddr *init_src, int *notification, + int auth_skipped, uint32_t auth_offset, uint32_t auth_len, + uint8_t use_mflowid, uint32_t mflowid, + uint32_t vrf_id, uint16_t port) { struct sctp_association *asoc; struct sctp_init_chunk *init_cp, init_buf; @@ -1388,7 +1464,6 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, struct sctp_nets *net; struct mbuf *op_err; struct sctp_paramhdr *ph; - int chk_length; int init_offset, initack_offset, i; int retval; int spec_flag = 0; @@ -1418,7 +1493,8 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, ph = mtod(op_err, struct sctp_paramhdr *); ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN); ph->param_length = htons(sizeof(struct sctp_paramhdr)); - sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag, + sctp_send_operr_to(src, dst, sh, cookie->peers_vtag, op_err, + use_mflowid, mflowid, vrf_id, net->port); if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 2; @@ -1438,7 +1514,6 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, /* could not pull a INIT chunk in cookie */ return (NULL); } - chk_length = ntohs(init_cp->ch.chunk_length); if (init_cp->ch.chunk_type != SCTP_INITIATION) { return (NULL); } @@ -1446,7 +1521,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, * find and validate the INIT-ACK chunk in the cookie (my info) the * INIT-ACK follows the INIT chunk */ - initack_offset = init_offset + SCTP_SIZE32(chk_length); + initack_offset = init_offset + SCTP_SIZE32(ntohs(init_cp->ch.chunk_length)); initack_cp = (struct sctp_init_ack_chunk *) sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk), (uint8_t *) & initack_buf); @@ -1454,7 +1529,6 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, /* could not pull INIT-ACK chunk in cookie */ return (NULL); } - chk_length = ntohs(initack_cp->ch.chunk_length); if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) { return (NULL); } @@ -1495,7 +1569,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, * the right seq no's. */ /* First we must process the INIT !! */ - retval = sctp_process_init(init_cp, stcb, net); + retval = sctp_process_init(init_cp, stcb); if (retval < 0) { if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 3; @@ -1522,7 +1596,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && (inp->sctp_socket->so_qlimit == 0) ) { -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif @@ -1534,7 +1608,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, */ stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -1547,7 +1621,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, } #endif soisconnected(stcb->sctp_socket); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } @@ -1559,7 +1633,9 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, */ net->hb_responded = 1; net->RTO = sctp_calculate_rto(stcb, asoc, net, - &cookie->time_entered, sctp_align_unsafe_makecopy); + &cookie->time_entered, + sctp_align_unsafe_makecopy, + SCTP_RTT_FROM_NON_DATA); if (stcb->asoc.sctp_autoclose_ticks && (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) { @@ -1580,9 +1656,9 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, * somehow abort.. but we do have an existing asoc. This * really should not fail. */ - if (sctp_load_addresses_from_init(stcb, m, iphlen, + if (sctp_load_addresses_from_init(stcb, m, init_offset + sizeof(struct sctp_init_chunk), - initack_offset, sh, init_src)) { + initack_offset, src, dst, init_src)) { if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 4; return (NULL); @@ -1643,7 +1719,9 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, ph = mtod(op_err, struct sctp_paramhdr *); ph->param_type = htons(SCTP_CAUSE_NAT_COLLIDING_STATE); ph->param_length = htons(sizeof(struct sctp_paramhdr)); - sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port); + sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, + use_mflowid, mflowid, + vrf_id, port); return (NULL); } if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && @@ -1693,8 +1771,6 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams); - /* Note last_cwr_tsn? where is this used? */ - asoc->last_cwr_tsn = asoc->init_seq_number - 1; if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) { /* * Ok the peer probably discarded our data (if we @@ -1718,15 +1794,15 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, } /* process the INIT info (peer's info) */ - retval = sctp_process_init(init_cp, stcb, net); + retval = sctp_process_init(init_cp, stcb); if (retval < 0) { if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 9; return (NULL); } - if (sctp_load_addresses_from_init(stcb, m, iphlen, + if (sctp_load_addresses_from_init(stcb, m, init_offset + sizeof(struct sctp_init_chunk), - initack_offset, sh, init_src)) { + initack_offset, src, dst, init_src)) { if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 10; return (NULL); @@ -1738,13 +1814,13 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && (inp->sctp_socket->so_qlimit == 0)) { -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -1757,7 +1833,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, } #endif soisconnected(stcb->sctp_socket); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } @@ -1807,9 +1883,11 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, * cookie_new code since we are allowing a duplicate * association. I hope this works... */ - return (sctp_process_cookie_new(m, iphlen, offset, sh, cookie, cookie_len, + return (sctp_process_cookie_new(m, iphlen, offset, src, dst, + sh, cookie, cookie_len, inp, netp, init_src, notification, auth_skipped, auth_offset, auth_len, + use_mflowid, mflowid, vrf_id, port)); } /* @@ -1821,7 +1899,6 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_15); sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); - *sac_assoc_id = sctp_get_associd(stcb); /* notify upper layer */ *notification = SCTP_NOTIFY_ASSOC_RESTART; atomic_add_int(&stcb->asoc.refcnt, 1); @@ -1850,7 +1927,6 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number; asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; - asoc->last_cwr_tsn = asoc->init_seq_number - 1; asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1; asoc->str_reset_seq_in = asoc->init_seq_number; @@ -1872,10 +1948,11 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, /* send up all the data */ SCTP_TCB_SEND_LOCK(stcb); - sctp_report_all_outbound(stcb, 1, SCTP_SO_NOT_LOCKED); + sctp_report_all_outbound(stcb, 0, 1, SCTP_SO_NOT_LOCKED); for (i = 0; i < stcb->asoc.streamoutcnt; i++) { + stcb->asoc.strmout[i].chunks_on_queues = 0; stcb->asoc.strmout[i].stream_no = i; - stcb->asoc.strmout[i].next_sequence_sent = 0; + stcb->asoc.strmout[i].next_sequence_send = 0; stcb->asoc.strmout[i].last_msg_incomplete = 0; } /* process the INIT-ACK info (my info) */ @@ -1898,7 +1975,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, SCTP_INP_WUNLOCK(stcb->sctp_ep); SCTP_INP_INFO_WUNLOCK(); - retval = sctp_process_init(init_cp, stcb, net); + retval = sctp_process_init(init_cp, stcb); if (retval < 0) { if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 13; @@ -1911,9 +1988,9 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, */ net->hb_responded = 1; - if (sctp_load_addresses_from_init(stcb, m, iphlen, + if (sctp_load_addresses_from_init(stcb, m, init_offset + sizeof(struct sctp_init_chunk), - initack_offset, sh, init_src)) { + initack_offset, src, dst, init_src)) { if (how_indx < sizeof(asoc->cookie_how)) asoc->cookie_how[how_indx] = 14; @@ -1942,12 +2019,14 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, * cookie-echo chunk length: length of the cookie chunk to: where the init * was from returns a new TCB */ -struct sctp_tcb * +static struct sctp_tcb * sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, struct sctp_inpcb *inp, struct sctp_nets **netp, struct sockaddr *init_src, int *notification, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, + uint8_t use_mflowid, uint32_t mflowid, uint32_t vrf_id, uint16_t port) { struct sctp_tcb *stcb; @@ -1955,17 +2034,21 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, struct sctp_init_ack_chunk *initack_cp, initack_buf; struct sockaddr_storage sa_store; struct sockaddr *initack_src = (struct sockaddr *)&sa_store; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; struct sctp_association *asoc; - int chk_length; int init_offset, initack_offset, initack_limit; int retval; int error = 0; - uint32_t old_tag; uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE]; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#ifdef INET + struct sockaddr_in *sin; + +#endif +#ifdef INET6 + struct sockaddr_in6 *sin6; + +#endif +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; so = SCTP_INP_SO(inp); @@ -1986,12 +2069,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, "process_cookie_new: could not pull INIT chunk hdr\n"); return (NULL); } - chk_length = ntohs(init_cp->ch.chunk_length); if (init_cp->ch.chunk_type != SCTP_INITIATION) { SCTPDBG(SCTP_DEBUG_INPUT1, "HUH? process_cookie_new: could not find INIT chunk!\n"); return (NULL); } - initack_offset = init_offset + SCTP_SIZE32(chk_length); + initack_offset = init_offset + SCTP_SIZE32(ntohs(init_cp->ch.chunk_length)); /* * find and validate the INIT-ACK chunk in the cookie (my info) the * INIT-ACK follows the INIT chunk @@ -2004,7 +2086,6 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: could not pull INIT-ACK chunk hdr\n"); return (NULL); } - chk_length = ntohs(initack_cp->ch.chunk_length); if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) { return (NULL); } @@ -2040,7 +2121,9 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, - sh, op_err, vrf_id, port); + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, port); return (NULL); } /* get the correct sctp_nets */ @@ -2049,13 +2132,13 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, asoc = &stcb->asoc; /* get scope variables out of cookie */ - asoc->ipv4_local_scope = cookie->ipv4_scope; - asoc->site_scope = cookie->site_scope; - asoc->local_scope = cookie->local_scope; - asoc->loopback_scope = cookie->loopback_scope; + asoc->scope.ipv4_local_scope = cookie->ipv4_scope; + asoc->scope.site_scope = cookie->site_scope; + asoc->scope.local_scope = cookie->local_scope; + asoc->scope.loopback_scope = cookie->loopback_scope; - if ((asoc->ipv4_addr_legal != cookie->ipv4_addr_legal) || - (asoc->ipv6_addr_legal != cookie->ipv6_addr_legal)) { + if ((asoc->scope.ipv4_addr_legal != cookie->ipv4_addr_legal) || + (asoc->scope.ipv6_addr_legal != cookie->ipv6_addr_legal)) { struct mbuf *op_err; /* @@ -2066,29 +2149,29 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, atomic_add_int(&stcb->asoc.refcnt, 1); op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, - sh, op_err, vrf_id, port); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, port); +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif atomic_subtract_int(&stcb->asoc.refcnt, 1); return (NULL); } /* process the INIT-ACK info (my info) */ - old_tag = asoc->my_vtag; asoc->my_vtag = ntohl(initack_cp->init.initiate_tag); asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams); asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn); asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number; asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; - asoc->last_cwr_tsn = asoc->init_seq_number - 1; asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1; asoc->str_reset_seq_in = asoc->init_seq_number; @@ -2096,35 +2179,35 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, /* process the INIT info (peer's info) */ if (netp) - retval = sctp_process_init(init_cp, stcb, *netp); + retval = sctp_process_init(init_cp, stcb); else retval = 0; if (retval < 0) { atomic_add_int(&stcb->asoc.refcnt, 1); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif atomic_subtract_int(&stcb->asoc.refcnt, 1); return (NULL); } /* load all addresses */ - if (sctp_load_addresses_from_init(stcb, m, iphlen, - init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh, - init_src)) { + if (sctp_load_addresses_from_init(stcb, m, + init_offset + sizeof(struct sctp_init_chunk), initack_offset, + src, dst, init_src)) { atomic_add_int(&stcb->asoc.refcnt, 1); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif atomic_subtract_int(&stcb->asoc.refcnt, 1); @@ -2147,13 +2230,13 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, SCTPDBG(SCTP_DEBUG_AUTH1, "COOKIE-ECHO: AUTH failed\n"); atomic_add_int(&stcb->asoc.refcnt, 1); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_18); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif atomic_subtract_int(&stcb->asoc.refcnt, 1); @@ -2185,14 +2268,19 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, /* warning, we re-use sin, sin6, sa_store here! */ /* pull in local_address (our "from" address) */ - if (cookie->laddr_type == SCTP_IPV4_ADDRESS) { + switch (cookie->laddr_type) { +#ifdef INET + case SCTP_IPV4_ADDRESS: /* source addr is IPv4 */ sin = (struct sockaddr_in *)initack_src; memset(sin, 0, sizeof(*sin)); sin->sin_family = AF_INET; sin->sin_len = sizeof(struct sockaddr_in); sin->sin_addr.s_addr = cookie->laddress[0]; - } else if (cookie->laddr_type == SCTP_IPV6_ADDRESS) { + break; +#endif +#ifdef INET6 + case SCTP_IPV6_ADDRESS: /* source addr is IPv6 */ sin6 = (struct sockaddr_in6 *)initack_src; memset(sin6, 0, sizeof(*sin6)); @@ -2201,15 +2289,17 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, sin6->sin6_scope_id = cookie->scope_id; memcpy(&sin6->sin6_addr, cookie->laddress, sizeof(sin6->sin6_addr)); - } else { + break; +#endif + default: atomic_add_int(&stcb->asoc.refcnt, 1); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif atomic_subtract_int(&stcb->asoc.refcnt, 1); @@ -2230,7 +2320,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, * a bit of protection is worth having.. */ stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); @@ -2242,7 +2332,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, } #endif soisconnected(stcb->sctp_socket); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && @@ -2266,7 +2356,8 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); if ((netp) && (*netp)) { (*netp)->RTO = sctp_calculate_rto(stcb, asoc, *netp, - &cookie->time_entered, sctp_align_unsafe_makecopy); + &cookie->time_entered, sctp_align_unsafe_makecopy, + SCTP_RTT_FROM_NON_DATA); } /* respond with a COOKIE-ACK */ sctp_send_cookie_ack(stcb); @@ -2304,33 +2395,40 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, */ static struct mbuf * sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp, struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, - struct sctp_tcb **locked_tcb, uint32_t vrf_id, uint16_t port) + struct sctp_tcb **locked_tcb, + uint8_t use_mflowid, uint32_t mflowid, + uint32_t vrf_id, uint16_t port) { struct sctp_state_cookie *cookie; - struct sockaddr_in6 sin6; - struct sockaddr_in sin; struct sctp_tcb *l_stcb = *stcb; struct sctp_inpcb *l_inp; struct sockaddr *to; - sctp_assoc_t sac_restart_id; struct sctp_pcb *ep; struct mbuf *m_sig; uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; uint8_t *sig; uint8_t cookie_ok = 0; - unsigned int size_of_pkt, sig_offset, cookie_offset; + unsigned int sig_offset, cookie_offset; unsigned int cookie_len; struct timeval now; struct timeval time_expires; - struct sockaddr_storage dest_store; - struct sockaddr *localep_sa = (struct sockaddr *)&dest_store; - struct ip *iph; int notification = 0; struct sctp_nets *netl; int had_a_existing_tcb = 0; + int send_int_conf = 0; + +#ifdef INET + struct sockaddr_in sin; + +#endif +#ifdef INET6 + struct sockaddr_in6 sin6; + +#endif SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_cookie: handling COOKIE-ECHO\n"); @@ -2338,45 +2436,6 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, if (inp_p == NULL) { return (NULL); } - /* First get the destination address setup too. */ - iph = mtod(m, struct ip *); - switch (iph->ip_v) { - case IPVERSION: - { - /* its IPv4 */ - struct sockaddr_in *lsin; - - lsin = (struct sockaddr_in *)(localep_sa); - memset(lsin, 0, sizeof(*lsin)); - lsin->sin_family = AF_INET; - lsin->sin_len = sizeof(*lsin); - lsin->sin_port = sh->dest_port; - lsin->sin_addr.s_addr = iph->ip_dst.s_addr; - size_of_pkt = SCTP_GET_IPV4_LENGTH(iph); - break; - } -#ifdef INET6 - case IPV6_VERSION >> 4: - { - /* its IPv6 */ - struct ip6_hdr *ip6; - struct sockaddr_in6 *lsin6; - - lsin6 = (struct sockaddr_in6 *)(localep_sa); - memset(lsin6, 0, sizeof(*lsin6)); - lsin6->sin6_family = AF_INET6; - lsin6->sin6_len = sizeof(struct sockaddr_in6); - ip6 = mtod(m, struct ip6_hdr *); - lsin6->sin6_port = sh->dest_port; - lsin6->sin6_addr = ip6->ip6_dst; - size_of_pkt = SCTP_GET_IPV6_LENGTH(ip6) + iphlen; - break; - } -#endif - default: - return (NULL); - } - cookie = &cp->cookie; cookie_offset = offset + sizeof(struct sctp_chunkhdr); cookie_len = ntohs(cp->ch.chunk_length); @@ -2393,11 +2452,10 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, */ return (NULL); } - if (cookie_len > size_of_pkt || - cookie_len < sizeof(struct sctp_cookie_echo_chunk) + + if (cookie_len < sizeof(struct sctp_cookie_echo_chunk) + sizeof(struct sctp_init_chunk) + sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) { - /* cookie too long! or too small */ + /* cookie too small */ return (NULL); } /* @@ -2405,11 +2463,6 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, * calculated in the sctp_hmac_m() call). */ sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE; - if (sig_offset > size_of_pkt) { - /* packet not correct size! */ - /* XXX this may already be accounted for earlier... */ - return (NULL); - } m_sig = m_split(m, sig_offset, M_DONTWAIT); if (m_sig == NULL) { /* out of memory or ?? */ @@ -2419,12 +2472,10 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { struct mbuf *mat; - mat = m_sig; - while (mat) { + for (mat = m_sig; mat; mat = SCTP_BUF_NEXT(mat)) { if (SCTP_BUF_IS_EXTENDED(mat)) { sctp_log_mb(mat, SCTP_MBUF_SPLIT); } - mat = SCTP_BUF_NEXT(mat); } } #endif @@ -2535,7 +2586,8 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, if (tim == 0) tim = now.tv_usec - cookie->time_entered.tv_usec; scm->time_usec = htonl(tim); - sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag, + sctp_send_operr_to(src, dst, sh, cookie->peers_vtag, op_err, + use_mflowid, mflowid, vrf_id, port); return (NULL); } @@ -2549,7 +2601,9 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, * up. */ to = NULL; - if (cookie->addr_type == SCTP_IPV6_ADDRESS) { + switch (cookie->addr_type) { +#ifdef INET6 + case SCTP_IPV6_ADDRESS: memset(&sin6, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; sin6.sin6_len = sizeof(sin6); @@ -2558,20 +2612,25 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, memcpy(&sin6.sin6_addr.s6_addr, cookie->address, sizeof(sin6.sin6_addr.s6_addr)); to = (struct sockaddr *)&sin6; - } else if (cookie->addr_type == SCTP_IPV4_ADDRESS) { + break; +#endif +#ifdef INET + case SCTP_IPV4_ADDRESS: memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_len = sizeof(sin); sin.sin_port = sh->src_port; sin.sin_addr.s_addr = cookie->address[0]; to = (struct sockaddr *)&sin; - } else { + break; +#endif + default: /* This should not happen */ return (NULL); } if ((*stcb == NULL) && to) { /* Yep, lets check */ - *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, localep_sa, NULL); + *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, dst, NULL); if (*stcb == NULL) { /* * We should have only got back the same inp. If we @@ -2603,7 +2662,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, SCTP_INP_INCR_REF((*stcb)->sctp_ep); if ((*stcb)->sctp_ep != l_inp) { SCTP_PRINTF("Huh? ep:%p diff then l_inp:%p?\n", - (*stcb)->sctp_ep, l_inp); + (void *)(*stcb)->sctp_ep, (void *)l_inp); } } } @@ -2614,21 +2673,33 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, cookie_len -= SCTP_SIGNATURE_SIZE; if (*stcb == NULL) { /* this is the "normal" case... get a new TCB */ - *stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie, - cookie_len, *inp_p, netp, to, ¬ification, - auth_skipped, auth_offset, auth_len, vrf_id, port); + *stcb = sctp_process_cookie_new(m, iphlen, offset, src, dst, sh, + cookie, cookie_len, *inp_p, + netp, to, ¬ification, + auth_skipped, auth_offset, auth_len, + use_mflowid, mflowid, + vrf_id, port); } else { /* this is abnormal... cookie-echo on existing TCB */ had_a_existing_tcb = 1; - *stcb = sctp_process_cookie_existing(m, iphlen, offset, sh, + *stcb = sctp_process_cookie_existing(m, iphlen, offset, + src, dst, sh, cookie, cookie_len, *inp_p, *stcb, netp, to, - ¬ification, &sac_restart_id, vrf_id, auth_skipped, auth_offset, auth_len, port); + ¬ification, auth_skipped, auth_offset, auth_len, + use_mflowid, mflowid, + vrf_id, port); } if (*stcb == NULL) { /* still no TCB... must be bad cookie-echo */ return (NULL); } + if ((*netp != NULL) && (use_mflowid != 0)) { + (*netp)->flowid = mflowid; +#ifdef INVARIANTS + (*netp)->flowidset = 1; +#endif + } /* * Ok, we built an association so confirm the address we sent the * INIT-ACK to. @@ -2639,10 +2710,9 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, */ if (netl == NULL) { /* TSNH! Huh, why do I need to add this address here? */ - int ret; - - ret = sctp_add_remote_addr(*stcb, to, SCTP_DONOT_SETSCOPE, - SCTP_IN_COOKIE_PROC); + if (sctp_add_remote_addr(*stcb, to, NULL, SCTP_DONOT_SETSCOPE, SCTP_IN_COOKIE_PROC)) { + return (NULL); + } netl = sctp_findnet(*stcb, to); } if (netl) { @@ -2650,14 +2720,10 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED; (void)sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL, netl); - sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, - (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); + send_int_conf = 1; } } - if (*stcb) { - sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, *inp_p, - *stcb, NULL); - } + sctp_start_net_timers(*stcb); if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { if (!had_a_existing_tcb || (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) { @@ -2674,21 +2740,27 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, * For a restart we will keep the same * socket, no need to do anything. I THINK!! */ - sctp_ulp_notify(notification, *stcb, 0, (void *)&sac_restart_id, SCTP_SO_NOT_LOCKED); + sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); + if (send_int_conf) { + sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, + (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); + } return (m); } oso = (*inp_p)->sctp_socket; atomic_add_int(&(*stcb)->asoc.refcnt, 1); SCTP_TCB_UNLOCK((*stcb)); + CURVNET_SET(oso->so_vnet); so = sonewconn(oso, 0 ); + CURVNET_RESTORE(); SCTP_TCB_LOCK((*stcb)); atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); if (so == NULL) { struct mbuf *op_err; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *pcb_so; #endif @@ -2696,8 +2768,10 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); sctp_abort_association(*inp_p, NULL, m, iphlen, - sh, op_err, vrf_id, port); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, port); +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) pcb_so = SCTP_INP_SO(*inp_p); atomic_add_int(&(*stcb)->asoc.refcnt, 1); SCTP_TCB_UNLOCK((*stcb)); @@ -2706,7 +2780,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); #endif (void)sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_20); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(pcb_so, 1); #endif return (NULL); @@ -2729,8 +2803,10 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, inp->sctp_socket = so; inp->sctp_frag_point = (*inp_p)->sctp_frag_point; inp->sctp_cmt_on_off = (*inp_p)->sctp_cmt_on_off; + inp->sctp_ecn_enable = (*inp_p)->sctp_ecn_enable; inp->partial_delivery_point = (*inp_p)->partial_delivery_point; inp->sctp_context = (*inp_p)->sctp_context; + inp->local_strreset_support = (*inp_p)->local_strreset_support; inp->inp_starting_point_for_iterator = NULL; /* * copy in the authentication parameters from the @@ -2786,18 +2862,21 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, /* Switch over to the new guy */ *inp_p = inp; sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); - + if (send_int_conf) { + sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, + (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); + } /* * Pull it from the incomplete queue and wake the * guy */ -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) atomic_add_int(&(*stcb)->asoc.refcnt, 1); SCTP_TCB_UNLOCK((*stcb)); SCTP_SOCKET_LOCK(so, 1); #endif soisconnected(so); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_TCB_LOCK((*stcb)); atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); SCTP_SOCKET_UNLOCK(so, 1); @@ -2805,14 +2884,18 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, return (m); } } - if ((notification) && ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) { + if (notification) { sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); } + if (send_int_conf) { + sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, + (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); + } return (m); } static void -sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp, +sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp SCTP_UNUSED, struct sctp_tcb *stcb, struct sctp_nets *net) { /* cp must not be used, others call this without a c-ack :-) */ @@ -2831,6 +2914,7 @@ sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp, /* state change only needed when I am in right state */ SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n"); SCTP_SET_STATE(asoc, SCTP_STATE_OPEN); + sctp_start_net_timers(stcb); if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) { sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, asoc->primary_destination); @@ -2841,42 +2925,50 @@ sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp, SCTP_STAT_INCR_GAUGE32(sctps_currestab); if (asoc->overall_error_count == 0) { net->RTO = sctp_calculate_rto(stcb, asoc, net, - &asoc->time_entered, sctp_align_safe_nocopy); + &asoc->time_entered, sctp_align_safe_nocopy, + SCTP_RTT_FROM_NON_DATA); } (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); atomic_subtract_int(&stcb->asoc.refcnt, 1); - if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { - SCTP_SOCKET_UNLOCK(so, 1); - return; - } #endif - soisconnected(stcb->sctp_socket); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) { + soisconnected(stcb->sctp_socket); + } +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } - sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, - stcb, net); /* * since we did not send a HB make sure we don't double * things */ net->hb_responded = 1; + if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { + /* + * We don't need to do the asconf thing, nor hb or + * autoclose if the socket is closed. + */ + goto closed_socket; + } + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, + stcb, net); + + if (stcb->asoc.sctp_autoclose_ticks && sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) { sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, @@ -2900,6 +2992,7 @@ sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp, #endif } } +closed_socket: /* Toss the cookie if I can */ sctp_toss_old_cookies(stcb, asoc); if (!TAILQ_EMPTY(&asoc->sent_queue)) { @@ -2907,10 +3000,7 @@ sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp, struct sctp_tmit_chunk *chk; chk = TAILQ_FIRST(&asoc->sent_queue); - if (chk) { - sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, - stcb, chk->whoTo); - } + sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); } } @@ -2920,83 +3010,149 @@ sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp, { struct sctp_nets *net; struct sctp_tmit_chunk *lchk; - uint32_t tsn; + struct sctp_ecne_chunk bkup; + uint8_t override_bit; + uint32_t tsn, window_data_tsn; + int len; + unsigned int pkt_cnt; - if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_ecne_chunk)) { + len = ntohs(cp->ch.chunk_length); + if ((len != sizeof(struct sctp_ecne_chunk)) && + (len != sizeof(struct old_sctp_ecne_chunk))) { return; } + if (len == sizeof(struct old_sctp_ecne_chunk)) { + /* Its the old format */ + memcpy(&bkup, cp, sizeof(struct old_sctp_ecne_chunk)); + bkup.num_pkts_since_cwr = htonl(1); + cp = &bkup; + } SCTP_STAT_INCR(sctps_recvecne); tsn = ntohl(cp->tsn); - /* ECN Nonce stuff: need a resync and disable the nonce sum check */ - /* Also we make sure we disable the nonce_wait */ - lchk = TAILQ_FIRST(&stcb->asoc.send_queue); + pkt_cnt = ntohl(cp->num_pkts_since_cwr); + lchk = TAILQ_LAST(&stcb->asoc.send_queue, sctpchunk_listhead); if (lchk == NULL) { - stcb->asoc.nonce_resync_tsn = stcb->asoc.sending_seq; + window_data_tsn = stcb->asoc.sending_seq - 1; } else { - stcb->asoc.nonce_resync_tsn = lchk->rec.data.TSN_seq; + window_data_tsn = lchk->rec.data.TSN_seq; } - stcb->asoc.nonce_wait_for_ecne = 0; - stcb->asoc.nonce_sum_check = 0; - /* Find where it was sent, if possible */ + /* Find where it was sent to if possible. */ net = NULL; - lchk = TAILQ_FIRST(&stcb->asoc.sent_queue); - while (lchk) { + TAILQ_FOREACH(lchk, &stcb->asoc.sent_queue, sctp_next) { if (lchk->rec.data.TSN_seq == tsn) { net = lchk->whoTo; + net->ecn_prev_cwnd = lchk->rec.data.cwnd_at_send; break; } - if (compare_with_wrap(lchk->rec.data.TSN_seq, tsn, MAX_SEQ)) + if (SCTP_TSN_GT(lchk->rec.data.TSN_seq, tsn)) { break; - lchk = TAILQ_NEXT(lchk, sctp_next); + } } - if (net == NULL) - /* default is we use the primary */ - net = stcb->asoc.primary_destination; - - if (compare_with_wrap(tsn, stcb->asoc.last_cwr_tsn, MAX_TSN)) { + if (net == NULL) { + /* + * What to do. A previous send of a CWR was possibly lost. + * See how old it is, we may have it marked on the actual + * net. + */ + TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { + if (tsn == net->last_cwr_tsn) { + /* Found him, send it off */ + break; + } + } + if (net == NULL) { + /* + * If we reach here, we need to send a special CWR + * that says hey, we did this a long time ago and + * you lost the response. + */ + net = TAILQ_FIRST(&stcb->asoc.nets); + if (net == NULL) { + /* TSNH */ + return; + } + override_bit = SCTP_CWR_REDUCE_OVERRIDE; + } else { + override_bit = 0; + } + } else { + override_bit = 0; + } + if (SCTP_TSN_GT(tsn, net->cwr_window_tsn) && + ((override_bit & SCTP_CWR_REDUCE_OVERRIDE) == 0)) { /* * JRS - Use the congestion control given in the pluggable * CC module */ - stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net); + stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net, 0, pkt_cnt); /* - * we reduce once every RTT. So we will only lower cwnd at - * the next sending seq i.e. the resync_tsn. + * We reduce once every RTT. So we will only lower cwnd at + * the next sending seq i.e. the window_data_tsn */ - stcb->asoc.last_cwr_tsn = stcb->asoc.nonce_resync_tsn; + net->cwr_window_tsn = window_data_tsn; + net->ecn_ce_pkt_cnt += pkt_cnt; + net->lost_cnt = pkt_cnt; + net->last_cwr_tsn = tsn; + } else { + override_bit |= SCTP_CWR_IN_SAME_WINDOW; + if (SCTP_TSN_GT(tsn, net->last_cwr_tsn) && + ((override_bit & SCTP_CWR_REDUCE_OVERRIDE) == 0)) { + /* + * Another loss in the same window update how many + * marks/packets lost we have had. + */ + int cnt = 1; + + if (pkt_cnt > net->lost_cnt) { + /* Should be the case */ + cnt = (pkt_cnt - net->lost_cnt); + net->ecn_ce_pkt_cnt += cnt; + } + net->lost_cnt = pkt_cnt; + net->last_cwr_tsn = tsn; + /* + * Most CC functions will ignore this call, since we + * are in-window yet of the initial CE the peer saw. + */ + stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net, 1, cnt); + } } /* * We always send a CWR this way if our previous one was lost our * peer will get an update, or if it is not time again to reduce we - * still get the cwr to the peer. + * still get the cwr to the peer. Note we set the override when we + * could not find the TSN on the chunk or the destination network. */ - sctp_send_cwr(stcb, net, tsn); + sctp_send_cwr(stcb, net, net->last_cwr_tsn, override_bit); } static void -sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb) +sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb, struct sctp_nets *net) { /* * Here we get a CWR from the peer. We must look in the outqueue and - * make sure that we have a covered ECNE in teh control chunk part. + * make sure that we have a covered ECNE in the control chunk part. * If so remove it. */ struct sctp_tmit_chunk *chk; struct sctp_ecne_chunk *ecne; + int override; + uint32_t cwr_tsn; + cwr_tsn = ntohl(cp->tsn); + + override = cp->ch.chunk_flags & SCTP_CWR_REDUCE_OVERRIDE; TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) { if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) { continue; } - /* - * Look for and remove if it is the right TSN. Since there - * is only ONE ECNE on the control queue at any one time we - * don't need to worry about more than one! - */ + if ((override == 0) && (chk->whoTo != net)) { + /* Must be from the right src unless override is set */ + continue; + } ecne = mtod(chk->data, struct sctp_ecne_chunk *); - if (compare_with_wrap(ntohl(cp->tsn), ntohl(ecne->tsn), - MAX_TSN) || (cp->tsn == ecne->tsn)) { + if (SCTP_TSN_GE(cwr_tsn, ntohl(ecne->tsn))) { /* this covers this ECNE, we can remove it */ stcb->asoc.ecn_echo_cnt_onq--; TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk, @@ -3006,19 +3162,21 @@ sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb) chk->data = NULL; } stcb->asoc.ctrl_queue_cnt--; - sctp_free_a_chunk(stcb, chk); - break; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + if (override == 0) { + break; + } } } } static void -sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp, +sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp SCTP_UNUSED, struct sctp_tcb *stcb, struct sctp_nets *net) { struct sctp_association *asoc; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif @@ -3043,8 +3201,8 @@ sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp, /* are the queues empty? they should be */ if (!TAILQ_EMPTY(&asoc->send_queue) || !TAILQ_EMPTY(&asoc->sent_queue) || - !TAILQ_EMPTY(&asoc->out_wheel)) { - sctp_report_all_outbound(stcb, 0, SCTP_SO_NOT_LOCKED); + !stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { + sctp_report_all_outbound(stcb, 0, 0, SCTP_SO_NOT_LOCKED); } } /* stop the timer */ @@ -3053,7 +3211,7 @@ sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp, /* free the TCB */ SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_shutdown_complete: calls free-asoc\n"); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(stcb->sctp_ep); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -3062,7 +3220,7 @@ sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp, atomic_subtract_int(&stcb->asoc.refcnt, 1); #endif (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_23); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif return; @@ -3080,19 +3238,16 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, struct sctp_tmit_chunk *tp1; tsn = ntohl(desc->tsn_ifany); - tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue); - while (tp1) { + TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { if (tp1->rec.data.TSN_seq == tsn) { /* found it */ break; } - if (compare_with_wrap(tp1->rec.data.TSN_seq, tsn, - MAX_TSN)) { + if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, tsn)) { /* not found */ tp1 = NULL; break; } - tp1 = TAILQ_NEXT(tp1, sctp_next); } if (tp1 == NULL) { /* @@ -3100,13 +3255,11 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, * attention to queue seq order. */ SCTP_STAT_INCR(sctps_pdrpdnfnd); - tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue); - while (tp1) { + TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { if (tp1->rec.data.TSN_seq == tsn) { /* found it */ break; } - tp1 = TAILQ_NEXT(tp1, sctp_next); } } if (tp1 == NULL) { @@ -3142,17 +3295,15 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, } } } - /* - * We zero out the nonce so resync not - * needed - */ - tp1->rec.data.ect_nonce = 0; if (tp1->do_rtt) { /* * this guy had a RTO calculation * pending on it, cancel it */ + if (tp1->whoTo->rto_needed == 0) { + tp1->whoTo->rto_needed = 1; + } tp1->do_rtt = 0; } SCTP_STAT_INCR(sctps_pdrpmark); @@ -3251,7 +3402,7 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, case SCTP_SELECTIVE_ACK: case SCTP_NR_SELECTIVE_ACK: /* resend the sack */ - sctp_send_sack(stcb); + sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); break; case SCTP_HEARTBEAT_REQUEST: /* resend a demand HB */ @@ -3260,7 +3411,7 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, * Only retransmit if we KNOW we wont destroy the * tcb */ - (void)sctp_send_hb(stcb, 1, net); + sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); } break; case SCTP_SHUTDOWN: @@ -3314,9 +3465,9 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, } void -sctp_reset_in_stream(struct sctp_tcb *stcb, int number_entries, uint16_t * list) +sctp_reset_in_stream(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t * list) { - int i; + uint32_t i; uint16_t temp; /* @@ -3348,7 +3499,7 @@ sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * lis if (number_entries == 0) { for (i = 0; i < stcb->asoc.streamoutcnt; i++) { - stcb->asoc.strmout[i].next_sequence_sent = 0; + stcb->asoc.strmout[i].next_sequence_send = 0; } } else if (number_entries) { for (i = 0; i < number_entries; i++) { @@ -3359,7 +3510,7 @@ sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * lis /* no such stream */ continue; } - stcb->asoc.strmout[temp].next_sequence_sent = 0; + stcb->asoc.strmout[temp].next_sequence_send = 0; } } sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED); @@ -3370,7 +3521,7 @@ struct sctp_stream_reset_out_request * sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk) { struct sctp_association *asoc; - struct sctp_stream_reset_out_req *req; + struct sctp_chunkhdr *ch; struct sctp_stream_reset_out_request *r; struct sctp_tmit_chunk *chk; int len, clen; @@ -3393,8 +3544,8 @@ sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chu *bchk = chk; } clen = chk->send_size; - req = mtod(chk->data, struct sctp_stream_reset_out_req *); - r = &req->sr_req; + ch = mtod(chk->data, struct sctp_chunkhdr *); + r = (struct sctp_stream_reset_out_request *)(ch + 1); if (ntohl(r->request_seq) == seq) { /* found it */ return (r); @@ -3431,7 +3582,7 @@ sctp_clean_up_stream_reset(struct sctp_tcb *stcb) chk->data = NULL; } asoc->ctrl_queue_cnt--; - sctp_free_a_chunk(stcb, chk); + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); /* sa_ignore NO_NULL_CHK */ stcb->asoc.str_reset = NULL; } @@ -3464,9 +3615,11 @@ sctp_handle_stream_reset_response(struct sctp_tcb *stcb, asoc->stream_reset_out_is_outstanding = 0; if (asoc->stream_reset_outstanding) asoc->stream_reset_outstanding--; - if (action == SCTP_STREAM_RESET_PERFORMED) { + if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { /* do it */ sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams); + } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { + sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_OUT, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); } else { sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); } @@ -3475,21 +3628,45 @@ sctp_handle_stream_reset_response(struct sctp_tcb *stcb, number_entries = (lparm_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t); if (asoc->stream_reset_outstanding) asoc->stream_reset_outstanding--; - if (action != SCTP_STREAM_RESET_PERFORMED) { - sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); + if (action == SCTP_STREAM_RESET_RESULT_DENIED) { + sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_IN, stcb, + number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); + } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { + sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, + number_entries, srparam->list_of_streams, SCTP_SO_NOT_LOCKED); } - } else if (type == SCTP_STR_RESET_ADD_STREAMS) { + } else if (type == SCTP_STR_RESET_ADD_OUT_STREAMS) { /* Ok we now may have more streams */ + int num_stream; + + num_stream = stcb->asoc.strm_pending_add_size; + if (num_stream > (stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt)) { + /* TSNH */ + num_stream = stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt; + } + stcb->asoc.strm_pending_add_size = 0; if (asoc->stream_reset_outstanding) asoc->stream_reset_outstanding--; - if (action == SCTP_STREAM_RESET_PERFORMED) { + if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { /* Put the new streams into effect */ - stcb->asoc.streamoutcnt = stcb->asoc.strm_realoutsize; - sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD_OK, stcb, - (uint32_t) stcb->asoc.streamoutcnt, NULL, SCTP_SO_NOT_LOCKED); + stcb->asoc.streamoutcnt += num_stream; + sctp_notify_stream_reset_add(stcb, stcb->asoc.streamincnt, stcb->asoc.streamoutcnt, 0); + } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { + sctp_notify_stream_reset_add(stcb, stcb->asoc.streamincnt, stcb->asoc.streamoutcnt, + SCTP_STREAM_CHANGE_DENIED); } else { - sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD_FAIL, stcb, - (uint32_t) stcb->asoc.streamoutcnt, NULL, SCTP_SO_NOT_LOCKED); + sctp_notify_stream_reset_add(stcb, stcb->asoc.streamincnt, stcb->asoc.streamoutcnt, + SCTP_STREAM_CHANGE_FAILED); + } + } else if (type == SCTP_STR_RESET_ADD_IN_STREAMS) { + if (asoc->stream_reset_outstanding) + asoc->stream_reset_outstanding--; + if (action == SCTP_STREAM_RESET_RESULT_DENIED) { + sctp_notify_stream_reset_add(stcb, stcb->asoc.streamincnt, stcb->asoc.streamoutcnt, + SCTP_STREAM_CHANGE_DENIED); + } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { + sctp_notify_stream_reset_add(stcb, stcb->asoc.streamincnt, stcb->asoc.streamoutcnt, + SCTP_STREAM_CHANGE_FAILED); } } else if (type == SCTP_STR_RESET_TSN_REQUEST) { /** @@ -3505,7 +3682,7 @@ sctp_handle_stream_reset_response(struct sctp_tcb *stcb, /* huh ? */ return (0); } - if (action == SCTP_STREAM_RESET_PERFORMED) { + if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { resp = (struct sctp_stream_reset_response_tsn *)respin; asoc->stream_reset_outstanding--; fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); @@ -3531,7 +3708,13 @@ sctp_handle_stream_reset_response(struct sctp_tcb *stcb, sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); - + sctp_notify_stream_reset_tsn(stcb, stcb->asoc.sending_seq, (stcb->asoc.mapping_array_base_tsn + 1), 0); + } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { + sctp_notify_stream_reset_tsn(stcb, stcb->asoc.sending_seq, (stcb->asoc.mapping_array_base_tsn + 1), + SCTP_ASSOC_RESET_DENIED); + } else { + sctp_notify_stream_reset_tsn(stcb, stcb->asoc.sending_seq, (stcb->asoc.mapping_array_base_tsn + 1), + SCTP_ASSOC_RESET_FAILED); } } /* get rid of the request and get the request flags */ @@ -3561,11 +3744,12 @@ sctp_handle_str_reset_request_in(struct sctp_tcb *stcb, seq = ntohl(req->request_seq); if (asoc->str_reset_seq_in == seq) { - if (trunc) { + asoc->last_reset_action[1] = asoc->last_reset_action[0]; + if (!(asoc->local_strreset_support & SCTP_ENABLE_RESET_STREAM_REQ)) { + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } else if (trunc) { /* Can't do it, since they exceeded our buffer size */ - asoc->last_reset_action[1] = asoc->last_reset_action[0]; - asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED; - sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; } else if (stcb->asoc.stream_reset_out_is_outstanding == 0) { len = ntohs(req->ph.param_length); number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t)); @@ -3573,9 +3757,7 @@ sctp_handle_str_reset_request_in(struct sctp_tcb *stcb, temp = ntohs(req->list_of_streams[i]); req->list_of_streams[i] = temp; } - /* move the reset action back one */ - asoc->last_reset_action[1] = asoc->last_reset_action[0]; - asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED; + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; sctp_add_stream_reset_out(chk, number_entries, req->list_of_streams, asoc->str_reset_seq_out, seq, (asoc->sending_seq - 1)); @@ -3585,17 +3767,16 @@ sctp_handle_str_reset_request_in(struct sctp_tcb *stcb, stcb->asoc.stream_reset_outstanding++; } else { /* Can't do it, since we have sent one out */ - asoc->last_reset_action[1] = asoc->last_reset_action[0]; - asoc->last_reset_action[0] = SCTP_STREAM_RESET_TRY_LATER; - sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS; } + sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); asoc->str_reset_seq_in++; } else if (asoc->str_reset_seq_in - 1 == seq) { sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); } else if (asoc->str_reset_seq_in - 2 == seq) { sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); } else { - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO); + sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); } } @@ -3617,53 +3798,49 @@ sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb, seq = ntohl(req->request_seq); if (asoc->str_reset_seq_in == seq) { - fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); - fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN; - fwdtsn.ch.chunk_flags = 0; - fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1); - sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0); - if (abort_flag) { - return (1); - } - stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA; - if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { - sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); - } - stcb->asoc.tsn_last_delivered = stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map; - stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1; - memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size); - stcb->asoc.highest_tsn_inside_nr_map = stcb->asoc.highest_tsn_inside_map; - memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size); - atomic_add_int(&stcb->asoc.sending_seq, 1); - /* save off historical data for retrans */ - stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0]; - stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq; - stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0]; - stcb->asoc.last_base_tsnsent[0] = stcb->asoc.mapping_array_base_tsn; - - sctp_add_stream_reset_result_tsn(chk, - ntohl(req->request_seq), - SCTP_STREAM_RESET_PERFORMED, - stcb->asoc.sending_seq, - stcb->asoc.mapping_array_base_tsn); - sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); - sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); - stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; - stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED; - + asoc->last_reset_action[1] = stcb->asoc.last_reset_action[0]; + if (!(asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ)) { + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } else { + fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); + fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN; + fwdtsn.ch.chunk_flags = 0; + fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1); + sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0); + if (abort_flag) { + return (1); + } + asoc->highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA; + if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { + sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); + } + asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->highest_tsn_inside_map; + asoc->mapping_array_base_tsn = asoc->highest_tsn_inside_map + 1; + memset(asoc->mapping_array, 0, asoc->mapping_array_size); + asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; + memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); + atomic_add_int(&asoc->sending_seq, 1); + /* save off historical data for retrans */ + asoc->last_sending_seq[1] = asoc->last_sending_seq[0]; + asoc->last_sending_seq[0] = asoc->sending_seq; + asoc->last_base_tsnsent[1] = asoc->last_base_tsnsent[0]; + asoc->last_base_tsnsent[0] = asoc->mapping_array_base_tsn; + sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); + sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; + sctp_notify_stream_reset_tsn(stcb, asoc->sending_seq, (asoc->mapping_array_base_tsn + 1), 0); + } + sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0], + asoc->last_sending_seq[0], asoc->last_base_tsnsent[0]); asoc->str_reset_seq_in++; } else if (asoc->str_reset_seq_in - 1 == seq) { sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0], - stcb->asoc.last_sending_seq[0], - stcb->asoc.last_base_tsnsent[0] - ); + asoc->last_sending_seq[0], asoc->last_base_tsnsent[0]); } else if (asoc->str_reset_seq_in - 2 == seq) { sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1], - stcb->asoc.last_sending_seq[1], - stcb->asoc.last_base_tsnsent[1] - ); + asoc->last_sending_seq[1], asoc->last_base_tsnsent[1]); } else { - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO); + sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); } return (0); } @@ -3694,15 +3871,14 @@ sctp_handle_str_reset_request_out(struct sctp_tcb *stcb, /* move the reset action back one */ asoc->last_reset_action[1] = asoc->last_reset_action[0]; - if (trunc) { - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED); - asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED; - } else if ((tsn == asoc->cumulative_tsn) || - (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN))) { + if (!(asoc->local_strreset_support & SCTP_ENABLE_RESET_STREAM_REQ)) { + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } else if (trunc) { + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } else if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) { /* we can do it now */ sctp_reset_in_stream(stcb, number_entries, req->list_of_streams); - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED); - asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED; + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; } else { /* * we must queue it up and thus wait for the TSN's @@ -3716,18 +3892,17 @@ sctp_handle_str_reset_request_out(struct sctp_tcb *stcb, siz, SCTP_M_STRESET); if (liste == NULL) { /* gak out of memory */ - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED); - asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED; + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); return; } liste->tsn = tsn; liste->number_entries = number_entries; - memcpy(&liste->req, req, - (sizeof(struct sctp_stream_reset_out_request) + (number_entries * sizeof(uint16_t)))); + memcpy(&liste->list_of_streams, req->list_of_streams, number_entries * sizeof(uint16_t)); TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp); - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED); - asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED; + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; } + sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); asoc->str_reset_seq_in++; } else if ((asoc->str_reset_seq_in - 1) == seq) { /* @@ -3742,7 +3917,7 @@ sctp_handle_str_reset_request_out(struct sctp_tcb *stcb, */ sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); } else { - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO); + sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); } } @@ -3754,10 +3929,10 @@ sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *ch * Peer is requesting to add more streams. If its within our * max-streams we will allow it. */ - uint16_t num_stream, i; + uint32_t num_stream, i; uint32_t seq; struct sctp_association *asoc = &stcb->asoc; - struct sctp_queued_to_read *ctl; + struct sctp_queued_to_read *ctl, *nctl; /* Get the number. */ seq = ntohl(str_add->request_seq); @@ -3765,12 +3940,14 @@ sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *ch /* Now what would be the new total? */ if (asoc->str_reset_seq_in == seq) { num_stream += stcb->asoc.streamincnt; - if (num_stream > stcb->asoc.max_inbound_streams) { + stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; + if (!(asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ)) { + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } else if ((num_stream > stcb->asoc.max_inbound_streams) || + (num_stream > 0xffff)) { /* We must reject it they ask for to many */ denied: - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED); - stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; - stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_DENIED; + stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; } else { /* Ok, we can do that :-) */ struct sctp_stream_in *oldstrm; @@ -3791,8 +3968,7 @@ sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *ch stcb->asoc.strmin[i].last_sequence_delivered = oldstrm[i].last_sequence_delivered; stcb->asoc.strmin[i].delivery_started = oldstrm[i].delivery_started; /* now anything on those queues? */ - while (TAILQ_EMPTY(&oldstrm[i].inqueue) == 0) { - ctl = TAILQ_FIRST(&oldstrm[i].inqueue); + TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].inqueue, next, nctl) { TAILQ_REMOVE(&oldstrm[i].inqueue, ctl, next); TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].inqueue, ctl, next); } @@ -3807,13 +3983,11 @@ sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *ch SCTP_FREE(oldstrm, SCTP_M_STRMI); /* update the size */ stcb->asoc.streamincnt = num_stream; - /* Send the ack */ - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED); - stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; - stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED; - sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_INSTREAM_ADD_OK, stcb, - (uint32_t) stcb->asoc.streamincnt, NULL, SCTP_SO_NOT_LOCKED); + stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; + sctp_notify_stream_reset_add(stcb, stcb->asoc.streamincnt, stcb->asoc.streamoutcnt, 0); } + sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); + asoc->str_reset_seq_in++; } else if ((asoc->str_reset_seq_in - 1) == seq) { /* * one seq back, just echo back last action since my @@ -3827,8 +4001,65 @@ sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *ch */ sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); } else { - sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO); + sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); + + } +} + +static void +sctp_handle_str_reset_add_out_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk, + struct sctp_stream_reset_add_strm *str_add) +{ + /* + * Peer is requesting to add more streams. If its within our + * max-streams we will allow it. + */ + uint16_t num_stream; + uint32_t seq; + struct sctp_association *asoc = &stcb->asoc; + /* Get the number. */ + seq = ntohl(str_add->request_seq); + num_stream = ntohs(str_add->number_of_streams); + /* Now what would be the new total? */ + if (asoc->str_reset_seq_in == seq) { + stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; + if (!(asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ)) { + asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } else if (stcb->asoc.stream_reset_outstanding) { + /* We must reject it we have something pending */ + stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS; + } else { + /* Ok, we can do that :-) */ + int mychk; + + mychk = stcb->asoc.streamoutcnt; + mychk += num_stream; + if (mychk < 0x10000) { + stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; + if (sctp_send_str_reset_req(stcb, 0, NULL, 0, 0, 0, 1, num_stream, 0, 1)) { + stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } + } else { + stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; + } + } + sctp_add_stream_reset_result(chk, seq, stcb->asoc.last_reset_action[0]); + asoc->str_reset_seq_in++; + } else if ((asoc->str_reset_seq_in - 1) == seq) { + /* + * one seq back, just echo back last action since my + * response was lost. + */ + sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); + } else if ((asoc->str_reset_seq_in - 2) == seq) { + /* + * two seq back, just echo back last action since my + * response was lost. + */ + sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); + } else { + sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); } } @@ -3837,13 +4068,12 @@ __attribute__((noinline)) #endif static int sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset, - struct sctp_stream_reset_out_req *sr_req) + struct sctp_chunkhdr *ch_req) { int chk_length, param_len, ptype; struct sctp_paramhdr pstore; uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE]; - - uint32_t seq; + uint32_t seq = 0; int num_req = 0; int trunc = 0; struct sctp_tmit_chunk *chk; @@ -3853,7 +4083,7 @@ __attribute__((noinline)) int num_param = 0; /* now it may be a reset or a reset-response */ - chk_length = ntohs(sr_req->ch.chunk_length); + chk_length = ntohs(ch_req->chunk_length); /* setup for adding the response */ sctp_alloc_a_chunk(stcb, chk); @@ -3873,7 +4103,7 @@ strres_nochunk: sctp_m_freem(chk->data); chk->data = NULL; } - sctp_free_a_chunk(stcb, chk); + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); return (ret_code); } SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); @@ -3881,8 +4111,7 @@ strres_nochunk: /* setup chunk parameters */ chk->sent = SCTP_DATAGRAM_UNSENT; chk->snd_count = 0; - chk->whoTo = stcb->asoc.primary_destination; - atomic_add_int(&chk->whoTo->ref_count, 1); + chk->whoTo = NULL; ch = mtod(chk->data, struct sctp_chunkhdr *); ch->chunk_type = SCTP_STREAM_RESET; @@ -3908,7 +4137,6 @@ strres_nochunk: } else { trunc = 0; } - if (num_param > SCTP_MAX_RESET_PARAMS) { /* hit the max of parameters already sorry.. */ break; @@ -3922,30 +4150,33 @@ strres_nochunk: seq = ntohl(req_out->response_seq); if (seq == stcb->asoc.str_reset_seq_out) { /* implicit ack */ - (void)sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_PERFORMED, NULL); + (void)sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_RESULT_PERFORMED, NULL); } } sctp_handle_str_reset_request_out(stcb, chk, req_out, trunc); - } else if (ptype == SCTP_STR_RESET_ADD_STREAMS) { + } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) { struct sctp_stream_reset_add_strm *str_add; str_add = (struct sctp_stream_reset_add_strm *)ph; num_req++; sctp_handle_str_reset_add_strm(stcb, chk, str_add); + } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) { + struct sctp_stream_reset_add_strm *str_add; + + str_add = (struct sctp_stream_reset_add_strm *)ph; + num_req++; + sctp_handle_str_reset_add_out_strm(stcb, chk, str_add); } else if (ptype == SCTP_STR_RESET_IN_REQUEST) { struct sctp_stream_reset_in_request *req_in; num_req++; - req_in = (struct sctp_stream_reset_in_request *)ph; - sctp_handle_str_reset_request_in(stcb, chk, req_in, trunc); } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) { struct sctp_stream_reset_tsn_request *req_tsn; num_req++; req_tsn = (struct sctp_stream_reset_tsn_request *)ph; - if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) { ret_code = 1; goto strres_nochunk; @@ -4150,8 +4381,10 @@ __attribute__((noinline)) #endif static struct sctp_tcb * sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length, + struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen, + uint8_t use_mflowid, uint32_t mflowid, uint32_t vrf_id, uint16_t port) { struct sctp_association *asoc; @@ -4160,6 +4393,7 @@ __attribute__((noinline)) uint32_t chk_length; int ret; int abort_no_unlock = 0; + int ecne_seen = 0; /* * How big should this be, and should it be alloc'd? Lets try the @@ -4173,13 +4407,13 @@ __attribute__((noinline)) int auth_skipped = 0; int asconf_cnt = 0; -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; #endif SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n", - iphlen, *offset, length, stcb); + iphlen, *offset, length, (void *)stcb); /* validate chunk header length... */ if (ntohs(ch->chunk_length) < sizeof(*ch)) { @@ -4263,8 +4497,10 @@ __attribute__((noinline)) asconf_len = ntohs(asconf_ch->chunk_length); if (asconf_len < sizeof(struct sctp_asconf_paramhdr)) break; - stcb = sctp_findassociation_ep_asconf(m, iphlen, - *offset, sh, &inp, netp, vrf_id); + stcb = sctp_findassociation_ep_asconf(m, + *offset, + dst, + sh, &inp, netp, vrf_id); if (stcb != NULL) break; asconf_offset += SCTP_SIZE32(asconf_len); @@ -4306,7 +4542,8 @@ __attribute__((noinline)) } if (stcb == NULL) { /* no association, so it's out of the blue... */ - sctp_handle_ootb(m, iphlen, *offset, sh, inp, NULL, + sctp_handle_ootb(m, iphlen, *offset, src, dst, sh, inp, + use_mflowid, mflowid, vrf_id, port); *offset = length; if (locked_tcb) { @@ -4343,8 +4580,10 @@ __attribute__((noinline)) if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); } - sctp_handle_ootb(m, iphlen, *offset, sh, inp, - NULL, vrf_id, port); + sctp_handle_ootb(m, iphlen, *offset, src, dst, + sh, inp, + use_mflowid, mflowid, + vrf_id, port); return (NULL); } } else { @@ -4367,7 +4606,6 @@ __attribute__((noinline)) * process all control chunks... */ if (((ch->chunk_type == SCTP_SELECTIVE_ACK) || - /* EY */ (ch->chunk_type == SCTP_NR_SELECTIVE_ACK) || (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) && (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) { @@ -4481,55 +4719,36 @@ process_control_chunks: } switch (ch->chunk_type) { case SCTP_INITIATION: - /* must be first and only chunk */ SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); - if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { - /* We are not interested anymore? */ - if ((stcb) && (stcb->asoc.total_output_queue_size)) { - /* - * collision case where we are - * sending to them too - */ - ; - } else { - if (locked_tcb) { - SCTP_TCB_UNLOCK(locked_tcb); - } - *offset = length; - return (NULL); - } - } - if ((chk_length > SCTP_LARGEST_INIT_ACCEPTED) || - (num_chunks > 1) || - (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) { + /* The INIT chunk must be the only chunk. */ + if ((num_chunks > 1) || + (length - *offset > (int)SCTP_SIZE32(chk_length))) { + sctp_abort_association(inp, stcb, m, iphlen, + src, dst, sh, NULL, + use_mflowid, mflowid, + vrf_id, port); *offset = length; - if (locked_tcb) { - SCTP_TCB_UNLOCK(locked_tcb); - } return (NULL); } - if ((stcb != NULL) && - (SCTP_GET_STATE(&stcb->asoc) == - SCTP_STATE_SHUTDOWN_ACK_SENT)) { - sctp_send_shutdown_ack(stcb, - stcb->asoc.primary_destination); + /* Honor our resource limit. */ + if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { + struct mbuf *op_err; + + op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); + sctp_abort_association(inp, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, port); *offset = length; - sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); - if (locked_tcb) { - SCTP_TCB_UNLOCK(locked_tcb); - } return (NULL); } - if (netp) { - sctp_handle_init(m, iphlen, *offset, sh, - (struct sctp_init_chunk *)ch, inp, - stcb, *netp, &abort_no_unlock, vrf_id, port); - } - if (abort_no_unlock) - return (NULL); - + sctp_handle_init(m, iphlen, *offset, src, dst, sh, + (struct sctp_init_chunk *)ch, inp, + stcb, &abort_no_unlock, + use_mflowid, mflowid, + vrf_id, port); *offset = length; - if (locked_tcb) { + if ((!abort_no_unlock) && (locked_tcb)) { SCTP_TCB_UNLOCK(locked_tcb); } return (NULL); @@ -4537,7 +4756,6 @@ process_control_chunks: case SCTP_PAD_CHUNK: break; case SCTP_INITIATION_ACK: - /* must be first and only chunk */ SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT-ACK\n"); if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { /* We are not interested anymore */ @@ -4550,7 +4768,7 @@ process_control_chunks: } *offset = length; if (stcb) { -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(inp); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -4559,15 +4777,16 @@ process_control_chunks: atomic_subtract_int(&stcb->asoc.refcnt, 1); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } return (NULL); } } + /* The INIT-ACK chunk must be the only chunk. */ if ((num_chunks > 1) || - (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) { + (length - *offset > (int)SCTP_SIZE32(chk_length))) { *offset = length; if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); @@ -4575,21 +4794,27 @@ process_control_chunks: return (NULL); } if ((netp) && (*netp)) { - ret = sctp_handle_init_ack(m, iphlen, *offset, sh, - (struct sctp_init_ack_chunk *)ch, stcb, *netp, &abort_no_unlock, vrf_id); + ret = sctp_handle_init_ack(m, iphlen, *offset, + src, dst, sh, + (struct sctp_init_ack_chunk *)ch, + stcb, *netp, + &abort_no_unlock, + use_mflowid, mflowid, + vrf_id); } else { ret = -1; } + *offset = length; + if (abort_no_unlock) { + return (NULL); + } /* * Special case, I must call the output routine to * get the cookie echoed */ - if (abort_no_unlock) - return (NULL); - - if ((stcb) && ret == 0) + if ((stcb != NULL) && (ret == 0)) { sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); - *offset = length; + } if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); } @@ -4603,7 +4828,6 @@ process_control_chunks: uint16_t num_seg, num_dup; uint8_t flags; int offset_seg, offset_dup; - int nonce_sum_flag; SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SACK\n"); SCTP_STAT_INCR(sctps_recvsacks); @@ -4625,7 +4849,6 @@ process_control_chunks: } sack = (struct sctp_sack_chunk *)ch; flags = ch->chunk_flags; - nonce_sum_flag = flags & SCTP_SACK_NONCE_SUM; cum_ack = ntohl(sack->sack.cum_tsn_ack); num_seg = ntohs(sack->sack.num_gap_ack_blks); num_dup = ntohs(sack->sack.num_dup_tsns); @@ -4643,8 +4866,7 @@ process_control_chunks: stcb->asoc.seen_a_sack_this_pkt = 1; if ((stcb->asoc.pr_sctp_cnt == 0) && (num_seg == 0) && - ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) || - (cum_ack == stcb->asoc.last_acked_seq)) && + SCTP_TSN_GE(cum_ack, stcb->asoc.last_acked_seq) && (stcb->asoc.saw_sack_with_frags == 0) && (stcb->asoc.saw_sack_with_nr_frags == 0) && (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) @@ -4658,14 +4880,12 @@ process_control_chunks: * with no missing segments to go * this way too. */ - sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag, - &abort_now); + sctp_express_handle_sack(stcb, cum_ack, a_rwnd, &abort_now, ecne_seen); } else { if (netp && *netp) - sctp_handle_sack(m, offset_seg, offset_dup, - stcb, *netp, + sctp_handle_sack(m, offset_seg, offset_dup, stcb, num_seg, 0, num_dup, &abort_now, flags, - cum_ack, a_rwnd); + cum_ack, a_rwnd, ecne_seen); } if (abort_now) { /* ABORT signal from sack processing */ @@ -4691,7 +4911,6 @@ process_control_chunks: uint16_t num_seg, num_nr_seg, num_dup; uint8_t flags; int offset_seg, offset_dup; - int nonce_sum_flag; SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_NR_SACK\n"); SCTP_STAT_INCR(sctps_recvsacks); @@ -4717,8 +4936,6 @@ process_control_chunks: } nr_sack = (struct sctp_nr_sack_chunk *)ch; flags = ch->chunk_flags; - nonce_sum_flag = flags & SCTP_SACK_NONCE_SUM; - cum_ack = ntohl(nr_sack->nr_sack.cum_tsn_ack); num_seg = ntohs(nr_sack->nr_sack.num_gap_ack_blks); num_nr_seg = ntohs(nr_sack->nr_sack.num_nr_gap_ack_blks); @@ -4737,8 +4954,7 @@ process_control_chunks: stcb->asoc.seen_a_sack_this_pkt = 1; if ((stcb->asoc.pr_sctp_cnt == 0) && (num_seg == 0) && (num_nr_seg == 0) && - ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) || - (cum_ack == stcb->asoc.last_acked_seq)) && + SCTP_TSN_GE(cum_ack, stcb->asoc.last_acked_seq) && (stcb->asoc.saw_sack_with_frags == 0) && (stcb->asoc.saw_sack_with_nr_frags == 0) && (!TAILQ_EMPTY(&stcb->asoc.sent_queue))) { @@ -4751,14 +4967,13 @@ process_control_chunks: * missing segments to go this way * too. */ - sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag, - &abort_now); + sctp_express_handle_sack(stcb, cum_ack, a_rwnd, + &abort_now, ecne_seen); } else { if (netp && *netp) - sctp_handle_sack(m, offset_seg, offset_dup, - stcb, *netp, + sctp_handle_sack(m, offset_seg, offset_dup, stcb, num_seg, num_nr_seg, num_dup, &abort_now, flags, - cum_ack, a_rwnd); + cum_ack, a_rwnd, ecne_seen); } if (abort_now) { /* ABORT signal from sack processing */ @@ -4817,7 +5032,7 @@ process_control_chunks: break; case SCTP_ABORT_ASSOCIATION: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ABORT, stcb %p\n", - stcb); + (void *)stcb); if ((stcb) && netp && *netp) sctp_handle_abort((struct sctp_abort_chunk *)ch, stcb, *netp); @@ -4826,7 +5041,7 @@ process_control_chunks: break; case SCTP_SHUTDOWN: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN, stcb %p\n", - stcb); + (void *)stcb); if ((stcb == NULL) || (chk_length != sizeof(struct sctp_shutdown_chunk))) { *offset = length; if (locked_tcb) { @@ -4846,7 +5061,7 @@ process_control_chunks: } break; case SCTP_SHUTDOWN_ACK: - SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-ACK, stcb %p\n", stcb); + SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-ACK, stcb %p\n", (void *)stcb); if ((stcb) && (netp) && (*netp)) sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp); *offset = length; @@ -4856,14 +5071,13 @@ process_control_chunks: case SCTP_OPERATION_ERROR: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_OP-ERR\n"); if ((stcb) && netp && *netp && sctp_handle_error(ch, stcb, *netp) < 0) { - *offset = length; return (NULL); } break; case SCTP_COOKIE_ECHO: SCTPDBG(SCTP_DEBUG_INPUT3, - "SCTP_COOKIE-ECHO, stcb %p\n", stcb); + "SCTP_COOKIE-ECHO, stcb %p\n", (void *)stcb); if ((stcb) && (stcb->asoc.total_output_queue_size)) { ; } else { @@ -4888,23 +5102,13 @@ process_control_chunks: if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) { if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { - struct mbuf *oper; - struct sctp_paramhdr *phdr; - - oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), - 0, M_DONTWAIT, 1, MT_DATA); - if (oper) { - SCTP_BUF_LEN(oper) = - sizeof(struct sctp_paramhdr); - phdr = mtod(oper, - struct sctp_paramhdr *); - phdr->param_type = - htons(SCTP_CAUSE_OUT_OF_RESC); - phdr->param_length = - htons(sizeof(struct sctp_paramhdr)); - } - sctp_abort_association(inp, stcb, m, - iphlen, sh, oper, vrf_id, port); + struct mbuf *op_err; + + op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); + sctp_abort_association(inp, stcb, m, iphlen, + src, dst, sh, op_err, + use_mflowid, mflowid, + vrf_id, port); } *offset = length; return (NULL); @@ -4929,13 +5133,17 @@ process_control_chunks: if (netp) { ret_buf = sctp_handle_cookie_echo(m, iphlen, - *offset, sh, + *offset, + src, dst, + sh, (struct sctp_cookie_echo_chunk *)ch, &inp, &stcb, netp, auth_skipped, auth_offset, auth_len, &locked_tcb, + use_mflowid, + mflowid, vrf_id, port); } else { @@ -4950,7 +5158,6 @@ process_control_chunks: } SCTPDBG(SCTP_DEBUG_INPUT3, "GAK, null buffer\n"); - auth_skipped = 0; *offset = length; return (NULL); } @@ -4967,16 +5174,12 @@ process_control_chunks: struct sctp_tmit_chunk *chk; chk = TAILQ_FIRST(&stcb->asoc.sent_queue); - if (chk) { - sctp_timer_start(SCTP_TIMER_TYPE_SEND, - stcb->sctp_ep, stcb, - chk->whoTo); - } + sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); } } break; case SCTP_COOKIE_ACK: - SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_COOKIE-ACK, stcb %p\n", stcb); + SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_COOKIE-ACK, stcb %p\n", (void *)stcb); if ((stcb == NULL) || chk_length != sizeof(struct sctp_cookie_ack_chunk)) { if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); @@ -4988,7 +5191,7 @@ process_control_chunks: if ((stcb) && (stcb->asoc.total_output_queue_size)) { ; } else if (stcb) { -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(inp); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -4997,7 +5200,7 @@ process_control_chunks: atomic_subtract_int(&stcb->asoc.refcnt, 1); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif *offset = length; @@ -5039,6 +5242,7 @@ process_control_chunks: stcb->asoc.overall_error_count = 0; sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch, stcb); + ecne_seen = 1; } break; case SCTP_ECN_CWR: @@ -5061,11 +5265,11 @@ process_control_chunks: __LINE__); } stcb->asoc.overall_error_count = 0; - sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb); + sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb, *netp); } break; case SCTP_SHUTDOWN_COMPLETE: - SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-COMPLETE, stcb %p\n", stcb); + SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-COMPLETE, stcb %p\n", (void *)stcb); /* must be first and only chunk */ if ((num_chunks > 1) || (length - *offset > (int)SCTP_SIZE32(chk_length))) { @@ -5094,7 +5298,7 @@ process_control_chunks: __LINE__); } stcb->asoc.overall_error_count = 0; - sctp_handle_asconf(m, *offset, + sctp_handle_asconf(m, *offset, src, (struct sctp_asconf_chunk *)ch, stcb, asconf_cnt == 0); asconf_cnt++; } @@ -5150,7 +5354,7 @@ process_control_chunks: *fwd_tsn_seen = 1; if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { /* We are not interested anymore */ -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) so = SCTP_INP_SO(inp); atomic_add_int(&stcb->asoc.refcnt, 1); SCTP_TCB_UNLOCK(stcb); @@ -5159,7 +5363,7 @@ process_control_chunks: atomic_subtract_int(&stcb->asoc.refcnt, 1); #endif (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_29); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif *offset = length; @@ -5193,23 +5397,6 @@ process_control_chunks: *offset = length; return (NULL); } - if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { - /* We are not interested anymore */ -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - so = SCTP_INP_SO(inp); - atomic_add_int(&stcb->asoc.refcnt, 1); - SCTP_TCB_UNLOCK(stcb); - SCTP_SOCKET_LOCK(so, 1); - SCTP_TCB_LOCK(stcb); - atomic_subtract_int(&stcb->asoc.refcnt, 1); -#endif - (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_30); -#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - SCTP_SOCKET_UNLOCK(so, 1); -#endif - *offset = length; - return (NULL); - } if (stcb->asoc.peer_supports_strreset == 0) { /* * hmm, peer should have announced this, but @@ -5218,7 +5405,7 @@ process_control_chunks: */ stcb->asoc.peer_supports_strreset = 1; } - if (sctp_handle_stream_reset(stcb, m, *offset, (struct sctp_stream_reset_out_req *)ch)) { + if (sctp_handle_stream_reset(stcb, m, *offset, ch)) { /* stop processing */ *offset = length; return (NULL); @@ -5305,23 +5492,24 @@ process_control_chunks: phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK); phd->param_length = htons(chk_length + sizeof(*phd)); SCTP_BUF_LEN(mm) = sizeof(*phd); - SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, SCTP_SIZE32(chk_length), - M_DONTWAIT); + SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, chk_length, M_DONTWAIT); if (SCTP_BUF_NEXT(mm)) { + if (sctp_pad_lastmbuf(SCTP_BUF_NEXT(mm), SCTP_SIZE32(chk_length) - chk_length, NULL)) { + sctp_m_freem(mm); + } else { #ifdef SCTP_MBUF_LOGGING - if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { - struct mbuf *mat; + if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { + struct mbuf *mat; - mat = SCTP_BUF_NEXT(mm); - while (mat) { - if (SCTP_BUF_IS_EXTENDED(mat)) { - sctp_log_mb(mat, SCTP_MBUF_ICOPY); + for (mat = SCTP_BUF_NEXT(mm); mat; mat = SCTP_BUF_NEXT(mat)) { + if (SCTP_BUF_IS_EXTENDED(mat)) { + sctp_log_mb(mat, SCTP_MBUF_ICOPY); + } } - mat = SCTP_BUF_NEXT(mat); } - } #endif - sctp_queue_op_err(stcb, mm); + sctp_queue_op_err(stcb, mm); + } } else { sctp_m_freem(mm); } @@ -5361,69 +5549,6 @@ next_chunk: } -/* - * Process the ECN bits we have something set so we must look to see if it is - * ECN(0) or ECN(1) or CE - */ -static void -sctp_process_ecn_marked_a(struct sctp_tcb *stcb, struct sctp_nets *net, - uint8_t ecn_bits) -{ - if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) { - ; - } else if ((ecn_bits & SCTP_ECT1_BIT) == SCTP_ECT1_BIT) { - /* - * we only add to the nonce sum for ECT1, ECT0 does not - * change the NS bit (that we have yet to find a way to send - * it yet). - */ - - /* ECN Nonce stuff */ - stcb->asoc.receiver_nonce_sum++; - stcb->asoc.receiver_nonce_sum &= SCTP_SACK_NONCE_SUM; - - /* - * Drag up the last_echo point if cumack is larger since we - * don't want the point falling way behind by more than - * 2^^31 and then having it be incorrect. - */ - if (compare_with_wrap(stcb->asoc.cumulative_tsn, - stcb->asoc.last_echo_tsn, MAX_TSN)) { - stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn; - } - } else if ((ecn_bits & SCTP_ECT0_BIT) == SCTP_ECT0_BIT) { - /* - * Drag up the last_echo point if cumack is larger since we - * don't want the point falling way behind by more than - * 2^^31 and then having it be incorrect. - */ - if (compare_with_wrap(stcb->asoc.cumulative_tsn, - stcb->asoc.last_echo_tsn, MAX_TSN)) { - stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn; - } - } -} - -static void -sctp_process_ecn_marked_b(struct sctp_tcb *stcb, struct sctp_nets *net, - uint32_t high_tsn, uint8_t ecn_bits) -{ - if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) { - /* - * we possibly must notify the sender that a congestion - * window reduction is in order. We do this by adding a ECNE - * chunk to the output chunk queue. The incoming CWR will - * remove this chunk. - */ - if (compare_with_wrap(high_tsn, stcb->asoc.last_echo_tsn, - MAX_TSN)) { - /* Yep, we need to add a ECNE */ - sctp_send_ecn_echo(stcb, net, high_tsn); - stcb->asoc.last_echo_tsn = high_tsn; - } - } -} - #ifdef INVARIANTS #ifdef __GNUC__ __attribute__((noinline)) @@ -5452,34 +5577,152 @@ __attribute__((noinline)) * common input chunk processing (v4 and v6) */ void -sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, - int length, struct sctphdr *sh, struct sctp_chunkhdr *ch, - struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net, - uint8_t ecn_bits, uint32_t vrf_id, uint16_t port) +sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int length, + struct sockaddr *src, struct sockaddr *dst, + struct sctphdr *sh, struct sctp_chunkhdr *ch, +#if !defined(SCTP_WITH_NO_CSUM) + uint8_t compute_crc, +#endif + uint8_t ecn_bits, + uint8_t use_mflowid, uint32_t mflowid, + uint32_t vrf_id, uint16_t port) { - /* - * Control chunk processing - */ uint32_t high_tsn; int fwd_tsn_seen = 0, data_processed = 0; struct mbuf *m = *mm; - int abort_flag = 0; int un_sent; + int cnt_ctrl_ready = 0; + struct sctp_inpcb *inp = NULL, *inp_decr = NULL; + struct sctp_tcb *stcb = NULL; + struct sctp_nets *net = NULL; SCTP_STAT_INCR(sctps_recvdatagrams); #ifdef SCTP_AUDITING_ENABLED sctp_audit_log(0xE0, 1); sctp_auditing(0, inp, stcb, net); #endif - +#if !defined(SCTP_WITH_NO_CSUM) + if (compute_crc != 0) { + uint32_t check, calc_check; + + check = sh->checksum; + sh->checksum = 0; + calc_check = sctp_calculate_cksum(m, iphlen); + sh->checksum = check; + if (calc_check != check) { + SCTPDBG(SCTP_DEBUG_INPUT1, "Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n", + calc_check, check, (void *)m, length, iphlen); + stcb = sctp_findassociation_addr(m, offset, src, dst, + sh, ch, &inp, &net, vrf_id); + if ((net != NULL) && (port != 0)) { + if (net->port == 0) { + sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); + } + net->port = port; + } + if ((net != NULL) && (use_mflowid != 0)) { + net->flowid = mflowid; +#ifdef INVARIANTS + net->flowidset = 1; +#endif + } + if ((inp != NULL) && (stcb != NULL)) { + sctp_send_packet_dropped(stcb, net, m, length, iphlen, 1); + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); + } else if ((inp != NULL) && (stcb == NULL)) { + inp_decr = inp; + } + SCTP_STAT_INCR(sctps_badsum); + SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors); + goto out; + } + } +#endif + /* Destination port of 0 is illegal, based on RFC4960. */ + if (sh->dest_port == 0) { + SCTP_STAT_INCR(sctps_hdrops); + goto out; + } + stcb = sctp_findassociation_addr(m, offset, src, dst, + sh, ch, &inp, &net, vrf_id); + if ((net != NULL) && (port != 0)) { + if (net->port == 0) { + sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); + } + net->port = port; + } + if ((net != NULL) && (use_mflowid != 0)) { + net->flowid = mflowid; +#ifdef INVARIANTS + net->flowidset = 1; +#endif + } + if (inp == NULL) { + SCTP_STAT_INCR(sctps_noport); + if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0) { + goto out; + } + if (ch->chunk_type == SCTP_SHUTDOWN_ACK) { + sctp_send_shutdown_complete2(src, dst, sh, + use_mflowid, mflowid, + vrf_id, port); + goto out; + } + if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { + goto out; + } + if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { + if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || + ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && + (ch->chunk_type != SCTP_INIT))) { + sctp_send_abort(m, iphlen, src, dst, + sh, 0, NULL, + use_mflowid, mflowid, + vrf_id, port); + } + } + goto out; + } else if (stcb == NULL) { + inp_decr = inp; + } +#ifdef IPSEC + /*- + * I very much doubt any of the IPSEC stuff will work but I have no + * idea, so I will leave it in place. + */ + if (inp != NULL) { + switch (dst->sa_family) { +#ifdef INET + case AF_INET: + if (ipsec4_in_reject(m, &inp->ip_inp.inp)) { + MODULE_GLOBAL(ipsec4stat).in_polvio++; + SCTP_STAT_INCR(sctps_hdrops); + goto out; + } + break; +#endif +#ifdef INET6 + case AF_INET6: + if (ipsec6_in_reject(m, &inp->ip_inp.inp)) { + MODULE_GLOBAL(ipsec6stat).in_polvio++; + SCTP_STAT_INCR(sctps_hdrops); + goto out; + } + break; +#endif + default: + break; + } + } +#endif SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n", - m, iphlen, offset, length, stcb); + (void *)m, iphlen, offset, length, (void *)stcb); if (stcb) { /* always clear this before beginning a packet */ stcb->asoc.authenticated = 0; stcb->asoc.seen_a_sack_this_pkt = 0; SCTPDBG(SCTP_DEBUG_INPUT1, "stcb:%p state:%x\n", - stcb, stcb->asoc.state); + (void *)stcb, stcb->asoc.state); if ((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) || (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { @@ -5490,16 +5733,21 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, * NOT respond to any packet.. its OOTB. */ SCTP_TCB_UNLOCK(stcb); - sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL, + stcb = NULL; + sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, + use_mflowid, mflowid, vrf_id, port); - goto out_now; + goto out; } } if (IS_SCTP_CONTROL(ch)) { /* process the control portion of the SCTP packet */ /* sa_ignore NO_NULL_CHK */ - stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch, - inp, stcb, &net, &fwd_tsn_seen, vrf_id, port); + stcb = sctp_process_control(m, iphlen, &offset, length, + src, dst, sh, ch, + inp, stcb, &net, &fwd_tsn_seen, + use_mflowid, mflowid, + vrf_id, port); if (stcb) { /* * This covers us if the cookie-echo was there and @@ -5508,7 +5756,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, inp = stcb->sctp_ep; if ((net) && (port)) { if (net->port == 0) { - sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr)); + sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); } net->port = port; } @@ -5529,20 +5777,19 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) { /* "silently" ignore */ SCTP_STAT_INCR(sctps_recvauthmissing); - SCTP_TCB_UNLOCK(stcb); - goto out_now; + goto out; } if (stcb == NULL) { /* out of the blue DATA chunk */ - sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL, + sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, + use_mflowid, mflowid, vrf_id, port); - goto out_now; + goto out; } if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { /* v_tag mismatch! */ SCTP_STAT_INCR(sctps_badvtag); - SCTP_TCB_UNLOCK(stcb); - goto out_now; + goto out; } } @@ -5552,7 +5799,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, * packet while processing control, or we're done with this * packet (done or skip rest of data), so we drop it... */ - goto out_now; + goto out; } /* * DATA chunk processing @@ -5603,10 +5850,10 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, /* * We consider OOTB any data sent during asoc setup. */ - sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL, + sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, + use_mflowid, mflowid, vrf_id, port); - SCTP_TCB_UNLOCK(stcb); - goto out_now; + goto out; /* sa_ignore NOTREACHED */ break; case SCTP_STATE_EMPTY: /* should not happen */ @@ -5614,59 +5861,52 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */ case SCTP_STATE_SHUTDOWN_ACK_SENT: default: - SCTP_TCB_UNLOCK(stcb); - goto out_now; + goto out; /* sa_ignore NOTREACHED */ break; case SCTP_STATE_OPEN: case SCTP_STATE_SHUTDOWN_SENT: break; } - /* take care of ECN, part 1. */ - if (stcb->asoc.ecn_allowed && - (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) { - sctp_process_ecn_marked_a(stcb, net, ecn_bits); - } /* plow through the data chunks while length > offset */ - retval = sctp_process_data(mm, iphlen, &offset, length, sh, - inp, stcb, net, &high_tsn); + retval = sctp_process_data(mm, iphlen, &offset, length, + src, dst, sh, + inp, stcb, net, &high_tsn, + use_mflowid, mflowid, + vrf_id, port); if (retval == 2) { /* * The association aborted, NO UNLOCK needed since * the association is destroyed. */ - goto out_now; + stcb = NULL; + goto out; } data_processed = 1; - if (retval == 0) { - /* take care of ecn part 2. */ - if (stcb->asoc.ecn_allowed && - (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) { - sctp_process_ecn_marked_b(stcb, net, high_tsn, - ecn_bits); - } - } /* * Anything important needs to have been m_copy'ed in * process_data */ } + /* take care of ecn */ + if ((data_processed == 1) && + (stcb->asoc.ecn_allowed == 1) && + ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS)) { + /* Yep, we need to add a ECNE */ + sctp_send_ecn_echo(stcb, net, high_tsn); + } if ((data_processed == 0) && (fwd_tsn_seen)) { int was_a_gap; uint32_t highest_tsn; - if (compare_with_wrap(stcb->asoc.highest_tsn_inside_nr_map, stcb->asoc.highest_tsn_inside_map, MAX_TSN)) { + if (SCTP_TSN_GT(stcb->asoc.highest_tsn_inside_nr_map, stcb->asoc.highest_tsn_inside_map)) { highest_tsn = stcb->asoc.highest_tsn_inside_nr_map; } else { highest_tsn = stcb->asoc.highest_tsn_inside_map; } - was_a_gap = compare_with_wrap(highest_tsn, stcb->asoc.cumulative_tsn, MAX_TSN); + was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn); stcb->asoc.send_sack = 1; - sctp_sack_check(stcb, was_a_gap, &abort_flag); - if (abort_flag) { - /* Again, we aborted so NO UNLOCK needed */ - goto out_now; - } + sctp_sack_check(stcb, was_a_gap); } else if (fwd_tsn_seen) { stcb->asoc.send_sack = 1; } @@ -5682,8 +5922,10 @@ trigger_send: TAILQ_EMPTY(&stcb->asoc.control_send_queue), stcb->asoc.total_flight); un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); - - if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue) || + if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { + cnt_ctrl_ready = stcb->asoc.ctrl_queue_cnt - stcb->asoc.ecn_echo_cnt_onq; + } + if (cnt_ctrl_ready || ((un_sent) && (stcb->asoc.peers_rwnd > 0 || (stcb->asoc.peers_rwnd <= 0 && stcb->asoc.total_flight == 0)))) { @@ -5695,10 +5937,20 @@ trigger_send: sctp_audit_log(0xE0, 3); sctp_auditing(2, inp, stcb, net); #endif - SCTP_TCB_UNLOCK(stcb); -out_now: +out: + if (stcb != NULL) { + SCTP_TCB_UNLOCK(stcb); + } + if (inp_decr != NULL) { + /* reduce ref-count */ + SCTP_INP_WLOCK(inp_decr); + SCTP_INP_DECR_REF(inp_decr); + SCTP_INP_WUNLOCK(inp_decr); + } #ifdef INVARIANTS - sctp_validate_no_locks(inp); + if (inp != NULL) { + sctp_validate_no_locks(inp); + } #endif return; } @@ -5708,258 +5960,181 @@ static void sctp_print_mbuf_chain(struct mbuf *m) { for (; m; m = SCTP_BUF_NEXT(m)) { - printf("%p: m_len = %ld\n", m, SCTP_BUF_LEN(m)); + SCTP_PRINTF("%p: m_len = %ld\n", (void *)m, SCTP_BUF_LEN(m)); if (SCTP_BUF_IS_EXTENDED(m)) - printf("%p: extend_size = %d\n", m, SCTP_BUF_EXTEND_SIZE(m)); + SCTP_PRINTF("%p: extend_size = %d\n", (void *)m, SCTP_BUF_EXTEND_SIZE(m)); } } #endif +#ifdef INET void sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port) { -#ifdef SCTP_MBUF_LOGGING - struct mbuf *mat; - -#endif struct mbuf *m; int iphlen; uint32_t vrf_id = 0; uint8_t ecn_bits; + struct sockaddr_in src, dst; struct ip *ip; struct sctphdr *sh; - struct sctp_inpcb *inp = NULL; - struct sctp_nets *net; - struct sctp_tcb *stcb = NULL; struct sctp_chunkhdr *ch; - int refcount_up = 0; - int length, mlen, offset; + int length, offset; #if !defined(SCTP_WITH_NO_CSUM) - uint32_t check, calc_check; + uint8_t compute_crc; #endif + uint32_t mflowid; + uint8_t use_mflowid; + iphlen = off; if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { SCTP_RELEASE_PKT(i_pak); return; } - mlen = SCTP_HEADER_LEN(i_pak); - iphlen = off; m = SCTP_HEADER_TO_CHAIN(i_pak); - - net = NULL; - SCTP_STAT_INCR(sctps_recvpackets); - SCTP_STAT_INCR_COUNTER64(sctps_inpackets); - - #ifdef SCTP_MBUF_LOGGING /* Log in any input mbufs */ if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { - mat = m; - while (mat) { + struct mbuf *mat; + + for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { if (SCTP_BUF_IS_EXTENDED(mat)) { sctp_log_mb(mat, SCTP_MBUF_INPUT); } - mat = SCTP_BUF_NEXT(mat); } } #endif -#ifdef SCTP_PACKET_LOGGING - if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) - sctp_packet_log(m, mlen); +#ifdef SCTP_PACKET_LOGGING + if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { + sctp_packet_log(m); + } #endif - /* - * Must take out the iphlen, since mlen expects this (only effect lb - * case) - */ - mlen -= iphlen; - - /* - * Get IP, SCTP, and first chunk header together in first mbuf. - */ - ip = mtod(m, struct ip *); - offset = iphlen + sizeof(*sh) + sizeof(*ch); + SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, + "sctp_input(): Packet of length %d received on %s with csum_flags 0x%x.\n", + m->m_pkthdr.len, + if_name(m->m_pkthdr.rcvif), + m->m_pkthdr.csum_flags); + if (m->m_flags & M_FLOWID) { + mflowid = m->m_pkthdr.flowid; + use_mflowid = 1; + } else { + mflowid = 0; + use_mflowid = 0; + } + SCTP_STAT_INCR(sctps_recvpackets); + SCTP_STAT_INCR_COUNTER64(sctps_inpackets); + /* Get IP, SCTP, and first chunk header together in the first mbuf. */ + offset = iphlen + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); if (SCTP_BUF_LEN(m) < offset) { - if ((m = m_pullup(m, offset)) == 0) { + if ((m = m_pullup(m, offset)) == NULL) { SCTP_STAT_INCR(sctps_hdrops); return; } - ip = mtod(m, struct ip *); } - /* validate mbuf chain length with IP payload length */ - if (mlen < (SCTP_GET_IPV4_LENGTH(ip) - iphlen)) { + ip = mtod(m, struct ip *); + sh = (struct sctphdr *)((caddr_t)ip + iphlen); + ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(struct sctphdr)); + offset -= sizeof(struct sctp_chunkhdr); + memset(&src, 0, sizeof(struct sockaddr_in)); + src.sin_family = AF_INET; + src.sin_len = sizeof(struct sockaddr_in); + src.sin_port = sh->src_port; + src.sin_addr = ip->ip_src; + memset(&dst, 0, sizeof(struct sockaddr_in)); + dst.sin_family = AF_INET; + dst.sin_len = sizeof(struct sockaddr_in); + dst.sin_port = sh->dest_port; + dst.sin_addr = ip->ip_dst; + length = ip->ip_len + iphlen; + /* Validate mbuf chain length with IP payload length. */ + if (SCTP_HEADER_LEN(m) != length) { + SCTPDBG(SCTP_DEBUG_INPUT1, + "sctp_input() length:%d reported length:%d\n", length, SCTP_HEADER_LEN(m)); SCTP_STAT_INCR(sctps_hdrops); - goto bad; + goto out; } - sh = (struct sctphdr *)((caddr_t)ip + iphlen); - ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(*sh)); - SCTPDBG(SCTP_DEBUG_INPUT1, - "sctp_input() length:%d iphlen:%d\n", mlen, iphlen); - /* SCTP does not allow broadcasts or multicasts */ - if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { - goto bad; + if (IN_MULTICAST(ntohl(dst.sin_addr.s_addr))) { + goto out; } - if (SCTP_IS_IT_BROADCAST(ip->ip_dst, m)) { - /* - * We only look at broadcast if its a front state, All - * others we will not have a tcb for anyway. - */ - goto bad; + if (SCTP_IS_IT_BROADCAST(dst.sin_addr, m)) { + goto out; } - /* validate SCTP checksum */ - SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, - "sctp_input(): Packet of length %d received on %s with csum_flags 0x%x.\n", - m->m_pkthdr.len, - if_name(m->m_pkthdr.rcvif), - m->m_pkthdr.csum_flags); + ecn_bits = ip->ip_tos; #if defined(SCTP_WITH_NO_CSUM) SCTP_STAT_INCR(sctps_recvnocrc); #else if (m->m_pkthdr.csum_flags & CSUM_SCTP_VALID) { SCTP_STAT_INCR(sctps_recvhwcrc); - goto sctp_skip_csum_4; - } - check = sh->checksum; /* save incoming checksum */ - sh->checksum = 0; /* prepare for calc */ - calc_check = sctp_calculate_cksum(m, iphlen); - sh->checksum = check; - SCTP_STAT_INCR(sctps_recvswcrc); - if (calc_check != check) { - SCTPDBG(SCTP_DEBUG_INPUT1, "Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n", - calc_check, check, m, mlen, iphlen); - - stcb = sctp_findassociation_addr(m, iphlen, - offset - sizeof(*ch), - sh, ch, &inp, &net, - vrf_id); - if ((net) && (port)) { - if (net->port == 0) { - sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr)); - } - net->port = port; - } - if ((inp) && (stcb)) { - sctp_send_packet_dropped(stcb, net, m, iphlen, 1); - sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); - } else if ((inp != NULL) && (stcb == NULL)) { - refcount_up = 1; - } - SCTP_STAT_INCR(sctps_badsum); - SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors); - goto bad; - } -sctp_skip_csum_4: -#endif - /* destination port of 0 is illegal, based on RFC2960. */ - if (sh->dest_port == 0) { - SCTP_STAT_INCR(sctps_hdrops); - goto bad; - } - /* - * Locate pcb and tcb for datagram sctp_findassociation_addr() wants - * IP/SCTP/first chunk header... - */ - stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch), - sh, ch, &inp, &net, vrf_id); - if ((net) && (port)) { - if (net->port == 0) { - sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr)); - } - net->port = port; - } - /* inp's ref-count increased && stcb locked */ - if (inp == NULL) { - struct sctp_init_chunk *init_chk, chunk_buf; - - SCTP_STAT_INCR(sctps_noport); -#ifdef ICMP_BANDLIM - /* - * we use the bandwidth limiting to protect against sending - * too many ABORTS all at once. In this case these count the - * same as an ICMP message. - */ - if (badport_bandlim(0) < 0) - goto bad; -#endif /* ICMP_BANDLIM */ - SCTPDBG(SCTP_DEBUG_INPUT1, - "Sending a ABORT from packet entry!\n"); - if (ch->chunk_type == SCTP_INITIATION) { - /* - * we do a trick here to get the INIT tag, dig in - * and get the tag from the INIT and put it in the - * common header. - */ - init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, - iphlen + sizeof(*sh), sizeof(*init_chk), - (uint8_t *) & chunk_buf); - if (init_chk != NULL) - sh->v_tag = init_chk->init.initiate_tag; - } - if (ch->chunk_type == SCTP_SHUTDOWN_ACK) { - sctp_send_shutdown_complete2(m, iphlen, sh, vrf_id, port); - goto bad; - } - if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { - goto bad; - } - if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) - sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port); - goto bad; - } else if (stcb == NULL) { - refcount_up = 1; - } -#ifdef IPSEC - /* - * I very much doubt any of the IPSEC stuff will work but I have no - * idea, so I will leave it in place. - */ - if (inp && ipsec4_in_reject(m, &inp->ip_inp.inp)) { - MODULE_GLOBAL(ipsec4stat).in_polvio++; - SCTP_STAT_INCR(sctps_hdrops); - goto bad; - } -#endif /* IPSEC */ - - /* - * common chunk processing - */ - length = ip->ip_len + iphlen; - offset -= sizeof(struct sctp_chunkhdr); - - ecn_bits = ip->ip_tos; - - /* sa_ignore NO_NULL_CHK */ - sctp_common_input_processing(&m, iphlen, offset, length, sh, ch, - inp, stcb, net, ecn_bits, vrf_id, port); - /* inp's ref-count reduced && stcb unlocked */ - if (m) { - sctp_m_freem(m); - } - if ((inp) && (refcount_up)) { - /* reduce ref-count */ - SCTP_INP_DECR_REF(inp); - } - return; -bad: - if (stcb) { - SCTP_TCB_UNLOCK(stcb); - } - if ((inp) && (refcount_up)) { - /* reduce ref-count */ - SCTP_INP_DECR_REF(inp); + compute_crc = 0; + } else { + SCTP_STAT_INCR(sctps_recvswcrc); + compute_crc = 1; } +#endif + sctp_common_input_processing(&m, iphlen, offset, length, + (struct sockaddr *)&src, + (struct sockaddr *)&dst, + sh, ch, +#if !defined(SCTP_WITH_NO_CSUM) + compute_crc, +#endif + ecn_bits, + use_mflowid, mflowid, + vrf_id, port); +out: if (m) { sctp_m_freem(m); } return; } + +#if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) +extern int *sctp_cpuarry; + +#endif + void -sctp_input(i_pak, off) - struct mbuf *i_pak; - int off; +sctp_input(struct mbuf *m, int off) { - sctp_input_with_port(i_pak, off, 0); +#if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) + struct ip *ip; + struct sctphdr *sh; + int offset; + int cpu_to_use; + uint32_t flowid, tag; + + if (mp_ncpus > 1) { + if (m->m_flags & M_FLOWID) { + flowid = m->m_pkthdr.flowid; + } else { + /* + * No flow id built by lower layers fix it so we + * create one. + */ + offset = off + sizeof(struct sctphdr); + if (SCTP_BUF_LEN(m) < offset) { + if ((m = m_pullup(m, offset)) == NULL) { + SCTP_STAT_INCR(sctps_hdrops); + return; + } + } + ip = mtod(m, struct ip *); + sh = (struct sctphdr *)((caddr_t)ip + off); + tag = htonl(sh->v_tag); + flowid = tag ^ ntohs(sh->dest_port) ^ ntohs(sh->src_port); + m->m_pkthdr.flowid = flowid; + m->m_flags |= M_FLOWID; + } + cpu_to_use = sctp_cpuarry[flowid % mp_ncpus]; + sctp_queue_to_mcore(m, off, cpu_to_use); + return; + } +#endif + sctp_input_with_port(m, off, 0); } + +#endif |