diff options
| author | rrs <rrs@FreeBSD.org> | 2006-11-03 15:23:16 +0000 |
|---|---|---|
| committer | rrs <rrs@FreeBSD.org> | 2006-11-03 15:23:16 +0000 |
| commit | 3d3e3f2242423b47549f89486754bc40030fbe9f (patch) | |
| tree | 0ec895f64207afbb268edd872d01288ffc058501 /sys/netinet/sctputil.c | |
| parent | d23275fe7d190eab56c82bf462ecb67346e58ab3 (diff) | |
| download | FreeBSD-src-3d3e3f2242423b47549f89486754bc40030fbe9f.zip FreeBSD-src-3d3e3f2242423b47549f89486754bc40030fbe9f.tar.gz | |
Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
****
peterlei@cisco.com
tuexen@fh-muenster.de
****
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0
So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.
I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)
There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..
If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)
Reviewed by: gnn
Approved by: gnn
Diffstat (limited to 'sys/netinet/sctputil.c')
| -rw-r--r-- | sys/netinet/sctputil.c | 5390 |
1 files changed, 5390 insertions, 0 deletions
diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c new file mode 100644 index 0000000..e8fb2d5 --- /dev/null +++ b/sys/netinet/sctputil.c @@ -0,0 +1,5390 @@ +/*- + * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * a) Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * b) Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the distribution. + * + * c) Neither the name of Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* $KAME: sctputil.c,v 1.37 2005/03/07 23:26:09 itojun Exp $ */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + + +#include "opt_ipsec.h" +#include "opt_compat.h" +#include "opt_inet6.h" +#include "opt_inet.h" +#include "opt_sctp.h" + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/fcntl.h> +#include <sys/lock.h> +#include <sys/malloc.h> +#include <sys/mbuf.h> +#include <sys/domain.h> +#include <sys/file.h> /* for struct knote */ +#include <sys/kernel.h> +#include <sys/event.h> +#include <sys/poll.h> + +#include <sys/protosw.h> +#include <sys/socket.h> +#include <sys/socketvar.h> +#include <sys/proc.h> +#include <sys/kernel.h> +#include <sys/resourcevar.h> +#include <sys/signalvar.h> +#include <sys/sysctl.h> +#include <sys/uio.h> +#include <sys/jail.h> + +#include <sys/callout.h> + +#include <net/radix.h> +#include <net/route.h> + +#ifdef INET6 +#include <sys/domain.h> +#endif + +#include <sys/limits.h> +#include <sys/mac.h> +#include <sys/mutex.h> + +#include <net/if.h> +#include <net/if_types.h> +#include <net/route.h> + +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> +#include <netinet/in_pcb.h> +#include <netinet/in_var.h> +#include <netinet/ip_var.h> + +#ifdef INET6 +#include <netinet/ip6.h> +#include <netinet6/ip6_var.h> + +#include <netinet6/in6_pcb.h> + +#include <netinet6/scope6_var.h> +#endif /* INET6 */ + +#ifdef IPSEC +#include <netinet6/ipsec.h> +#include <netkey/key.h> +#endif /* IPSEC */ + +#include <netinet/sctp_os.h> +#include <netinet/sctp_pcb.h> +#include <netinet/sctputil.h> +#include <netinet/sctp_var.h> +#ifdef INET6 +#include <netinet6/sctp6_var.h> +#endif +#include <netinet/sctp_header.h> +#include <netinet/sctp_output.h> +#include <netinet/sctp_uio.h> +#include <netinet/sctp_timer.h> +#include <netinet/sctp_crc32.h> +#include <netinet/sctp_indata.h>/* for sctp_deliver_data() */ +#include <netinet/sctp_auth.h> +#include <netinet/sctp_asconf.h> + +extern int sctp_warm_the_crc32_table; + +#define NUMBER_OF_MTU_SIZES 18 + +#ifdef SCTP_DEBUG +extern uint32_t sctp_debug_on; + +#endif + + +#ifdef SCTP_STAT_LOGGING +int global_sctp_cwnd_log_at = 0; +int global_sctp_cwnd_log_rolled = 0; +struct sctp_cwnd_log sctp_clog[SCTP_STAT_LOG_SIZE]; + +static uint32_t +sctp_get_time_of_event(void) +{ + struct timeval now; + uint32_t timeval; + + SCTP_GETPTIME_TIMEVAL(&now); + timeval = (now.tv_sec % 0x00000fff); + timeval <<= 20; + timeval |= now.tv_usec & 0xfffff; + return (timeval); +} + + +void +sctp_clr_stat_log(void) +{ + global_sctp_cwnd_log_at = 0; + global_sctp_cwnd_log_rolled = 0; +} + + +void +sctp_sblog(struct sockbuf *sb, + struct sctp_tcb *stcb, int from, int incr) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_SB; + sctp_clog[sctp_cwnd_log_at].x.sb.stcb = (uint32_t) stcb; + sctp_clog[sctp_cwnd_log_at].x.sb.so_sbcc = sb->sb_cc; + if (stcb) + sctp_clog[sctp_cwnd_log_at].x.sb.stcb_sbcc = stcb->asoc.sb_cc; + else + sctp_clog[sctp_cwnd_log_at].x.sb.stcb_sbcc = 0; + sctp_clog[sctp_cwnd_log_at].x.sb.incr = incr; +} + +void +sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = 0; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_CLOSE; + sctp_clog[sctp_cwnd_log_at].x.close.inp = (uint32_t) inp; + sctp_clog[sctp_cwnd_log_at].x.close.sctp_flags = inp->sctp_flags; + if (stcb) { + sctp_clog[sctp_cwnd_log_at].x.close.stcb = (uint32_t) stcb; + sctp_clog[sctp_cwnd_log_at].x.close.state = (uint16_t) stcb->asoc.state; + } else { + sctp_clog[sctp_cwnd_log_at].x.close.stcb = 0; + sctp_clog[sctp_cwnd_log_at].x.close.state = 0; + } + sctp_clog[sctp_cwnd_log_at].x.close.loc = loc; +} + + +void +rto_logging(struct sctp_nets *net, int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RTT; + sctp_clog[sctp_cwnd_log_at].x.rto.net = (uint32_t) net; + sctp_clog[sctp_cwnd_log_at].x.rto.rtt = net->prev_rtt; + sctp_clog[sctp_cwnd_log_at].x.rto.rttvar = net->rtt_variance; + sctp_clog[sctp_cwnd_log_at].x.rto.direction = net->rto_variance_dir; +} + +void +sctp_log_strm_del_alt(uint32_t tsn, uint16_t sseq, int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_STRM; + sctp_clog[sctp_cwnd_log_at].x.strlog.n_tsn = tsn; + sctp_clog[sctp_cwnd_log_at].x.strlog.n_sseq = sseq; + sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = 0; + sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = 0; +} + +void +sctp_log_nagle_event(struct sctp_tcb *stcb, int action) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) action; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_NAGLE; + sctp_clog[sctp_cwnd_log_at].x.nagle.stcb = (uint32_t) stcb; + sctp_clog[sctp_cwnd_log_at].x.nagle.total_flight = stcb->asoc.total_flight; + sctp_clog[sctp_cwnd_log_at].x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; + sctp_clog[sctp_cwnd_log_at].x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; + sctp_clog[sctp_cwnd_log_at].x.nagle.count_in_flight = stcb->asoc.total_flight_count; +} + + +void +sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_SACK; + sctp_clog[sctp_cwnd_log_at].x.sack.cumack = cumack; + sctp_clog[sctp_cwnd_log_at].x.sack.oldcumack = old_cumack; + sctp_clog[sctp_cwnd_log_at].x.sack.tsn = tsn; + sctp_clog[sctp_cwnd_log_at].x.sack.numGaps = gaps; + sctp_clog[sctp_cwnd_log_at].x.sack.numDups = dups; +} + +void +sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MAP; + sctp_clog[sctp_cwnd_log_at].x.map.base = map; + sctp_clog[sctp_cwnd_log_at].x.map.cum = cum; + sctp_clog[sctp_cwnd_log_at].x.map.high = high; +} + +void +sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, + int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_FR; + sctp_clog[sctp_cwnd_log_at].x.fr.largest_tsn = biggest_tsn; + sctp_clog[sctp_cwnd_log_at].x.fr.largest_new_tsn = biggest_new_tsn; + sctp_clog[sctp_cwnd_log_at].x.fr.tsn = tsn; +} + + +void +sctp_log_mb(struct mbuf *m, int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MBUF; + sctp_clog[sctp_cwnd_log_at].x.mb.mp = m; + sctp_clog[sctp_cwnd_log_at].x.mb.mbuf_flags = (uint8_t) (m->m_flags); + sctp_clog[sctp_cwnd_log_at].x.mb.size = (uint16_t) (m->m_len); + sctp_clog[sctp_cwnd_log_at].x.mb.data = m->m_data; + if (m->m_flags & M_EXT) { + sctp_clog[sctp_cwnd_log_at].x.mb.ext = m->m_ext.ext_buf; + sctp_clog[sctp_cwnd_log_at].x.mb.refcnt = (uint8_t) (*m->m_ext.ref_cnt); + } else { + sctp_clog[sctp_cwnd_log_at].x.mb.ext = 0; + sctp_clog[sctp_cwnd_log_at].x.mb.refcnt = 0; + } +} + + +void +sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, + int from) +{ + int sctp_cwnd_log_at; + + if (control == NULL) { + printf("Gak log of NULL?\n"); + return; + } + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_STRM; + sctp_clog[sctp_cwnd_log_at].x.strlog.n_tsn = control->sinfo_tsn; + sctp_clog[sctp_cwnd_log_at].x.strlog.n_sseq = control->sinfo_ssn; + if (poschk != NULL) { + sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = poschk->sinfo_tsn; + sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = poschk->sinfo_ssn; + } else { + sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = 0; + sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = 0; + } +} + +void +sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_CWND; + sctp_clog[sctp_cwnd_log_at].x.cwnd.net = net; + if (stcb->asoc.send_queue_cnt > 255) + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = 255; + else + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; + if (stcb->asoc.stream_queue_cnt > 255) + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = 255; + else + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; + + if (net) { + sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_new_value = net->cwnd; + sctp_clog[sctp_cwnd_log_at].x.cwnd.inflight = net->flight_size; + sctp_clog[sctp_cwnd_log_at].x.cwnd.pseudo_cumack = net->pseudo_cumack; + sctp_clog[sctp_cwnd_log_at].x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; + sctp_clog[sctp_cwnd_log_at].x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; + } + if (SCTP_CWNDLOG_PRESEND == from) { + sctp_clog[sctp_cwnd_log_at].x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; + } + sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_augment = augment; +} + +void +sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_LOCK_EVENT; + sctp_clog[sctp_cwnd_log_at].x.lock.sock = (uint32_t) inp->sctp_socket; + sctp_clog[sctp_cwnd_log_at].x.lock.inp = (uint32_t) inp; + if (stcb) { + sctp_clog[sctp_cwnd_log_at].x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); + } else { + sctp_clog[sctp_cwnd_log_at].x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; + } + if (inp) { + sctp_clog[sctp_cwnd_log_at].x.lock.inp_lock = mtx_owned(&inp->inp_mtx); + sctp_clog[sctp_cwnd_log_at].x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); + } else { + sctp_clog[sctp_cwnd_log_at].x.lock.inp_lock = SCTP_LOCK_UNKNOWN; + sctp_clog[sctp_cwnd_log_at].x.lock.create_lock = SCTP_LOCK_UNKNOWN; + } + sctp_clog[sctp_cwnd_log_at].x.lock.info_lock = mtx_owned(&sctppcbinfo.ipi_ep_mtx); + if (inp->sctp_socket) { + sctp_clog[sctp_cwnd_log_at].x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); + sctp_clog[sctp_cwnd_log_at].x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); + sctp_clog[sctp_cwnd_log_at].x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); + } else { + sctp_clog[sctp_cwnd_log_at].x.lock.sock_lock = SCTP_LOCK_UNKNOWN; + sctp_clog[sctp_cwnd_log_at].x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; + sctp_clog[sctp_cwnd_log_at].x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; + } +} + +void +sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MAXBURST; + sctp_clog[sctp_cwnd_log_at].x.cwnd.net = net; + sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_new_value = error; + sctp_clog[sctp_cwnd_log_at].x.cwnd.inflight = net->flight_size; + sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_augment = burst; + if (stcb->asoc.send_queue_cnt > 255) + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = 255; + else + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; + if (stcb->asoc.stream_queue_cnt > 255) + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = 255; + else + sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; +} + +void +sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RWND; + sctp_clog[sctp_cwnd_log_at].x.rwnd.rwnd = peers_rwnd; + sctp_clog[sctp_cwnd_log_at].x.rwnd.send_size = snd_size; + sctp_clog[sctp_cwnd_log_at].x.rwnd.overhead = overhead; + sctp_clog[sctp_cwnd_log_at].x.rwnd.new_rwnd = 0; +} + +void +sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RWND; + sctp_clog[sctp_cwnd_log_at].x.rwnd.rwnd = peers_rwnd; + sctp_clog[sctp_cwnd_log_at].x.rwnd.send_size = flight_size; + sctp_clog[sctp_cwnd_log_at].x.rwnd.overhead = overhead; + sctp_clog[sctp_cwnd_log_at].x.rwnd.new_rwnd = a_rwndval; +} + +void +sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MBCNT; + sctp_clog[sctp_cwnd_log_at].x.mbcnt.total_queue_size = total_oq; + sctp_clog[sctp_cwnd_log_at].x.mbcnt.size_change = book; + sctp_clog[sctp_cwnd_log_at].x.mbcnt.total_queue_mb_size = total_mbcnt_q; + sctp_clog[sctp_cwnd_log_at].x.mbcnt.mbcnt_change = mbcnt; +} + +void +sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_MISC_EVENT; + sctp_clog[sctp_cwnd_log_at].x.misc.log1 = a; + sctp_clog[sctp_cwnd_log_at].x.misc.log2 = b; + sctp_clog[sctp_cwnd_log_at].x.misc.log3 = c; + sctp_clog[sctp_cwnd_log_at].x.misc.log4 = d; +} + +void +sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t cumtsn, uint32_t wake_cnt, int from) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_WAKE; + sctp_clog[sctp_cwnd_log_at].x.wake.stcb = (uint32_t) stcb; + sctp_clog[sctp_cwnd_log_at].x.wake.wake_cnt = wake_cnt; + sctp_clog[sctp_cwnd_log_at].x.wake.flight = stcb->asoc.total_flight_count; + sctp_clog[sctp_cwnd_log_at].x.wake.send_q = stcb->asoc.send_queue_cnt; + sctp_clog[sctp_cwnd_log_at].x.wake.sent_q = stcb->asoc.sent_queue_cnt; + + if (stcb->asoc.stream_queue_cnt < 0xff) + sctp_clog[sctp_cwnd_log_at].x.wake.stream_qcnt = (uint8_t) stcb->asoc.stream_queue_cnt; + else + sctp_clog[sctp_cwnd_log_at].x.wake.stream_qcnt = 0xff; + + if (stcb->asoc.chunks_on_out_queue < 0xff) + sctp_clog[sctp_cwnd_log_at].x.wake.chunks_on_oque = (uint8_t) stcb->asoc.chunks_on_out_queue; + else + sctp_clog[sctp_cwnd_log_at].x.wake.chunks_on_oque = 0xff; + + sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags = 0; + /* set in the defered mode stuff */ + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) + sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 1; + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) + sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 2; + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) + sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 4; + /* what about the sb */ + if (stcb->sctp_socket) { + struct socket *so = stcb->sctp_socket; + + sctp_clog[sctp_cwnd_log_at].x.wake.sbflags = (uint8_t) ((so->so_snd.sb_flags & 0x00ff)); + } else { + sctp_clog[sctp_cwnd_log_at].x.wake.sbflags = 0xff; + } +} + +void +sctp_log_block(uint8_t from, struct socket *so, struct sctp_association *asoc, int sendlen) +{ + int sctp_cwnd_log_at; + + SCTP_STATLOG_GETREF(sctp_cwnd_log_at); + sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; + sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); + sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_BLOCK; + sctp_clog[sctp_cwnd_log_at].x.blk.onsb = asoc->total_output_queue_size; + sctp_clog[sctp_cwnd_log_at].x.blk.send_sent_qcnt = (uint16_t) (asoc->send_queue_cnt + asoc->sent_queue_cnt); + sctp_clog[sctp_cwnd_log_at].x.blk.peer_rwnd = asoc->peers_rwnd; + sctp_clog[sctp_cwnd_log_at].x.blk.stream_qcnt = (uint16_t) asoc->stream_queue_cnt; + sctp_clog[sctp_cwnd_log_at].x.blk.chunks_on_oque = (uint16_t) asoc->chunks_on_out_queue; + sctp_clog[sctp_cwnd_log_at].x.blk.flight_size = (uint16_t) (asoc->total_flight / 1024); + sctp_clog[sctp_cwnd_log_at].x.blk.sndlen = sendlen; +} + +int +sctp_fill_stat_log(struct mbuf *m) +{ + int sctp_cwnd_log_at; + struct sctp_cwnd_log_req *req; + size_t size_limit; + int num, i, at, cnt_out = 0; + + if (m == NULL) + return (EINVAL); + + size_limit = (m->m_len - sizeof(struct sctp_cwnd_log_req)); + if (size_limit < sizeof(struct sctp_cwnd_log)) { + return (EINVAL); + } + sctp_cwnd_log_at = global_sctp_cwnd_log_at; + req = mtod(m, struct sctp_cwnd_log_req *); + num = size_limit / sizeof(struct sctp_cwnd_log); + if (global_sctp_cwnd_log_rolled) { + req->num_in_log = SCTP_STAT_LOG_SIZE; + } else { + req->num_in_log = sctp_cwnd_log_at; + /* + * if the log has not rolled, we don't let you have old + * data. + */ + if (req->end_at > sctp_cwnd_log_at) { + req->end_at = sctp_cwnd_log_at; + } + } + if ((num < SCTP_STAT_LOG_SIZE) && + ((global_sctp_cwnd_log_rolled) || (sctp_cwnd_log_at > num))) { + /* we can't return all of it */ + if (((req->start_at == 0) && (req->end_at == 0)) || + (req->start_at >= SCTP_STAT_LOG_SIZE) || + (req->end_at >= SCTP_STAT_LOG_SIZE)) { + /* No user request or user is wacked. */ + req->num_ret = num; + req->end_at = sctp_cwnd_log_at - 1; + if ((sctp_cwnd_log_at - num) < 0) { + int cc; + + cc = num - sctp_cwnd_log_at; + req->start_at = SCTP_STAT_LOG_SIZE - cc; + } else { + req->start_at = sctp_cwnd_log_at - num; + } + } else { + /* a user request */ + int cc; + + if (req->start_at > req->end_at) { + cc = (SCTP_STAT_LOG_SIZE - req->start_at) + + (req->end_at + 1); + } else { + + cc = (req->end_at - req->start_at) + 1; + } + if (cc < num) { + num = cc; + } + req->num_ret = num; + } + } else { + /* We can return all of it */ + req->start_at = 0; + req->end_at = sctp_cwnd_log_at - 1; + req->num_ret = sctp_cwnd_log_at; + } +#ifdef INVARIENTS + if (req->num_ret > num) { + panic("Bad statlog get?"); + } +#endif + for (i = 0, at = req->start_at; i < req->num_ret; i++) { + req->log[i] = sctp_clog[at]; + cnt_out++; + at++; + if (at >= SCTP_STAT_LOG_SIZE) + at = 0; + } + m->m_len = (cnt_out * sizeof(struct sctp_cwnd_log)) + sizeof(struct sctp_cwnd_log_req); + return (0); +} + +#endif + +#ifdef SCTP_AUDITING_ENABLED +uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; +static int sctp_audit_indx = 0; + +static +void +sctp_print_audit_report(void) +{ + int i; + int cnt; + + cnt = 0; + for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { + if ((sctp_audit_data[i][0] == 0xe0) && + (sctp_audit_data[i][1] == 0x01)) { + cnt = 0; + printf("\n"); + } else if (sctp_audit_data[i][0] == 0xf0) { + cnt = 0; + printf("\n"); + } else if ((sctp_audit_data[i][0] == 0xc0) && + (sctp_audit_data[i][1] == 0x01)) { + printf("\n"); + cnt = 0; + } + printf("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], + (uint32_t) sctp_audit_data[i][1]); + cnt++; + if ((cnt % 14) == 0) + printf("\n"); + } + for (i = 0; i < sctp_audit_indx; i++) { + if ((sctp_audit_data[i][0] == 0xe0) && + (sctp_audit_data[i][1] == 0x01)) { + cnt = 0; + printf("\n"); + } else if (sctp_audit_data[i][0] == 0xf0) { + cnt = 0; + printf("\n"); + } else if ((sctp_audit_data[i][0] == 0xc0) && + (sctp_audit_data[i][1] == 0x01)) { + printf("\n"); + cnt = 0; + } + printf("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], + (uint32_t) sctp_audit_data[i][1]); + cnt++; + if ((cnt % 14) == 0) + printf("\n"); + } + printf("\n"); +} + +void +sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, + struct sctp_nets *net) +{ + int resend_cnt, tot_out, rep, tot_book_cnt; + struct sctp_nets *lnet; + struct sctp_tmit_chunk *chk; + + sctp_audit_data[sctp_audit_indx][0] = 0xAA; + sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + if (inp == NULL) { + sctp_audit_data[sctp_audit_indx][0] = 0xAF; + sctp_audit_data[sctp_audit_indx][1] = 0x01; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + return; + } + if (stcb == NULL) { + sctp_audit_data[sctp_audit_indx][0] = 0xAF; + sctp_audit_data[sctp_audit_indx][1] = 0x02; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + return; + } + sctp_audit_data[sctp_audit_indx][0] = 0xA1; + sctp_audit_data[sctp_audit_indx][1] = + (0x000000ff & stcb->asoc.sent_queue_retran_cnt); + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + rep = 0; + tot_book_cnt = 0; + resend_cnt = tot_out = 0; + TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { + if (chk->sent == SCTP_DATAGRAM_RESEND) { + resend_cnt++; + } else if (chk->sent < SCTP_DATAGRAM_RESEND) { + tot_out += chk->book_size; + tot_book_cnt++; + } + } + if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { + sctp_audit_data[sctp_audit_indx][0] = 0xAF; + sctp_audit_data[sctp_audit_indx][1] = 0xA1; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + printf("resend_cnt:%d asoc-tot:%d\n", + resend_cnt, stcb->asoc.sent_queue_retran_cnt); + rep = 1; + stcb->asoc.sent_queue_retran_cnt = resend_cnt; + sctp_audit_data[sctp_audit_indx][0] = 0xA2; + sctp_audit_data[sctp_audit_indx][1] = + (0x000000ff & stcb->asoc.sent_queue_retran_cnt); + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + } + if (tot_out != stcb->asoc.total_flight) { + sctp_audit_data[sctp_audit_indx][0] = 0xAF; + sctp_audit_data[sctp_audit_indx][1] = 0xA2; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + rep = 1; + printf("tot_flt:%d asoc_tot:%d\n", tot_out, + (int)stcb->asoc.total_flight); + stcb->asoc.total_flight = tot_out; + } + if (tot_book_cnt != stcb->asoc.total_flight_count) { + sctp_audit_data[sctp_audit_indx][0] = 0xAF; + sctp_audit_data[sctp_audit_indx][1] = 0xA5; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + rep = 1; + printf("tot_flt_book:%d\n", tot_book); + + stcb->asoc.total_flight_count = tot_book_cnt; + } + tot_out = 0; + TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { + tot_out += lnet->flight_size; + } + if (tot_out != stcb->asoc.total_flight) { + sctp_audit_data[sctp_audit_indx][0] = 0xAF; + sctp_audit_data[sctp_audit_indx][1] = 0xA3; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + rep = 1; + printf("real flight:%d net total was %d\n", + stcb->asoc.total_flight, tot_out); + /* now corrective action */ + TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { + + tot_out = 0; + TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { + if ((chk->whoTo == lnet) && + (chk->sent < SCTP_DATAGRAM_RESEND)) { + tot_out += chk->book_size; + } + } + if (lnet->flight_size != tot_out) { + printf("net:%x flight was %d corrected to %d\n", + (uint32_t) lnet, lnet->flight_size, tot_out); + lnet->flight_size = tot_out; + } + } + } + if (rep) { + sctp_print_audit_report(); + } +} + +void +sctp_audit_log(uint8_t ev, uint8_t fd) +{ + int s; + + s = splnet(); + sctp_audit_data[sctp_audit_indx][0] = ev; + sctp_audit_data[sctp_audit_indx][1] = fd; + sctp_audit_indx++; + if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { + sctp_audit_indx = 0; + } + splx(s); +} + +#endif + +/* + * a list of sizes based on typical mtu's, used only if next hop size not + * returned. + */ +static int sctp_mtu_sizes[] = { + 68, + 296, + 508, + 512, + 544, + 576, + 1006, + 1492, + 1500, + 1536, + 2002, + 2048, + 4352, + 4464, + 8166, + 17914, + 32000, + 65535 +}; + +void +sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) +{ + struct sctp_association *asoc; + struct sctp_nets *net; + + asoc = &stcb->asoc; + + callout_stop(&asoc->hb_timer.timer); + callout_stop(&asoc->dack_timer.timer); + callout_stop(&asoc->strreset_timer.timer); + callout_stop(&asoc->asconf_timer.timer); + callout_stop(&asoc->autoclose_timer.timer); + callout_stop(&asoc->delayed_event_timer.timer); + TAILQ_FOREACH(net, &asoc->nets, sctp_next) { + callout_stop(&net->fr_timer.timer); + callout_stop(&net->pmtu_timer.timer); + } +} + +int +find_next_best_mtu(int totsz) +{ + int i, perfer; + + /* + * if we are in here we must find the next best fit based on the + * size of the dg that failed to be sent. + */ + perfer = 0; + for (i = 0; i < NUMBER_OF_MTU_SIZES; i++) { + if (totsz < sctp_mtu_sizes[i]) { + perfer = i - 1; + if (perfer < 0) + perfer = 0; + break; + } + } + return (sctp_mtu_sizes[perfer]); +} + +void +sctp_fill_random_store(struct sctp_pcb *m) +{ + /* + * Here we use the MD5/SHA-1 to hash with our good randomNumbers and + * our counter. The result becomes our good random numbers and we + * then setup to give these out. Note that we do no locking to + * protect this. This is ok, since if competing folks call this we + * will get more gobbled gook in the random store whic is what we + * want. There is a danger that two guys will use the same random + * numbers, but thats ok too since that is random as well :-> + */ + m->store_at = 0; + sctp_hmac(SCTP_HMAC, (uint8_t *) m->random_numbers, + sizeof(m->random_numbers), (uint8_t *) & m->random_counter, + sizeof(m->random_counter), (uint8_t *) m->random_store); + m->random_counter++; +} + +uint32_t +sctp_select_initial_TSN(struct sctp_pcb *m) +{ + /* + * A true implementation should use random selection process to get + * the initial stream sequence number, using RFC1750 as a good + * guideline + */ + u_long x, *xp; + uint8_t *p; + + if (m->initial_sequence_debug != 0) { + uint32_t ret; + + ret = m->initial_sequence_debug; + m->initial_sequence_debug++; + return (ret); + } + if ((m->store_at + sizeof(u_long)) > SCTP_SIGNATURE_SIZE) { + /* Refill the random store */ + sctp_fill_random_store(m); + } + p = &m->random_store[(int)m->store_at]; + xp = (u_long *)p; + x = *xp; + m->store_at += sizeof(u_long); + return (x); +} + +uint32_t +sctp_select_a_tag(struct sctp_inpcb *m) +{ + u_long x, not_done; + struct timeval now; + + SCTP_GETTIME_TIMEVAL(&now); + not_done = 1; + while (not_done) { + x = sctp_select_initial_TSN(&m->sctp_ep); + if (x == 0) { + /* we never use 0 */ + continue; + } + if (sctp_is_vtag_good(m, x, &now)) { + not_done = 0; + } + } + return (x); +} + + +int +sctp_init_asoc(struct sctp_inpcb *m, struct sctp_association *asoc, + int for_a_init, uint32_t override_tag) +{ + /* + * Anything set to zero is taken care of by the allocation routine's + * bzero + */ + + /* + * Up front select what scoping to apply on addresses I tell my peer + * Not sure what to do with these right now, we will need to come up + * with a way to set them. We may need to pass them through from the + * caller in the sctp_aloc_assoc() function. + */ + int i; + + /* init all variables to a known value. */ + asoc->state = SCTP_STATE_INUSE; + asoc->max_burst = m->sctp_ep.max_burst; + asoc->heart_beat_delay = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); + asoc->cookie_life = m->sctp_ep.def_cookie_life; + asoc->sctp_cmt_on_off = (uint8_t) sctp_cmt_on_off; +#ifdef AF_INET + asoc->default_tos = m->ip_inp.inp.inp_ip_tos; +#else + asoc->default_tos = 0; +#endif + +#ifdef AF_INET6 + asoc->default_flowlabel = ((struct in6pcb *)m)->in6p_flowinfo; +#else + asoc->default_flowlabel = 0; +#endif + if (override_tag) { + struct timeval now; + + if (sctp_is_vtag_good(m, override_tag, &now)) { + asoc->my_vtag = override_tag; + } else { + return (ENOMEM); + } + + } else { + asoc->my_vtag = sctp_select_a_tag(m); + } + if (sctp_is_feature_on(m, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) + asoc->hb_is_disabled = 1; + else + asoc->hb_is_disabled = 0; + + asoc->refcnt = 0; + asoc->assoc_up_sent = 0; + asoc->assoc_id = asoc->my_vtag; + asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = + sctp_select_initial_TSN(&m->sctp_ep); + /* we are optimisitic here */ + asoc->peer_supports_pktdrop = 1; + + asoc->sent_queue_retran_cnt = 0; + + /* for CMT */ + asoc->last_net_data_came_from = NULL; + + /* This will need to be adjusted */ + asoc->last_cwr_tsn = asoc->init_seq_number - 1; + asoc->last_acked_seq = asoc->init_seq_number - 1; + asoc->advanced_peer_ack_point = asoc->last_acked_seq; + asoc->asconf_seq_in = asoc->last_acked_seq; + + /* here we are different, we hold the next one we expect */ + asoc->str_reset_seq_in = asoc->last_acked_seq + 1; + + asoc->initial_init_rto_max = m->sctp_ep.initial_init_rto_max; + asoc->initial_rto = m->sctp_ep.initial_rto; + + asoc->max_init_times = m->sctp_ep.max_init_times; + asoc->max_send_times = m->sctp_ep.max_send_times; + asoc->def_net_failure = m->sctp_ep.def_net_failure; + asoc->free_chunk_cnt = 0; + + asoc->iam_blocking = 0; + /* ECN Nonce initialization */ + asoc->context = m->sctp_context; + asoc->def_send = m->def_send; + asoc->ecn_nonce_allowed = 0; + asoc->receiver_nonce_sum = 1; + asoc->nonce_sum_expect_base = 1; + asoc->nonce_sum_check = 1; + asoc->nonce_resync_tsn = 0; + asoc->nonce_wait_for_ecne = 0; + asoc->nonce_wait_tsn = 0; + asoc->delayed_ack = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); + asoc->pr_sctp_cnt = 0; + asoc->total_output_queue_size = 0; + + if (m->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { + struct in6pcb *inp6; + + + /* Its a V6 socket */ + inp6 = (struct in6pcb *)m; + asoc->ipv6_addr_legal = 1; + /* Now look at the binding flag to see if V4 will be legal */ + if ( + (inp6->inp_flags & IN6P_IPV6_V6ONLY) + == 0) { + asoc->ipv4_addr_legal = 1; + } else { + /* V4 addresses are NOT legal on the association */ + asoc->ipv4_addr_legal = 0; + } + } else { + /* Its a V4 socket, no - V6 */ + asoc->ipv4_addr_legal = 1; + asoc->ipv6_addr_legal = 0; + } + + + asoc->my_rwnd = max(m->sctp_socket->so_rcv.sb_hiwat, SCTP_MINIMAL_RWND); + asoc->peers_rwnd = m->sctp_socket->so_rcv.sb_hiwat; + + asoc->smallest_mtu = m->sctp_frag_point; + asoc->minrto = m->sctp_ep.sctp_minrto; + asoc->maxrto = m->sctp_ep.sctp_maxrto; + + asoc->locked_on_sending = NULL; + asoc->stream_locked_on = 0; + asoc->ecn_echo_cnt_onq = 0; + asoc->stream_locked = 0; + + LIST_INIT(&asoc->sctp_local_addr_list); + TAILQ_INIT(&asoc->nets); + TAILQ_INIT(&asoc->pending_reply_queue); + asoc->last_asconf_ack_sent = NULL; + /* Setup to fill the hb random cache at first HB */ + asoc->hb_random_idx = 4; + + asoc->sctp_autoclose_ticks = m->sctp_ep.auto_close_time; + + /* + * Now the stream parameters, here we allocate space for all streams + * that we request by default. + */ + asoc->streamoutcnt = asoc->pre_open_streams = + m->sctp_ep.pre_open_stream_count; + SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, + asoc->streamoutcnt * sizeof(struct sctp_stream_out), + "StreamsOut"); + if (asoc->strmout == NULL) { + /* big trouble no memory */ + return (ENOMEM); + } + for (i = 0; i < asoc->streamoutcnt; i++) { + /* + * inbound side must be set to 0xffff, also NOTE when we get + * the INIT-ACK back (for INIT sender) we MUST reduce the + * count (streamoutcnt) but first check if we sent to any of + * the upper streams that were dropped (if some were). Those + * that were dropped must be notified to the upper layer as + * failed to send. + */ + asoc->strmout[i].next_sequence_sent = 0x0; + TAILQ_INIT(&asoc->strmout[i].outqueue); + asoc->strmout[i].stream_no = i; + asoc->strmout[i].last_msg_incomplete = 0; + asoc->strmout[i].next_spoke.tqe_next = 0; + asoc->strmout[i].next_spoke.tqe_prev = 0; + } + /* Now the mapping array */ + asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; + SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, + "MappingArray"); + if (asoc->mapping_array == NULL) { + SCTP_FREE(asoc->strmout); + return (ENOMEM); + } + memset(asoc->mapping_array, 0, asoc->mapping_array_size); + /* Now the init of the other outqueues */ + TAILQ_INIT(&asoc->free_chunks); + TAILQ_INIT(&asoc->free_strmoq); + TAILQ_INIT(&asoc->out_wheel); + TAILQ_INIT(&asoc->control_send_queue); + TAILQ_INIT(&asoc->send_queue); + TAILQ_INIT(&asoc->sent_queue); + TAILQ_INIT(&asoc->reasmqueue); + TAILQ_INIT(&asoc->resetHead); + asoc->max_inbound_streams = m->sctp_ep.max_open_streams_intome; + TAILQ_INIT(&asoc->asconf_queue); + /* authentication fields */ + asoc->authinfo.random = NULL; + asoc->authinfo.assoc_key = NULL; + asoc->authinfo.assoc_keyid = 0; + asoc->authinfo.recv_key = NULL; + asoc->authinfo.recv_keyid = 0; + LIST_INIT(&asoc->shared_keys); + + return (0); +} + +int +sctp_expand_mapping_array(struct sctp_association *asoc) +{ + /* mapping array needs to grow */ + uint8_t *new_array; + uint16_t new_size; + + new_size = asoc->mapping_array_size + SCTP_MAPPING_ARRAY_INCR; + SCTP_MALLOC(new_array, uint8_t *, new_size, "MappingArray"); + if (new_array == NULL) { + /* can't get more, forget it */ + printf("No memory for expansion of SCTP mapping array %d\n", + new_size); + return (-1); + } + memset(new_array, 0, new_size); + memcpy(new_array, asoc->mapping_array, asoc->mapping_array_size); + SCTP_FREE(asoc->mapping_array); + asoc->mapping_array = new_array; + asoc->mapping_array_size = new_size; + return (0); +} + +extern unsigned int sctp_early_fr_msec; + +static void +sctp_handle_addr_wq(void) +{ + /* deal with the ADDR wq from the rtsock calls */ + struct sctp_laddr *wi; + + SCTP_IPI_ADDR_LOCK(); + wi = LIST_FIRST(&sctppcbinfo.addr_wq); + if (wi == NULL) { + SCTP_IPI_ADDR_UNLOCK(); + return; + } + LIST_REMOVE(wi, sctp_nxt_addr); + if (!LIST_EMPTY(&sctppcbinfo.addr_wq)) { + sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, + (struct sctp_inpcb *)NULL, + (struct sctp_tcb *)NULL, + (struct sctp_nets *)NULL); + } + SCTP_IPI_ADDR_UNLOCK(); + if (wi->action == RTM_ADD) { + sctp_add_ip_address(wi->ifa); + } else if (wi->action == RTM_DELETE) { + sctp_delete_ip_address(wi->ifa); + } + IFAFREE(wi->ifa); + SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, wi); + SCTP_DECR_LADDR_COUNT(); +} + +void +sctp_timeout_handler(void *t) +{ + struct sctp_inpcb *inp; + struct sctp_tcb *stcb; + struct sctp_nets *net; + struct sctp_timer *tmr; + int s, did_output; + struct sctp_iterator *it = NULL; + + + s = splnet(); + tmr = (struct sctp_timer *)t; + inp = (struct sctp_inpcb *)tmr->ep; + stcb = (struct sctp_tcb *)tmr->tcb; + net = (struct sctp_nets *)tmr->net; + did_output = 1; + +#ifdef SCTP_AUDITING_ENABLED + sctp_audit_log(0xF0, (uint8_t) tmr->type); + sctp_auditing(3, inp, stcb, net); +#endif + + /* sanity checks... */ + if (tmr->self != (void *)tmr) { + /* + * printf("Stale SCTP timer fired (%p), ignoring...\n", + * tmr); + */ + splx(s); + return; + } + if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { + /* + * printf("SCTP timer fired with invalid type: 0x%x\n", + * tmr->type); + */ + splx(s); + return; + } + if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { + splx(s); + return; + } + /* if this is an iterator timeout, get the struct and clear inp */ + if (tmr->type == SCTP_TIMER_TYPE_ITERATOR) { + it = (struct sctp_iterator *)inp; + inp = NULL; + } + if (inp) { + SCTP_INP_INCR_REF(inp); + if ((inp->sctp_socket == 0) && + ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && + (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && + (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && + (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && + (tmr->type != SCTP_TIMER_TYPE_ASOCKILL)) + ) { + splx(s); + SCTP_INP_DECR_REF(inp); + return; + } + } + if (stcb) { + if (stcb->asoc.state == 0) { + splx(s); + if (inp) { + SCTP_INP_DECR_REF(inp); + } + return; + } + } +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_TIMER1) { + printf("Timer type %d goes off\n", tmr->type); + } +#endif /* SCTP_DEBUG */ + if (!callout_active(&tmr->timer)) { + splx(s); + if (inp) { + SCTP_INP_DECR_REF(inp); + } + return; + } + if (stcb) { + atomic_add_16(&stcb->asoc.refcnt, 1); + SCTP_TCB_LOCK(stcb); + atomic_add_16(&stcb->asoc.refcnt, -1); + } + /* mark as being serviced now */ + callout_deactivate(&tmr->timer); + + /* call the handler for the appropriate timer type */ + switch (tmr->type) { + case SCTP_TIMER_TYPE_ADDR_WQ: + sctp_handle_addr_wq(); + break; + case SCTP_TIMER_TYPE_ITERATOR: + SCTP_STAT_INCR(sctps_timoiterator); + sctp_iterator_timer(it); + break; + case SCTP_TIMER_TYPE_SEND: + SCTP_STAT_INCR(sctps_timodata); + stcb->asoc.num_send_timers_up--; + if (stcb->asoc.num_send_timers_up < 0) { + stcb->asoc.num_send_timers_up = 0; + } + if (sctp_t3rxt_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + + goto out_decr; + } +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3); + if ((stcb->asoc.num_send_timers_up == 0) && + (stcb->asoc.sent_queue_cnt > 0) + ) { + struct sctp_tmit_chunk *chk; + + /* + * safeguard. If there on some on the sent queue + * somewhere but no timers running something is + * wrong... so we start a timer on the first chunk + * on the send queue on whatever net it is sent to. + */ + chk = TAILQ_FIRST(&stcb->asoc.sent_queue); + sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, + chk->whoTo); + } + break; + case SCTP_TIMER_TYPE_INIT: + SCTP_STAT_INCR(sctps_timoinit); + if (sctp_t1init_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + /* We do output but not here */ + did_output = 0; + break; + case SCTP_TIMER_TYPE_RECV: + SCTP_STAT_INCR(sctps_timosack); + sctp_send_sack(stcb); +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR); + break; + case SCTP_TIMER_TYPE_SHUTDOWN: + if (sctp_shutdown_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + SCTP_STAT_INCR(sctps_timoshutdown); +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR); + break; + case SCTP_TIMER_TYPE_HEARTBEAT: + { + struct sctp_nets *net; + int cnt_of_unconf = 0; + + SCTP_STAT_INCR(sctps_timoheartbeat); + TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { + if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && + (net->dest_state & SCTP_ADDR_REACHABLE)) { + cnt_of_unconf++; + } + } + if (cnt_of_unconf == 0) { + if (sctp_heartbeat_timer(inp, stcb, net, cnt_of_unconf)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + } +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, + stcb, net); + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR); + } + break; + case SCTP_TIMER_TYPE_COOKIE: + if (sctp_cookie_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + SCTP_STAT_INCR(sctps_timocookie); +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + /* + * We consider T3 and Cookie timer pretty much the same with + * respect to where from in chunk_output. + */ + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3); + break; + case SCTP_TIMER_TYPE_NEWCOOKIE: + { + struct timeval tv; + int i, secret; + + SCTP_STAT_INCR(sctps_timosecret); + SCTP_GETTIME_TIMEVAL(&tv); + SCTP_INP_WLOCK(inp); + inp->sctp_ep.time_of_secret_change = tv.tv_sec; + inp->sctp_ep.last_secret_number = + inp->sctp_ep.current_secret_number; + inp->sctp_ep.current_secret_number++; + if (inp->sctp_ep.current_secret_number >= + SCTP_HOW_MANY_SECRETS) { + inp->sctp_ep.current_secret_number = 0; + } + secret = (int)inp->sctp_ep.current_secret_number; + for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { + inp->sctp_ep.secret_key[secret][i] = + sctp_select_initial_TSN(&inp->sctp_ep); + } + SCTP_INP_WUNLOCK(inp); + sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); + } + did_output = 0; + break; + case SCTP_TIMER_TYPE_PATHMTURAISE: + SCTP_STAT_INCR(sctps_timopathmtu); + sctp_pathmtu_timer(inp, stcb, net); + did_output = 0; + break; + case SCTP_TIMER_TYPE_SHUTDOWNACK: + if (sctp_shutdownack_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + SCTP_STAT_INCR(sctps_timoshutdownack); +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR); + break; + case SCTP_TIMER_TYPE_SHUTDOWNGUARD: + SCTP_STAT_INCR(sctps_timoshutdownguard); + sctp_abort_an_association(inp, stcb, + SCTP_SHUTDOWN_GUARD_EXPIRES, NULL); + /* no need to unlock on tcb its gone */ + goto out_decr; + break; + + case SCTP_TIMER_TYPE_STRRESET: + if (sctp_strreset_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + SCTP_STAT_INCR(sctps_timostrmrst); + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR); + break; + case SCTP_TIMER_TYPE_EARLYFR: + /* Need to do FR of things for net */ + SCTP_STAT_INCR(sctps_timoearlyfr); + sctp_early_fr_timer(inp, stcb, net); + break; + case SCTP_TIMER_TYPE_ASCONF: + if (sctp_asconf_timer(inp, stcb, net)) { + /* no need to unlock on tcb its gone */ + goto out_decr; + } + SCTP_STAT_INCR(sctps_timoasconf); +#ifdef SCTP_AUDITING_ENABLED + sctp_auditing(4, inp, stcb, net); +#endif + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR); + break; + + case SCTP_TIMER_TYPE_AUTOCLOSE: + SCTP_STAT_INCR(sctps_timoautoclose); + sctp_autoclose_timer(inp, stcb, net); + sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR); + did_output = 0; + break; + case SCTP_TIMER_TYPE_ASOCKILL: + SCTP_STAT_INCR(sctps_timoassockill); + /* Can we free it yet? */ + SCTP_INP_DECR_REF(inp); + sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); + sctp_free_assoc(inp, stcb, 0); + /* + * free asoc, always unlocks (or destroy's) so prevent + * duplicate unlock or unlock of a free mtx :-0 + */ + stcb = NULL; + goto out_no_decr; + break; + case SCTP_TIMER_TYPE_INPKILL: + SCTP_STAT_INCR(sctps_timoinpkill); + /* + * special case, take away our increment since WE are the + * killer + */ + SCTP_INP_DECR_REF(inp); + sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL); + sctp_inpcb_free(inp, 1, 0); + goto out_no_decr; + break; + default: +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_TIMER1) { + printf("sctp_timeout_handler:unknown timer %d\n", + tmr->type); + } +#endif /* SCTP_DEBUG */ + break; + }; +#ifdef SCTP_AUDITING_ENABLED + sctp_audit_log(0xF1, (uint8_t) tmr->type); + if (inp) + sctp_auditing(5, inp, stcb, net); +#endif + if ((did_output) && stcb) { + /* + * Now we need to clean up the control chunk chain if an + * ECNE is on it. It must be marked as UNSENT again so next + * call will continue to send it until such time that we get + * a CWR, to remove it. It is, however, less likely that we + * will find a ecn echo on the chain though. + */ + sctp_fix_ecn_echo(&stcb->asoc); + } + if (stcb) { + SCTP_TCB_UNLOCK(stcb); + } +out_decr: + if (inp) { + SCTP_INP_DECR_REF(inp); + } +out_no_decr: + +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_TIMER1) { + printf("Timer now complete (type %d)\n", tmr->type); + } +#endif /* SCTP_DEBUG */ + splx(s); + if (inp) { + } +} + +int +sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, + struct sctp_nets *net) +{ + int to_ticks; + struct sctp_timer *tmr; + + + if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && + (inp == NULL)) + return (EFAULT); + + to_ticks = 0; + + tmr = NULL; + if (stcb) { + SCTP_TCB_LOCK_ASSERT(stcb); + } + switch (t_type) { + case SCTP_TIMER_TYPE_ADDR_WQ: + /* Only 1 tick away :-) */ + tmr = &sctppcbinfo.addr_wq_timer; + to_ticks = 1; + break; + case SCTP_TIMER_TYPE_ITERATOR: + { + struct sctp_iterator *it; + + it = (struct sctp_iterator *)inp; + tmr = &it->tmr; + to_ticks = SCTP_ITERATOR_TICKS; + } + break; + case SCTP_TIMER_TYPE_SEND: + /* Here we use the RTO timer */ + { + int rto_val; + + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + if (net->RTO == 0) { + rto_val = stcb->asoc.initial_rto; + } else { + rto_val = net->RTO; + } + to_ticks = MSEC_TO_TICKS(rto_val); + } + break; + case SCTP_TIMER_TYPE_INIT: + /* + * Here we use the INIT timer default usually about 1 + * minute. + */ + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + if (net->RTO == 0) { + to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); + } else { + to_ticks = MSEC_TO_TICKS(net->RTO); + } + break; + case SCTP_TIMER_TYPE_RECV: + /* + * Here we use the Delayed-Ack timer value from the inp + * ususually about 200ms. + */ + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.dack_timer; + to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); + break; + case SCTP_TIMER_TYPE_SHUTDOWN: + /* Here we use the RTO of the destination. */ + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + if (net->RTO == 0) { + to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); + } else { + to_ticks = MSEC_TO_TICKS(net->RTO); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_HEARTBEAT: + /* + * the net is used here so that we can add in the RTO. Even + * though we use a different timer. We also add the HB timer + * PLUS a random jitter. + */ + if (stcb == NULL) { + return (EFAULT); + } { + uint32_t rndval; + uint8_t this_random; + int cnt_of_unconf = 0; + struct sctp_nets *lnet; + + TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { + if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && + (lnet->dest_state & SCTP_ADDR_REACHABLE)) { + cnt_of_unconf++; + } + } + if (cnt_of_unconf) { + lnet = NULL; + sctp_heartbeat_timer(inp, stcb, lnet, cnt_of_unconf); + } + if (stcb->asoc.hb_random_idx > 3) { + rndval = sctp_select_initial_TSN(&inp->sctp_ep); + memcpy(stcb->asoc.hb_random_values, &rndval, + sizeof(stcb->asoc.hb_random_values)); + this_random = stcb->asoc.hb_random_values[0]; + stcb->asoc.hb_random_idx = 0; + stcb->asoc.hb_ect_randombit = 0; + } else { + this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; + stcb->asoc.hb_random_idx++; + stcb->asoc.hb_ect_randombit = 0; + } + /* + * this_random will be 0 - 256 ms RTO is in ms. + */ + if ((stcb->asoc.hb_is_disabled) && + (cnt_of_unconf == 0)) { + return (0); + } + if (net) { + struct sctp_nets *lnet; + int delay; + + delay = stcb->asoc.heart_beat_delay; + TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { + if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && + ((lnet->dest_state & SCTP_ADDR_OUT_OF_SCOPE) == 0) && + (lnet->dest_state & SCTP_ADDR_REACHABLE)) { + delay = 0; + } + } + if (net->RTO == 0) { + /* Never been checked */ + to_ticks = this_random + stcb->asoc.initial_rto + delay; + } else { + /* set rto_val to the ms */ + to_ticks = delay + net->RTO + this_random; + } + } else { + if (cnt_of_unconf) { + to_ticks = this_random + stcb->asoc.initial_rto; + } else { + to_ticks = stcb->asoc.heart_beat_delay + this_random + stcb->asoc.initial_rto; + } + } + /* + * Now we must convert the to_ticks that are now in + * ms to ticks. + */ + to_ticks = MSEC_TO_TICKS(to_ticks); + tmr = &stcb->asoc.hb_timer; + } + break; + case SCTP_TIMER_TYPE_COOKIE: + /* + * Here we can use the RTO timer from the network since one + * RTT was compelete. If a retran happened then we will be + * using the RTO initial value. + */ + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + if (net->RTO == 0) { + to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); + } else { + to_ticks = MSEC_TO_TICKS(net->RTO); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_NEWCOOKIE: + /* + * nothing needed but the endpoint here ususually about 60 + * minutes. + */ + tmr = &inp->sctp_ep.signature_change; + to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; + break; + case SCTP_TIMER_TYPE_ASOCKILL: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.strreset_timer; + to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); + break; + case SCTP_TIMER_TYPE_INPKILL: + /* + * The inp is setup to die. We re-use the signature_chage + * timer since that has stopped and we are in the GONE + * state. + */ + tmr = &inp->sctp_ep.signature_change; + to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); + break; + case SCTP_TIMER_TYPE_PATHMTURAISE: + /* + * Here we use the value found in the EP for PMTU ususually + * about 10 minutes. + */ + if (stcb == NULL) { + return (EFAULT); + } + if (net == NULL) { + return (EFAULT); + } + to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; + tmr = &net->pmtu_timer; + break; + case SCTP_TIMER_TYPE_SHUTDOWNACK: + /* Here we use the RTO of the destination */ + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + if (net->RTO == 0) { + to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); + } else { + to_ticks = MSEC_TO_TICKS(net->RTO); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_SHUTDOWNGUARD: + /* + * Here we use the endpoints shutdown guard timer usually + * about 3 minutes. + */ + if (stcb == NULL) { + return (EFAULT); + } + to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; + tmr = &stcb->asoc.shut_guard_timer; + break; + case SCTP_TIMER_TYPE_STRRESET: + /* + * Here the timer comes from the inp but its value is from + * the RTO. + */ + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + if (net->RTO == 0) { + to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); + } else { + to_ticks = MSEC_TO_TICKS(net->RTO); + } + tmr = &stcb->asoc.strreset_timer; + break; + + case SCTP_TIMER_TYPE_EARLYFR: + { + unsigned int msec; + + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + if (net->flight_size > net->cwnd) { + /* no need to start */ + return (0); + } + SCTP_STAT_INCR(sctps_earlyfrstart); + if (net->lastsa == 0) { + /* Hmm no rtt estimate yet? */ + msec = stcb->asoc.initial_rto >> 2; + } else { + msec = ((net->lastsa >> 2) + net->lastsv) >> 1; + } + if (msec < sctp_early_fr_msec) { + msec = sctp_early_fr_msec; + if (msec < SCTP_MINFR_MSEC_FLOOR) { + msec = SCTP_MINFR_MSEC_FLOOR; + } + } + to_ticks = MSEC_TO_TICKS(msec); + tmr = &net->fr_timer; + } + break; + case SCTP_TIMER_TYPE_ASCONF: + /* + * Here the timer comes from the inp but its value is from + * the RTO. + */ + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + if (net->RTO == 0) { + to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); + } else { + to_ticks = MSEC_TO_TICKS(net->RTO); + } + tmr = &stcb->asoc.asconf_timer; + break; + case SCTP_TIMER_TYPE_AUTOCLOSE: + if (stcb == NULL) { + return (EFAULT); + } + if (stcb->asoc.sctp_autoclose_ticks == 0) { + /* + * Really an error since stcb is NOT set to + * autoclose + */ + return (0); + } + to_ticks = stcb->asoc.sctp_autoclose_ticks; + tmr = &stcb->asoc.autoclose_timer; + break; + default: +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_TIMER1) { + printf("sctp_timer_start:Unknown timer type %d\n", + t_type); + } +#endif /* SCTP_DEBUG */ + return (EFAULT); + break; + }; + if ((to_ticks <= 0) || (tmr == NULL)) { +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_TIMER1) { + printf("sctp_timer_start:%d:software error to_ticks:%d tmr:%p not set ??\n", + t_type, to_ticks, tmr); + } +#endif /* SCTP_DEBUG */ + return (EFAULT); + } + if (callout_pending(&tmr->timer)) { + /* + * we do NOT allow you to have it already running. if it is + * we leave the current one up unchanged + */ + return (EALREADY); + } + /* At this point we can proceed */ + if (t_type == SCTP_TIMER_TYPE_SEND) { + stcb->asoc.num_send_timers_up++; + } + tmr->type = t_type; + tmr->ep = (void *)inp; + tmr->tcb = (void *)stcb; + tmr->net = (void *)net; + tmr->self = (void *)tmr; + tmr->ticks = ticks; + callout_reset(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); + return (0); +} + +int +sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, + struct sctp_nets *net) +{ + struct sctp_timer *tmr; + + if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && + (inp == NULL)) + return (EFAULT); + + tmr = NULL; + if (stcb) { + SCTP_TCB_LOCK_ASSERT(stcb); + } + switch (t_type) { + case SCTP_TIMER_TYPE_ADDR_WQ: + tmr = &sctppcbinfo.addr_wq_timer; + break; + case SCTP_TIMER_TYPE_EARLYFR: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->fr_timer; + SCTP_STAT_INCR(sctps_earlyfrstop); + break; + case SCTP_TIMER_TYPE_ITERATOR: + { + struct sctp_iterator *it; + + it = (struct sctp_iterator *)inp; + tmr = &it->tmr; + } + break; + case SCTP_TIMER_TYPE_SEND: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_INIT: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_RECV: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.dack_timer; + break; + case SCTP_TIMER_TYPE_SHUTDOWN: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_HEARTBEAT: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.hb_timer; + break; + case SCTP_TIMER_TYPE_COOKIE: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_NEWCOOKIE: + /* nothing needed but the endpoint here */ + tmr = &inp->sctp_ep.signature_change; + /* + * We re-use the newcookie timer for the INP kill timer. We + * must assure that we do not kill it by accident. + */ + break; + case SCTP_TIMER_TYPE_ASOCKILL: + /* + * Stop the asoc kill timer. + */ + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.strreset_timer; + break; + + case SCTP_TIMER_TYPE_INPKILL: + /* + * The inp is setup to die. We re-use the signature_chage + * timer since that has stopped and we are in the GONE + * state. + */ + tmr = &inp->sctp_ep.signature_change; + break; + case SCTP_TIMER_TYPE_PATHMTURAISE: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->pmtu_timer; + break; + case SCTP_TIMER_TYPE_SHUTDOWNACK: + if ((stcb == NULL) || (net == NULL)) { + return (EFAULT); + } + tmr = &net->rxt_timer; + break; + case SCTP_TIMER_TYPE_SHUTDOWNGUARD: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.shut_guard_timer; + break; + case SCTP_TIMER_TYPE_STRRESET: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.strreset_timer; + break; + case SCTP_TIMER_TYPE_ASCONF: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.asconf_timer; + break; + case SCTP_TIMER_TYPE_AUTOCLOSE: + if (stcb == NULL) { + return (EFAULT); + } + tmr = &stcb->asoc.autoclose_timer; + break; + default: +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_TIMER1) { + printf("sctp_timer_stop:Unknown timer type %d\n", + t_type); + } +#endif /* SCTP_DEBUG */ + break; + }; + if (tmr == NULL) { + return (EFAULT); + } + if ((tmr->type != t_type) && tmr->type) { + /* + * Ok we have a timer that is under joint use. Cookie timer + * per chance with the SEND timer. We therefore are NOT + * running the timer that the caller wants stopped. So just + * return. + */ + return (0); + } + if (t_type == SCTP_TIMER_TYPE_SEND) { + stcb->asoc.num_send_timers_up--; + if (stcb->asoc.num_send_timers_up < 0) { + stcb->asoc.num_send_timers_up = 0; + } + } + tmr->self = NULL; + callout_stop(&tmr->timer); + return (0); +} + +#ifdef SCTP_USE_ADLER32 +static uint32_t +update_adler32(uint32_t adler, uint8_t * buf, int32_t len) +{ + uint32_t s1 = adler & 0xffff; + uint32_t s2 = (adler >> 16) & 0xffff; + int n; + + for (n = 0; n < len; n++, buf++) { + /* s1 = (s1 + buf[n]) % BASE */ + /* first we add */ + s1 = (s1 + *buf); + /* + * now if we need to, we do a mod by subtracting. It seems a + * bit faster since I really will only ever do one subtract + * at the MOST, since buf[n] is a max of 255. + */ + if (s1 >= SCTP_ADLER32_BASE) { + s1 -= SCTP_ADLER32_BASE; + } + /* s2 = (s2 + s1) % BASE */ + /* first we add */ + s2 = (s2 + s1); + /* + * again, it is more efficent (it seems) to subtract since + * the most s2 will ever be is (BASE-1 + BASE-1) in the + * worse case. This would then be (2 * BASE) - 2, which will + * still only do one subtract. On Intel this is much better + * to do this way and avoid the divide. Have not -pg'd on + * sparc. + */ + if (s2 >= SCTP_ADLER32_BASE) { + s2 -= SCTP_ADLER32_BASE; + } + } + /* Return the adler32 of the bytes buf[0..len-1] */ + return ((s2 << 16) + s1); +} + +#endif + + +uint32_t +sctp_calculate_len(struct mbuf *m) +{ + uint32_t tlen = 0; + struct mbuf *at; + + at = m; + while (at) { + tlen += at->m_len; + at = at->m_next; + } + return (tlen); +} + +#if defined(SCTP_WITH_NO_CSUM) + +uint32_t +sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) +{ + /* + * given a mbuf chain with a packetheader offset by 'offset' + * pointing at a sctphdr (with csum set to 0) go through the chain + * of m_next's and calculate the SCTP checksum. This is currently + * Adler32 but will change to CRC32x soon. Also has a side bonus + * calculate the total length of the mbuf chain. Note: if offset is + * greater than the total mbuf length, checksum=1, pktlen=0 is + * returned (ie. no real error code) + */ + if (pktlen == NULL) + return (0); + *pktlen = sctp_calculate_len(m); + return (0); +} + +#elif defined(SCTP_USE_INCHKSUM) + +#include <machine/in_cksum.h> + +uint32_t +sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) +{ + /* + * given a mbuf chain with a packetheader offset by 'offset' + * pointing at a sctphdr (with csum set to 0) go through the chain + * of m_next's and calculate the SCTP checksum. This is currently + * Adler32 but will change to CRC32x soon. Also has a side bonus + * calculate the total length of the mbuf chain. Note: if offset is + * greater than the total mbuf length, checksum=1, pktlen=0 is + * returned (ie. no real error code) + */ + int32_t tlen = 0; + struct mbuf *at; + uint32_t the_sum, retsum; + + at = m; + while (at) { + tlen += at->m_len; + at = at->m_next; + } + the_sum = (uint32_t) (in_cksum_skip(m, tlen, offset)); + if (pktlen != NULL) + *pktlen = (tlen - offset); + retsum = htons(the_sum); + return (the_sum); +} + +#else + +uint32_t +sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) +{ + /* + * given a mbuf chain with a packetheader offset by 'offset' + * pointing at a sctphdr (with csum set to 0) go through the chain + * of m_next's and calculate the SCTP checksum. This is currently + * Adler32 but will change to CRC32x soon. Also has a side bonus + * calculate the total length of the mbuf chain. Note: if offset is + * greater than the total mbuf length, checksum=1, pktlen=0 is + * returned (ie. no real error code) + */ + int32_t tlen = 0; + +#ifdef SCTP_USE_ADLER32 + uint32_t base = 1L; + +#else + uint32_t base = 0xffffffff; + +#endif /* SCTP_USE_ADLER32 */ + struct mbuf *at; + + at = m; + /* find the correct mbuf and offset into mbuf */ + while ((at != NULL) && (offset > (uint32_t) at->m_len)) { + offset -= at->m_len; /* update remaining offset left */ + at = at->m_next; + } + while (at != NULL) { + if ((at->m_len - offset) > 0) { +#ifdef SCTP_USE_ADLER32 + base = update_adler32(base, + (unsigned char *)(at->m_data + offset), + (unsigned int)(at->m_len - offset)); +#else + if ((at->m_len - offset) < 4) { + /* Use old method if less than 4 bytes */ + base = old_update_crc32(base, + (unsigned char *)(at->m_data + offset), + (unsigned int)(at->m_len - offset)); + } else { + base = update_crc32(base, + (unsigned char *)(at->m_data + offset), + (unsigned int)(at->m_len - offset)); + } +#endif /* SCTP_USE_ADLER32 */ + tlen += at->m_len - offset; + /* we only offset once into the first mbuf */ + } + if (offset) { + if (offset < at->m_len) + offset = 0; + else + offset -= at->m_len; + } + at = at->m_next; + } + if (pktlen != NULL) { + *pktlen = tlen; + } +#ifdef SCTP_USE_ADLER32 + /* Adler32 */ + base = htonl(base); +#else + /* CRC-32c */ + base = sctp_csum_finalize(base); +#endif + return (base); +} + + +#endif + +void +sctp_mtu_size_reset(struct sctp_inpcb *inp, + struct sctp_association *asoc, u_long mtu) +{ + /* + * Reset the P-MTU size on this association, this involves changing + * the asoc MTU, going through ANY chunk+overhead larger than mtu to + * allow the DF flag to be cleared. + */ + struct sctp_tmit_chunk *chk; + unsigned int eff_mtu, ovh; + + asoc->smallest_mtu = mtu; + if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { + ovh = SCTP_MIN_OVERHEAD; + } else { + ovh = SCTP_MIN_V4_OVERHEAD; + } + eff_mtu = mtu - ovh; + TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { + + if (chk->send_size > eff_mtu) { + chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; + } + } + TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { + if (chk->send_size > eff_mtu) { + chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; + } + } +} + + +/* + * given an association and starting time of the current RTT period return + * RTO in number of usecs net should point to the current network + */ +uint32_t +sctp_calculate_rto(struct sctp_tcb *stcb, + struct sctp_association *asoc, + struct sctp_nets *net, + struct timeval *old) +{ + /* + * given an association and the starting time of the current RTT + * period (in value1/value2) return RTO in number of usecs. + */ + int calc_time = 0; + int o_calctime; + unsigned int new_rto = 0; + int first_measure = 0; + struct timeval now; + + /************************/ + /* 1. calculate new RTT */ + /************************/ + /* get the current time */ + SCTP_GETTIME_TIMEVAL(&now); + /* compute the RTT value */ + if ((u_long)now.tv_sec > (u_long)old->tv_sec) { + calc_time = ((u_long)now.tv_sec - (u_long)old->tv_sec) * 1000; + if ((u_long)now.tv_usec > (u_long)old->tv_usec) { + calc_time += (((u_long)now.tv_usec - + (u_long)old->tv_usec) / 1000); + } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { + /* Borrow 1,000ms from current calculation */ + calc_time -= 1000; + /* Add in the slop over */ + calc_time += ((int)now.tv_usec / 1000); + /* Add in the pre-second ms's */ + calc_time += (((int)1000000 - (int)old->tv_usec) / 1000); + } + } else if ((u_long)now.tv_sec == (u_long)old->tv_sec) { + if ((u_long)now.tv_usec > (u_long)old->tv_usec) { + calc_time = ((u_long)now.tv_usec - + (u_long)old->tv_usec) / 1000; + } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { + /* impossible .. garbage in nothing out */ + return (((net->lastsa >> 2) + net->lastsv) >> 1); + } else { + /* impossible .. garbage in nothing out */ + return (((net->lastsa >> 2) + net->lastsv) >> 1); + } + } else { + /* Clock wrapped? */ + return (((net->lastsa >> 2) + net->lastsv) >> 1); + } + /***************************/ + /* 2. update RTTVAR & SRTT */ + /***************************/ +#if 0 + /* if (net->lastsv || net->lastsa) { */ + /* per Section 5.3.1 C3 in SCTP */ + /* net->lastsv = (int) *//* RTTVAR */ + /* + * (((double)(1.0 - 0.25) * (double)net->lastsv) + (double)(0.25 * + * (double)abs(net->lastsa - calc_time))); net->lastsa = (int) +*//* SRTT */ + /* + * (((double)(1.0 - 0.125) * (double)net->lastsa) + (double)(0.125 * + * (double)calc_time)); } else { +*//* the first RTT calculation, per C2 Section 5.3.1 */ + /* net->lastsa = calc_time; *//* SRTT */ + /* net->lastsv = calc_time / 2; *//* RTTVAR */ + /* } */ + /* if RTTVAR goes to 0 you set to clock grainularity */ + /* + * if (net->lastsv == 0) { net->lastsv = SCTP_CLOCK_GRANULARITY; } + * new_rto = net->lastsa + 4 * net->lastsv; + */ +#endif + o_calctime = calc_time; + /* this is Van Jacobson's integer version */ + if (net->RTO) { + calc_time -= (net->lastsa >> 3); + if ((int)net->prev_rtt > o_calctime) { + net->rtt_variance = net->prev_rtt - o_calctime; + /* decreasing */ + net->rto_variance_dir = 0; + } else { + /* increasing */ + net->rtt_variance = o_calctime - net->prev_rtt; + net->rto_variance_dir = 1; + } +#ifdef SCTP_RTTVAR_LOGGING + rto_logging(net, SCTP_LOG_RTTVAR); +#endif + net->prev_rtt = o_calctime; + net->lastsa += calc_time; + if (calc_time < 0) { + calc_time = -calc_time; + } + calc_time -= (net->lastsv >> 2); + net->lastsv += calc_time; + if (net->lastsv == 0) { + net->lastsv = SCTP_CLOCK_GRANULARITY; + } + } else { + /* First RTO measurment */ + net->lastsa = calc_time; + net->lastsv = calc_time >> 1; + first_measure = 1; + net->rto_variance_dir = 1; + net->prev_rtt = o_calctime; + net->rtt_variance = 0; +#ifdef SCTP_RTTVAR_LOGGING + rto_logging(net, SCTP_LOG_INITIAL_RTT); +#endif + } + new_rto = ((net->lastsa >> 2) + net->lastsv) >> 1; + if ((new_rto > SCTP_SAT_NETWORK_MIN) && + (stcb->asoc.sat_network_lockout == 0)) { + stcb->asoc.sat_network = 1; + } else if ((!first_measure) && stcb->asoc.sat_network) { + stcb->asoc.sat_network = 0; + stcb->asoc.sat_network_lockout = 1; + } + /* bound it, per C6/C7 in Section 5.3.1 */ + if (new_rto < stcb->asoc.minrto) { + new_rto = stcb->asoc.minrto; + } + if (new_rto > stcb->asoc.maxrto) { + new_rto = stcb->asoc.maxrto; + } + /* we are now returning the RTT Smoothed */ + return ((uint32_t) new_rto); +} + + +/* + * return a pointer to a contiguous piece of data from the given mbuf chain + * starting at 'off' for 'len' bytes. If the desired piece spans more than + * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size + * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. + */ +__inline caddr_t +sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t * in_ptr) +{ + uint32_t count; + uint8_t *ptr; + + ptr = in_ptr; + if ((off < 0) || (len <= 0)) + return (NULL); + + /* find the desired start location */ + while ((m != NULL) && (off > 0)) { + if (off < m->m_len) + break; + off -= m->m_len; + m = m->m_next; + } + if (m == NULL) + return (NULL); + + /* is the current mbuf large enough (eg. contiguous)? */ + if ((m->m_len - off) >= len) { + return (mtod(m, caddr_t)+off); + } else { + /* else, it spans more than one mbuf, so save a temp copy... */ + while ((m != NULL) && (len > 0)) { + count = min(m->m_len - off, len); + bcopy(mtod(m, caddr_t)+off, ptr, count); + len -= count; + ptr += count; + off = 0; + m = m->m_next; + } + if ((m == NULL) && (len > 0)) + return (NULL); + else + return ((caddr_t)in_ptr); + } +} + + +struct sctp_paramhdr * +sctp_get_next_param(struct mbuf *m, + int offset, + struct sctp_paramhdr *pull, + int pull_limit) +{ + /* This just provides a typed signature to Peter's Pull routine */ + return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, + (uint8_t *) pull)); +} + + +int +sctp_add_pad_tombuf(struct mbuf *m, int padlen) +{ + /* + * add padlen bytes of 0 filled padding to the end of the mbuf. If + * padlen is > 3 this routine will fail. + */ + uint8_t *dp; + int i; + + if (padlen > 3) { + return (ENOBUFS); + } + if (M_TRAILINGSPACE(m)) { + /* + * The easy way. We hope the majority of the time we hit + * here :) + */ + dp = (uint8_t *) (mtod(m, caddr_t)+m->m_len); + m->m_len += padlen; + } else { + /* Hard way we must grow the mbuf */ + struct mbuf *tmp; + + tmp = sctp_get_mbuf_for_msg(padlen, 0, M_DONTWAIT, 1, MT_DATA); + if (tmp == NULL) { + /* Out of space GAK! we are in big trouble. */ + return (ENOSPC); + } + /* setup and insert in middle */ + tmp->m_next = m->m_next; + tmp->m_len = padlen; + m->m_next = tmp; + dp = mtod(tmp, uint8_t *); + } + /* zero out the pad */ + for (i = 0; i < padlen; i++) { + *dp = 0; + dp++; + } + return (0); +} + +int +sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) +{ + /* find the last mbuf in chain and pad it */ + struct mbuf *m_at; + + m_at = m; + if (last_mbuf) { + return (sctp_add_pad_tombuf(last_mbuf, padval)); + } else { + while (m_at) { + if (m_at->m_next == NULL) { + return (sctp_add_pad_tombuf(m_at, padval)); + } + m_at = m_at->m_next; + } + } + return (EFAULT); +} + +int sctp_asoc_change_wake = 0; + +static void +sctp_notify_assoc_change(uint32_t event, struct sctp_tcb *stcb, + uint32_t error, void *data) +{ + struct mbuf *m_notify; + struct sctp_assoc_change *sac; + struct sctp_queued_to_read *control; + int locked = 0; + + /* + * First if we are are going down dump everything we can to the + * socket rcv queue. + */ + + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || + (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) + ) { + /* If the socket is gone we are out of here */ + return; + } + if ((event == SCTP_COMM_LOST) || (event == SCTP_SHUTDOWN_COMP)) { + if (stcb->asoc.control_pdapi) { + /* + * we were in the middle of a PD-API verify its + * there. + */ + SCTP_INP_READ_LOCK(stcb->sctp_ep); + locked = 1; + TAILQ_FOREACH(control, &stcb->sctp_ep->read_queue, next) { + if (control == stcb->asoc.control_pdapi) { + /* Yep its here, notify them */ + if (event == SCTP_COMM_LOST) { + /* + * Abort/broken we had a + * real PD-API aborted + */ + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_PDAPIEVNT)) { + /* + * hmm.. don't want + * a notify if + * held_lenght is + * set,they may be + * stuck. clear and + * wake. + */ + if (control->held_length) { + control->held_length = 0; + control->end_added = 1; + } + } else { + sctp_notify_partial_delivery_indication(stcb, event, 1); + + } + } else { + /* implicit EOR on EOF */ + control->held_length = 0; + control->end_added = 1; + } + SCTP_INP_READ_UNLOCK(stcb->sctp_ep); + locked = 0; + /* wake him up */ + control->do_not_ref_stcb = 1; + stcb->asoc.control_pdapi = NULL; + sorwakeup(stcb->sctp_socket); + break; + } + } + if (locked) + SCTP_INP_READ_UNLOCK(stcb->sctp_ep); + + } + } + /* + * For TCP model AND UDP connected sockets we will send an error up + * when an ABORT comes in. + */ + if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && + (event == SCTP_COMM_LOST)) { + if (TAILQ_EMPTY(&stcb->sctp_ep->read_queue)) { + stcb->sctp_socket->so_error = ECONNRESET; + } + /* Wake ANY sleepers */ + sorwakeup(stcb->sctp_socket); + sowwakeup(stcb->sctp_socket); + sctp_asoc_change_wake++; + } + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { + /* event not enabled */ + return; + } + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_change), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + + sac = mtod(m_notify, struct sctp_assoc_change *); + sac->sac_type = SCTP_ASSOC_CHANGE; + sac->sac_flags = 0; + sac->sac_length = sizeof(struct sctp_assoc_change); + sac->sac_state = event; + sac->sac_error = error; + /* XXX verify these stream counts */ + sac->sac_outbound_streams = stcb->asoc.streamoutcnt; + sac->sac_inbound_streams = stcb->asoc.streamincnt; + sac->sac_assoc_id = sctp_get_associd(stcb); + m_notify->m_flags |= M_EOR | M_NOTIFICATION; + m_notify->m_pkthdr.len = sizeof(struct sctp_assoc_change); + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_assoc_change); + m_notify->m_next = NULL; + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + control->length = m_notify->m_len; + /* not that we need this */ + control->tail_mbuf = m_notify; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); + if (event == SCTP_COMM_LOST) { + /* Wake up any sleeper */ + sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); + } +} + +static void +sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, + struct sockaddr *sa, uint32_t error) +{ + struct mbuf *m_notify; + struct sctp_paddr_change *spc; + struct sctp_queued_to_read *control; + + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVPADDREVNT)) + /* event not enabled */ + return; + + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + return; + m_notify->m_len = 0; + spc = mtod(m_notify, struct sctp_paddr_change *); + spc->spc_type = SCTP_PEER_ADDR_CHANGE; + spc->spc_flags = 0; + spc->spc_length = sizeof(struct sctp_paddr_change); + if (sa->sa_family == AF_INET) { + memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); + } else { + memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); + } + spc->spc_state = state; + spc->spc_error = error; + spc->spc_assoc_id = sctp_get_associd(stcb); + + m_notify->m_flags |= M_EOR | M_NOTIFICATION; + m_notify->m_pkthdr.len = sizeof(struct sctp_paddr_change); + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_paddr_change); + m_notify->m_next = NULL; + + /* append to socket */ + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + control->length = m_notify->m_len; + /* not that we need this */ + control->tail_mbuf = m_notify; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); +} + + +static void +sctp_notify_send_failed(struct sctp_tcb *stcb, uint32_t error, + struct sctp_tmit_chunk *chk) +{ + struct mbuf *m_notify; + struct sctp_send_failed *ssf; + struct sctp_queued_to_read *control; + int length; + + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) + /* event not enabled */ + return; + + length = sizeof(struct sctp_send_failed) + chk->send_size; + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_send_failed), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + ssf = mtod(m_notify, struct sctp_send_failed *); + ssf->ssf_type = SCTP_SEND_FAILED; + if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) + ssf->ssf_flags = SCTP_DATA_UNSENT; + else + ssf->ssf_flags = SCTP_DATA_SENT; + ssf->ssf_length = length; + ssf->ssf_error = error; + /* not exactly what the user sent in, but should be close :) */ + ssf->ssf_info.sinfo_stream = chk->rec.data.stream_number; + ssf->ssf_info.sinfo_ssn = chk->rec.data.stream_seq; + ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; + ssf->ssf_info.sinfo_ppid = chk->rec.data.payloadtype; + ssf->ssf_info.sinfo_context = chk->rec.data.context; + ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); + ssf->ssf_assoc_id = sctp_get_associd(stcb); + m_notify->m_next = chk->data; + m_notify->m_flags |= M_NOTIFICATION; + m_notify->m_pkthdr.len = length; + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_send_failed); + + /* Steal off the mbuf */ + chk->data = NULL; + /* + * For this case, we check the actual socket buffer, since the assoc + * is going away we don't want to overfill the socket buffer for a + * non-reader + */ + if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < m_notify->m_len) { + sctp_m_freem(m_notify); + return; + } + /* append to socket */ + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); +} + + +static void +sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, + struct sctp_stream_queue_pending *sp) +{ + struct mbuf *m_notify; + struct sctp_send_failed *ssf; + struct sctp_queued_to_read *control; + int length; + + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) + /* event not enabled */ + return; + + length = sizeof(struct sctp_send_failed) + sp->length; + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + ssf = mtod(m_notify, struct sctp_send_failed *); + ssf->ssf_type = SCTP_SEND_FAILED; + if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) + ssf->ssf_flags = SCTP_DATA_UNSENT; + else + ssf->ssf_flags = SCTP_DATA_SENT; + ssf->ssf_length = length; + ssf->ssf_error = error; + /* not exactly what the user sent in, but should be close :) */ + ssf->ssf_info.sinfo_stream = sp->stream; + ssf->ssf_info.sinfo_ssn = sp->strseq; + ssf->ssf_info.sinfo_flags = sp->sinfo_flags; + ssf->ssf_info.sinfo_ppid = sp->ppid; + ssf->ssf_info.sinfo_context = sp->context; + ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); + ssf->ssf_assoc_id = sctp_get_associd(stcb); + m_notify->m_next = sp->data; + m_notify->m_flags |= M_NOTIFICATION; + m_notify->m_pkthdr.len = length; + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_send_failed); + + /* Steal off the mbuf */ + sp->data = NULL; + /* + * For this case, we check the actual socket buffer, since the assoc + * is going away we don't want to overfill the socket buffer for a + * non-reader + */ + if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < m_notify->m_len) { + sctp_m_freem(m_notify); + return; + } + /* append to socket */ + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); +} + + + +static void +sctp_notify_adaptation_layer(struct sctp_tcb *stcb, + uint32_t error) +{ + struct mbuf *m_notify; + struct sctp_adaptation_event *sai; + struct sctp_queued_to_read *control; + + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) + /* event not enabled */ + return; + + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + sai = mtod(m_notify, struct sctp_adaptation_event *); + sai->sai_type = SCTP_ADAPTATION_INDICATION; + sai->sai_flags = 0; + sai->sai_length = sizeof(struct sctp_adaptation_event); + sai->sai_adaptation_ind = error; + sai->sai_assoc_id = sctp_get_associd(stcb); + + m_notify->m_flags |= M_EOR | M_NOTIFICATION; + m_notify->m_pkthdr.len = sizeof(struct sctp_adaptation_event); + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_adaptation_event); + m_notify->m_next = NULL; + + /* append to socket */ + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + control->length = m_notify->m_len; + /* not that we need this */ + control->tail_mbuf = m_notify; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); +} + +void +sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, + uint32_t error, int no_lock) +{ + struct mbuf *m_notify; + struct sctp_pdapi_event *pdapi; + struct sctp_queued_to_read *control; + + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_PDAPIEVNT)) + /* event not enabled */ + return; + + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + pdapi = mtod(m_notify, struct sctp_pdapi_event *); + pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; + pdapi->pdapi_flags = 0; + pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); + pdapi->pdapi_indication = error; + pdapi->pdapi_assoc_id = sctp_get_associd(stcb); + + m_notify->m_flags |= M_EOR | M_NOTIFICATION; + m_notify->m_pkthdr.len = sizeof(struct sctp_pdapi_event); + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_pdapi_event); + m_notify->m_next = NULL; + + if (stcb->asoc.control_pdapi != NULL) { + /* we will do some substitution */ + control = stcb->asoc.control_pdapi; + if (no_lock == 0) + SCTP_INP_READ_LOCK(stcb->sctp_ep); + + if (control->data == NULL) { + control->data = control->tail_mbuf = m_notify; + control->held_length = 0; + control->length = m_notify->m_len; + control->end_added = 1; + sctp_sballoc(stcb, + &stcb->sctp_socket->so_rcv, + m_notify); + } else if (control->end_added == 0) { + struct mbuf *m = NULL; + + m = control->data; + while (m) { + sctp_sbfree(control, stcb, + &stcb->sctp_socket->so_rcv, m); + m = sctp_m_free(m); + } + control->data = NULL; + control->length = m_notify->m_len; + control->data = control->tail_mbuf = m_notify; + control->held_length = 0; + control->end_added = 1; + sctp_sballoc(stcb, &stcb->sctp_socket->so_rcv, m); + } else { + /* Hmm .. should not happen */ + control->end_added = 1; + stcb->asoc.control_pdapi = NULL; + goto add_to_end; + } + if (no_lock == 0) + SCTP_INP_READ_UNLOCK(stcb->sctp_ep); + } else { + /* append to socket */ +add_to_end: + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + control->length = m_notify->m_len; + /* not that we need this */ + control->tail_mbuf = m_notify; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); + } +} + +static void +sctp_notify_shutdown_event(struct sctp_tcb *stcb) +{ + struct mbuf *m_notify; + struct sctp_shutdown_event *sse; + struct sctp_queued_to_read *control; + + /* + * For TCP model AND UDP connected sockets we will send an error up + * when an SHUTDOWN completes + */ + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { + /* mark socket closed for read/write and wakeup! */ + socantsendmore(stcb->sctp_socket); + } + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) + /* event not enabled */ + return; + + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + sse = mtod(m_notify, struct sctp_shutdown_event *); + sse->sse_type = SCTP_SHUTDOWN_EVENT; + sse->sse_flags = 0; + sse->sse_length = sizeof(struct sctp_shutdown_event); + sse->sse_assoc_id = sctp_get_associd(stcb); + + m_notify->m_flags |= M_EOR | M_NOTIFICATION; + m_notify->m_pkthdr.len = sizeof(struct sctp_shutdown_event); + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = sizeof(struct sctp_shutdown_event); + m_notify->m_next = NULL; + + /* append to socket */ + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + control->length = m_notify->m_len; + /* not that we need this */ + control->tail_mbuf = m_notify; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); +} + +static void +sctp_notify_stream_reset(struct sctp_tcb *stcb, + int number_entries, uint16_t * list, int flag) +{ + struct mbuf *m_notify; + struct sctp_queued_to_read *control; + struct sctp_stream_reset_event *strreset; + int len; + + if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_STREAM_RESETEVNT)) + /* event not enabled */ + return; + + m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA); + if (m_notify == NULL) + /* no space left */ + return; + m_notify->m_len = 0; + len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); + if (len > M_TRAILINGSPACE(m_notify)) { + /* never enough room */ + sctp_m_freem(m_notify); + return; + } + strreset = mtod(m_notify, struct sctp_stream_reset_event *); + strreset->strreset_type = SCTP_STREAM_RESET_EVENT; + if (number_entries == 0) { + strreset->strreset_flags = flag | SCTP_STRRESET_ALL_STREAMS; + } else { + strreset->strreset_flags = flag | SCTP_STRRESET_STREAM_LIST; + } + strreset->strreset_length = len; + strreset->strreset_assoc_id = sctp_get_associd(stcb); + if (number_entries) { + int i; + + for (i = 0; i < number_entries; i++) { + strreset->strreset_list[i] = ntohs(list[i]); + } + } + m_notify->m_flags |= M_EOR | M_NOTIFICATION; + m_notify->m_pkthdr.len = len; + m_notify->m_pkthdr.rcvif = 0; + m_notify->m_len = len; + m_notify->m_next = NULL; + if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < m_notify->m_len) { + /* no space */ + sctp_m_freem(m_notify); + return; + } + /* append to socket */ + control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, + 0, 0, 0, 0, 0, 0, + m_notify); + if (control == NULL) { + /* no memory */ + sctp_m_freem(m_notify); + return; + } + control->length = m_notify->m_len; + /* not that we need this */ + control->tail_mbuf = m_notify; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1); +} + + +void +sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, + uint32_t error, void *data) +{ + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || + (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) + ) { + /* No notifications up when we are in a no socket state */ + return; + } + if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { + /* Can't send up to a closed socket any notifications */ + return; + } + if (stcb && (stcb->asoc.assoc_up_sent == 0) && (notification != SCTP_NOTIFY_ASSOC_UP)) { + if ((notification != SCTP_NOTIFY_ASSOC_DOWN) && + (notification != SCTP_NOTIFY_ASSOC_ABORTED) && + (notification != SCTP_NOTIFY_SPECIAL_SP_FAIL) && + (notification != SCTP_NOTIFY_DG_FAIL) && + (notification != SCTP_NOTIFY_PEER_SHUTDOWN)) { + sctp_notify_assoc_change(SCTP_COMM_UP, stcb, 0, NULL); + stcb->asoc.assoc_up_sent = 1; + } + } + switch (notification) { + case SCTP_NOTIFY_ASSOC_UP: + if (stcb->asoc.assoc_up_sent == 0) { + sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL); + stcb->asoc.assoc_up_sent = 1; + } + break; + case SCTP_NOTIFY_ASSOC_DOWN: + sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL); + break; + case SCTP_NOTIFY_INTERFACE_DOWN: + { + struct sctp_nets *net; + + net = (struct sctp_nets *)data; + sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, + (struct sockaddr *)&net->ro._l_addr, error); + break; + } + case SCTP_NOTIFY_INTERFACE_UP: + { + struct sctp_nets *net; + + net = (struct sctp_nets *)data; + sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, + (struct sockaddr *)&net->ro._l_addr, error); + break; + } + case SCTP_NOTIFY_INTERFACE_CONFIRMED: + { + struct sctp_nets *net; + + net = (struct sctp_nets *)data; + sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, + (struct sockaddr *)&net->ro._l_addr, error); + break; + } + case SCTP_NOTIFY_SPECIAL_SP_FAIL: + sctp_notify_send_failed2(stcb, error, + (struct sctp_stream_queue_pending *)data); + break; + case SCTP_NOTIFY_DG_FAIL: + sctp_notify_send_failed(stcb, error, + (struct sctp_tmit_chunk *)data); + break; + case SCTP_NOTIFY_ADAPTATION_INDICATION: + /* Here the error is the adaptation indication */ + sctp_notify_adaptation_layer(stcb, error); + break; + case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: + sctp_notify_partial_delivery_indication(stcb, error, 0); + break; + case SCTP_NOTIFY_STRDATA_ERR: + break; + case SCTP_NOTIFY_ASSOC_ABORTED: + sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, NULL); + break; + case SCTP_NOTIFY_PEER_OPENED_STREAM: + break; + case SCTP_NOTIFY_STREAM_OPENED_OK: + break; + case SCTP_NOTIFY_ASSOC_RESTART: + sctp_notify_assoc_change(SCTP_RESTART, stcb, error, data); + break; + case SCTP_NOTIFY_HB_RESP: + break; + case SCTP_NOTIFY_STR_RESET_SEND: + sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_OUTBOUND_STR); + break; + case SCTP_NOTIFY_STR_RESET_RECV: + sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_INBOUND_STR); + break; + case SCTP_NOTIFY_STR_RESET_FAILED_OUT: + sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_OUTBOUND_STR | SCTP_STRRESET_INBOUND_STR)); + break; + + case SCTP_NOTIFY_STR_RESET_FAILED_IN: + sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_INBOUND_STR | SCTP_STRRESET_INBOUND_STR)); + break; + + case SCTP_NOTIFY_ASCONF_ADD_IP: + sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, + error); + break; + case SCTP_NOTIFY_ASCONF_DELETE_IP: + sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, + error); + break; + case SCTP_NOTIFY_ASCONF_SET_PRIMARY: + sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, + error); + break; + case SCTP_NOTIFY_ASCONF_SUCCESS: + break; + case SCTP_NOTIFY_ASCONF_FAILED: + break; + case SCTP_NOTIFY_PEER_SHUTDOWN: + sctp_notify_shutdown_event(stcb); + break; + case SCTP_NOTIFY_AUTH_NEW_KEY: + sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, error, + (uint32_t) data); + break; +#if 0 + case SCTP_NOTIFY_AUTH_KEY_CONFLICT: + sctp_notify_authentication(stcb, SCTP_AUTH_KEY_CONFLICT, + error, (uint32_t) data); + break; +#endif /* not yet? remove? */ + + + default: +#ifdef SCTP_DEBUG + if (sctp_debug_on & SCTP_DEBUG_UTIL1) { + printf("NOTIFY: unknown notification %xh (%u)\n", + notification, notification); + } +#endif /* SCTP_DEBUG */ + break; + } /* end switch */ +} + +void +sctp_report_all_outbound(struct sctp_tcb *stcb) +{ + struct sctp_association *asoc; + struct sctp_stream_out *outs; + struct sctp_tmit_chunk *chk; + struct sctp_stream_queue_pending *sp; + + asoc = &stcb->asoc; + + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || + (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { + return; + } + /* now through all the gunk freeing chunks */ + + TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) { + /* now clean up any chunks here */ + stcb->asoc.locked_on_sending = NULL; + sp = TAILQ_FIRST(&outs->outqueue); + while (sp) { + stcb->asoc.stream_queue_cnt--; + TAILQ_REMOVE(&outs->outqueue, sp, next); + sctp_free_spbufspace(stcb, asoc, sp); + sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, + SCTP_NOTIFY_DATAGRAM_UNSENT, (void *)sp); + if (sp->data) { + sctp_m_freem(sp->data); + sp->data = NULL; + } + if (sp->net) + sctp_free_remote_addr(sp->net); + sp->net = NULL; + /* Free the chunk */ + sctp_free_a_strmoq(stcb, sp); + sp = TAILQ_FIRST(&outs->outqueue); + } + } + + /* pending send queue SHOULD be empty */ + if (!TAILQ_EMPTY(&asoc->send_queue)) { + chk = TAILQ_FIRST(&asoc->send_queue); + while (chk) { + TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); + if (chk->data) { + /* + * trim off the sctp chunk header(it should + * be there) + */ + if (chk->send_size >= sizeof(struct sctp_data_chunk)) { + m_adj(chk->data, sizeof(struct sctp_data_chunk)); + sctp_mbuf_crush(chk->data); + } + } + sctp_free_bufspace(stcb, asoc, chk, 1); + sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, SCTP_NOTIFY_DATAGRAM_UNSENT, chk); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; + } + if (chk->whoTo) + sctp_free_remote_addr(chk->whoTo); + chk->whoTo = NULL; + sctp_free_a_chunk(stcb, chk); + chk = TAILQ_FIRST(&asoc->send_queue); + } + } + /* sent queue SHOULD be empty */ + if (!TAILQ_EMPTY(&asoc->sent_queue)) { + chk = TAILQ_FIRST(&asoc->sent_queue); + while (chk) { + TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); + if (chk->data) { + /* + * trim off the sctp chunk header(it should + * be there) + */ + if (chk->send_size >= sizeof(struct sctp_data_chunk)) { + m_adj(chk->data, sizeof(struct sctp_data_chunk)); + sctp_mbuf_crush(chk->data); + } + } + sctp_free_bufspace(stcb, asoc, chk, 1); + sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, + SCTP_NOTIFY_DATAGRAM_SENT, chk); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; + } + if (chk->whoTo) + sctp_free_remote_addr(chk->whoTo); + chk->whoTo = NULL; + sctp_free_a_chunk(stcb, chk); + chk = TAILQ_FIRST(&asoc->sent_queue); + } + } +} + +void +sctp_abort_notification(struct sctp_tcb *stcb, int error) +{ + + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || + (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { + return; + } + /* Tell them we lost the asoc */ + sctp_report_all_outbound(stcb); + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || + ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { + stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; + } + sctp_ulp_notify(SCTP_NOTIFY_ASSOC_ABORTED, stcb, error, NULL); +} + +void +sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, + struct mbuf *m, int iphlen, struct sctphdr *sh, struct mbuf *op_err) +{ + uint32_t vtag; + + vtag = 0; + if (stcb != NULL) { + /* We have a TCB to abort, send notification too */ + vtag = stcb->asoc.peer_vtag; + sctp_abort_notification(stcb, 0); + } + sctp_send_abort(m, iphlen, sh, vtag, op_err); + if (stcb != NULL) { + /* Ok, now lets free it */ + sctp_free_assoc(inp, stcb, 0); + } else { + if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { + if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { + sctp_inpcb_free(inp, 1, 0); + } + } + } +} + +void +sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, + int error, struct mbuf *op_err) +{ + uint32_t vtag; + + if (stcb == NULL) { + /* Got to have a TCB */ + if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { + if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { + sctp_inpcb_free(inp, 1, 0); + } + } + return; + } + vtag = stcb->asoc.peer_vtag; + /* notify the ulp */ + if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) + sctp_abort_notification(stcb, error); + /* notify the peer */ + sctp_send_abort_tcb(stcb, op_err); + SCTP_STAT_INCR_COUNTER32(sctps_aborted); + if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || + (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { + SCTP_STAT_DECR_GAUGE32(sctps_currestab); + } + /* now free the asoc */ + sctp_free_assoc(inp, stcb, 0); +} + +void +sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, + struct sctp_inpcb *inp, struct mbuf *op_err) +{ + struct sctp_chunkhdr *ch, chunk_buf; + unsigned int chk_length; + + SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); + /* Generate a TO address for future reference */ + if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { + if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { + sctp_inpcb_free(inp, 1, 0); + } + } + ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, + sizeof(*ch), (uint8_t *) & chunk_buf); + while (ch != NULL) { + chk_length = ntohs(ch->chunk_length); + if (chk_length < sizeof(*ch)) { + /* break to abort land */ + break; + } + switch (ch->chunk_type) { + case SCTP_PACKET_DROPPED: + /* we don't respond to pkt-dropped */ + return; + case SCTP_ABORT_ASSOCIATION: + /* we don't respond with an ABORT to an ABORT */ + return; + case SCTP_SHUTDOWN_COMPLETE: + /* + * we ignore it since we are not waiting for it and + * peer is gone + */ + return; + case SCTP_SHUTDOWN_ACK: + sctp_send_shutdown_complete2(m, iphlen, sh); + return; + default: + break; + } + offset += SCTP_SIZE32(chk_length); + ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, + sizeof(*ch), (uint8_t *) & chunk_buf); + } + sctp_send_abort(m, iphlen, sh, 0, op_err); +} + +/* + * check the inbound datagram to make sure there is not an abort inside it, + * if there is return 1, else return 0. + */ +int +sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t * vtagfill) +{ + struct sctp_chunkhdr *ch; + struct sctp_init_chunk *init_chk, chunk_buf; + int offset; + unsigned int chk_length; + + offset = iphlen + sizeof(struct sctphdr); + ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), + (uint8_t *) & chunk_buf); + while (ch != NULL) { + chk_length = ntohs(ch->chunk_length); + if (chk_length < sizeof(*ch)) { + /* packet is probably corrupt */ + break; + } + /* we seem to be ok, is it an abort? */ + if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { + /* yep, tell them */ + return (1); + } + if (ch->chunk_type == SCTP_INITIATION) { + /* need to update the Vtag */ + init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, + offset, sizeof(*init_chk), (uint8_t *) & chunk_buf); + if (init_chk != NULL) { + *vtagfill = ntohl(init_chk->init.initiate_tag); + } + } + /* Nope, move to the next chunk */ + offset += SCTP_SIZE32(chk_length); + ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, + sizeof(*ch), (uint8_t *) & chunk_buf); + } + return (0); +} + +/* + * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id + * set (i.e. it's 0) so, create this function to compare link local scopes + */ +uint32_t +sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) +{ + struct sockaddr_in6 a, b; + + /* save copies */ + a = *addr1; + b = *addr2; + + if (a.sin6_scope_id == 0) + if (sa6_recoverscope(&a)) { + /* can't get scope, so can't match */ + return (0); + } + if (b.sin6_scope_id == 0) + if (sa6_recoverscope(&b)) { + /* can't get scope, so can't match */ + return (0); + } + if (a.sin6_scope_id != b.sin6_scope_id) + return (0); + + return (1); +} + +/* + * returns a sockaddr_in6 with embedded scope recovered and removed + */ +struct sockaddr_in6 * +sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) +{ + + /* check and strip embedded scope junk */ + if (addr->sin6_family == AF_INET6) { + if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { + if (addr->sin6_scope_id == 0) { + *store = *addr; + if (!sa6_recoverscope(store)) { + /* use the recovered scope */ + addr = store; + } + /* else, return the original "to" addr */ + } + } + } + return (addr); +} + +/* + * are the two addresses the same? currently a "scopeless" check returns: 1 + * if same, 0 if not + */ +__inline int +sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) +{ + + /* must be valid */ + if (sa1 == NULL || sa2 == NULL) + return (0); + + /* must be the same family */ + if (sa1->sa_family != sa2->sa_family) + return (0); + + if (sa1->sa_family == AF_INET6) { + /* IPv6 addresses */ + struct sockaddr_in6 *sin6_1, *sin6_2; + + sin6_1 = (struct sockaddr_in6 *)sa1; + sin6_2 = (struct sockaddr_in6 *)sa2; + return (SCTP6_ARE_ADDR_EQUAL(&sin6_1->sin6_addr, + &sin6_2->sin6_addr)); + } else if (sa1->sa_family == AF_INET) { + /* IPv4 addresses */ + struct sockaddr_in *sin_1, *sin_2; + + sin_1 = (struct sockaddr_in *)sa1; + sin_2 = (struct sockaddr_in *)sa2; + return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); + } else { + /* we don't do these... */ + return (0); + } +} + +void +sctp_print_address(struct sockaddr *sa) +{ + + if (sa->sa_family == AF_INET6) { + struct sockaddr_in6 *sin6; + + sin6 = (struct sockaddr_in6 *)sa; + printf("IPv6 address: %s:%d scope:%u\n", + ip6_sprintf(&sin6->sin6_addr), ntohs(sin6->sin6_port), + sin6->sin6_scope_id); + } else if (sa->sa_family == AF_INET) { + struct sockaddr_in *sin; + unsigned char *p; + + sin = (struct sockaddr_in *)sa; + p = (unsigned char *)&sin->sin_addr; + printf("IPv4 address: %u.%u.%u.%u:%d\n", + p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); + } else { + printf("?\n"); + } +} + +void +sctp_print_address_pkt(struct ip *iph, struct sctphdr *sh) +{ + if (iph->ip_v == IPVERSION) { + struct sockaddr_in lsa, fsa; + + bzero(&lsa, sizeof(lsa)); + lsa.sin_len = sizeof(lsa); + lsa.sin_family = AF_INET; + lsa.sin_addr = iph->ip_src; + lsa.sin_port = sh->src_port; + bzero(&fsa, sizeof(fsa)); + fsa.sin_len = sizeof(fsa); + fsa.sin_family = AF_INET; + fsa.sin_addr = iph->ip_dst; + fsa.sin_port = sh->dest_port; + printf("src: "); + sctp_print_address((struct sockaddr *)&lsa); + printf("dest: "); + sctp_print_address((struct sockaddr *)&fsa); + } else if (iph->ip_v == (IPV6_VERSION >> 4)) { + struct ip6_hdr *ip6; + struct sockaddr_in6 lsa6, fsa6; + + ip6 = (struct ip6_hdr *)iph; + bzero(&lsa6, sizeof(lsa6)); + lsa6.sin6_len = sizeof(lsa6); + lsa6.sin6_family = AF_INET6; + lsa6.sin6_addr = ip6->ip6_src; + lsa6.sin6_port = sh->src_port; + bzero(&fsa6, sizeof(fsa6)); + fsa6.sin6_len = sizeof(fsa6); + fsa6.sin6_family = AF_INET6; + fsa6.sin6_addr = ip6->ip6_dst; + fsa6.sin6_port = sh->dest_port; + printf("src: "); + sctp_print_address((struct sockaddr *)&lsa6); + printf("dest: "); + sctp_print_address((struct sockaddr *)&fsa6); + } +} + +#if defined(HAVE_SCTP_SO_LASTRECORD) + +/* cloned from uipc_socket.c */ + +#define SCTP_SBLINKRECORD(sb, m0) do { \ + if ((sb)->sb_lastrecord != NULL) \ + (sb)->sb_lastrecord->m_nextpkt = (m0); \ + else \ + (sb)->sb_mb = (m0); \ + (sb)->sb_lastrecord = (m0); \ +} while (/*CONSTCOND*/0) +#endif + +void +sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, + struct sctp_inpcb *new_inp, + struct sctp_tcb *stcb) +{ + /* + * go through our old INP and pull off any control structures that + * belong to stcb and move then to the new inp. + */ + struct socket *old_so, *new_so; + struct sctp_queued_to_read *control, *nctl; + struct sctp_readhead tmp_queue; + struct mbuf *m; + int error; + + old_so = old_inp->sctp_socket; + new_so = new_inp->sctp_socket; + TAILQ_INIT(&tmp_queue); + + SOCKBUF_LOCK(&(old_so->so_rcv)); + + error = sblock(&old_so->so_rcv, 0); + + SOCKBUF_UNLOCK(&(old_so->so_rcv)); + if (error) { + /* + * Gak, can't get sblock, we have a problem. data will be + * left stranded.. and we don't dare look at it since the + * other thread may be reading something. Oh well, its a + * screwed up app that does a peeloff OR a accept while + * reading from the main socket... actually its only the + * peeloff() case, since I think read will fail on a + * listening socket.. + */ + return; + } + /* lock the socket buffers */ + SCTP_INP_READ_LOCK(old_inp); + control = TAILQ_FIRST(&old_inp->read_queue); + /* Pull off all for out target stcb */ + while (control) { + nctl = TAILQ_NEXT(control, next); + if (control->stcb == stcb) { + /* remove it we want it */ + TAILQ_REMOVE(&old_inp->read_queue, control, next); + TAILQ_INSERT_TAIL(&tmp_queue, control, next); + m = control->data; + while (m) { +#ifdef SCTP_SB_LOGGING + sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); +#endif + sctp_sbfree(control, stcb, &old_so->so_rcv, m); +#ifdef SCTP_SB_LOGGING + sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + m = m->m_next; + } + } + control = nctl; + } + SCTP_INP_READ_UNLOCK(old_inp); + + /* Remove the sb-lock on the old socket */ + SOCKBUF_LOCK(&(old_so->so_rcv)); + + sbunlock(&old_so->so_rcv); + SOCKBUF_UNLOCK(&(old_so->so_rcv)); + + /* Now we move them over to the new socket buffer */ + control = TAILQ_FIRST(&tmp_queue); + SCTP_INP_READ_LOCK(new_inp); + while (control) { + nctl = TAILQ_NEXT(control, next); + TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); + m = control->data; + while (m) { +#ifdef SCTP_SB_LOGGING + sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, m->m_len); +#endif + sctp_sballoc(stcb, &new_so->so_rcv, m); +#ifdef SCTP_SB_LOGGING + sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + m = m->m_next; + } + control = nctl; + } + SCTP_INP_READ_UNLOCK(new_inp); +} + + +void +sctp_add_to_readq(struct sctp_inpcb *inp, + struct sctp_tcb *stcb, + struct sctp_queued_to_read *control, + struct sockbuf *sb, + int end) +{ + /* + * Here we must place the control on the end of the socket read + * queue AND increment sb_cc so that select will work properly on + * read. + */ + struct mbuf *m, *prev = NULL; + + SCTP_INP_READ_LOCK(inp); + m = control->data; + control->held_length = 0; + control->length = 0; + while (m) { + if (m->m_len == 0) { + /* Skip mbufs with NO length */ + if (prev == NULL) { + /* First one */ + control->data = sctp_m_free(m); + m = control->data; + } else { + prev->m_next = sctp_m_free(m); + m = prev->m_next; + } + if (m == NULL) { + control->tail_mbuf = prev;; + } + continue; + } + prev = m; +#ifdef SCTP_SB_LOGGING + sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, m->m_len); +#endif + sctp_sballoc(stcb, sb, m); +#ifdef SCTP_SB_LOGGING + sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + atomic_add_int(&control->length, m->m_len); + m = m->m_next; + } + if (prev != NULL) { + control->tail_mbuf = prev; + if (end) { + prev->m_flags |= M_EOR; + } + } else { + return; + } + if (end) { + control->end_added = 1; + } + TAILQ_INSERT_TAIL(&inp->read_queue, control, next); + SCTP_INP_READ_UNLOCK(inp); + if (inp && inp->sctp_socket) { + sctp_sorwakeup(inp, inp->sctp_socket); + } +} + + +int +sctp_append_to_readq(struct sctp_inpcb *inp, + struct sctp_tcb *stcb, + struct sctp_queued_to_read *control, + struct mbuf *m, + int end, + int ctls_cumack, + struct sockbuf *sb) +{ + /* + * A partial delivery API event is underway. OR we are appending on + * the reassembly queue. + * + * If PDAPI this means we need to add m to the end of the data. + * Increase the length in the control AND increment the sb_cc. + * Otherwise sb is NULL and all we need to do is put it at the end + * of the mbuf chain. + */ + int len = 0; + struct mbuf *mm, *tail = NULL, *prev = NULL; + + if (inp) { + SCTP_INP_READ_LOCK(inp); + } + if (control == NULL) { +get_out: + if (inp) { + SCTP_INP_READ_UNLOCK(inp); + } + return (-1); + } + if ((control->tail_mbuf) && + (control->tail_mbuf->m_flags & M_EOR)) { + /* huh this one is complete? */ + goto get_out; + } + mm = m; + if (mm == NULL) { + goto get_out; + } + while (mm) { + if (mm->m_len == 0) { + /* Skip mbufs with NO lenght */ + if (prev == NULL) { + /* First one */ + m = sctp_m_free(mm); + mm = m; + } else { + prev->m_next = sctp_m_free(mm); + mm = prev->m_next; + } + continue; + } + prev = mm; + len += mm->m_len; + if (sb) { +#ifdef SCTP_SB_LOGGING + sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, mm->m_len); +#endif + sctp_sballoc(stcb, sb, mm); +#ifdef SCTP_SB_LOGGING + sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + } + mm = mm->m_next; + } + if (prev) { + tail = prev; + } else { + /* Really there should always be a prev */ + if (m == NULL) { + /* Huh nothing left? */ +#ifdef INVARIENTS + panic("Nothing left to add?"); +#else + goto get_out; +#endif + } + tail = m; + } + if (end) { + /* message is complete */ + tail->m_flags |= M_EOR; + if (control == stcb->asoc.control_pdapi) { + stcb->asoc.control_pdapi = NULL; + } + control->held_length = 0; + control->end_added = 1; + } + atomic_add_int(&control->length, len); + if (control->tail_mbuf) { + /* append */ + control->tail_mbuf->m_next = m; + control->tail_mbuf = tail; + } else { + /* nothing there */ +#ifdef INVARIENTS + if (control->data != NULL) { + panic("This should NOT happen"); + } +#endif + control->data = m; + control->tail_mbuf = tail; + } + /* + * When we are appending in partial delivery, the cum-ack is used + * for the actual pd-api highest tsn on this mbuf. The true cum-ack + * is populated in the outbound sinfo structure from the true cumack + * if the association exists... + */ + control->sinfo_tsn = control->sinfo_cumtsn = ctls_cumack; + if (inp) { + SCTP_INP_READ_UNLOCK(inp); + } + if (inp && inp->sctp_socket) { + sctp_sorwakeup(inp, inp->sctp_socket); + } + return (0); +} + + + +/*************HOLD THIS COMMENT FOR PATCH FILE OF + *************ALTERNATE ROUTING CODE + */ + +/*************HOLD THIS COMMENT FOR END OF PATCH FILE OF + *************ALTERNATE ROUTING CODE + */ + +struct mbuf * +sctp_generate_invmanparam(int err) +{ + /* Return a MBUF with a invalid mandatory parameter */ + struct mbuf *m; + + m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_DONTWAIT, 1, MT_DATA); + if (m) { + struct sctp_paramhdr *ph; + + m->m_len = sizeof(struct sctp_paramhdr); + ph = mtod(m, struct sctp_paramhdr *); + ph->param_length = htons(sizeof(struct sctp_paramhdr)); + ph->param_type = htons(err); + } + return (m); +} + +#ifdef SCTP_MBCNT_LOGGING +void +sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, + struct sctp_tmit_chunk *tp1, int chk_cnt) +{ + if (tp1->data == NULL) { + return; + } + asoc->chunks_on_out_queue -= chk_cnt; + sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, + asoc->total_output_queue_size, + tp1->book_size, + 0, + tp1->mbcnt); + if (asoc->total_output_queue_size >= tp1->book_size) { + asoc->total_output_queue_size -= tp1->book_size; + } else { + asoc->total_output_queue_size = 0; + } + + if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || + ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { + if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { + stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; + } else { + stcb->sctp_socket->so_snd.sb_cc = 0; + + } + } +} + +#endif + +int +sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, + int reason, struct sctpchunk_listhead *queue) +{ + int ret_sz = 0; + int notdone; + uint8_t foundeom = 0; + + do { + ret_sz += tp1->book_size; + tp1->sent = SCTP_FORWARD_TSN_SKIP; + if (tp1->data) { + sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); + sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, reason, tp1); + sctp_m_freem(tp1->data); + tp1->data = NULL; + sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); + } + if (PR_SCTP_BUF_ENABLED(tp1->flags)) { + stcb->asoc.sent_queue_cnt_removeable--; + } + if (queue == &stcb->asoc.send_queue) { + TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); + /* on to the sent queue */ + TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, + sctp_next); + stcb->asoc.sent_queue_cnt++; + } + if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == + SCTP_DATA_NOT_FRAG) { + /* not frag'ed we ae done */ + notdone = 0; + foundeom = 1; + } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { + /* end of frag, we are done */ + notdone = 0; + foundeom = 1; + } else { + /* + * Its a begin or middle piece, we must mark all of + * it + */ + notdone = 1; + tp1 = TAILQ_NEXT(tp1, sctp_next); + } + } while (tp1 && notdone); + if ((foundeom == 0) && (queue == &stcb->asoc.sent_queue)) { + /* + * The multi-part message was scattered across the send and + * sent queue. + */ + tp1 = TAILQ_FIRST(&stcb->asoc.send_queue); + /* + * recurse throught the send_queue too, starting at the + * beginning. + */ + if (tp1) { + ret_sz += sctp_release_pr_sctp_chunk(stcb, tp1, reason, + &stcb->asoc.send_queue); + } else { + printf("hmm, nothing on the send queue and no EOM?\n"); + } + } + return (ret_sz); +} + +/* + * checks to see if the given address, sa, is one that is currently known by + * the kernel note: can't distinguish the same address on multiple interfaces + * and doesn't handle multiple addresses with different zone/scope id's note: + * ifa_ifwithaddr() compares the entire sockaddr struct + */ +struct ifaddr * +sctp_find_ifa_by_addr(struct sockaddr *sa) +{ + struct ifnet *ifn; + struct ifaddr *ifa; + + /* go through all our known interfaces */ + TAILQ_FOREACH(ifn, &ifnet, if_list) { + /* go through each interface addresses */ + TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { + /* correct family? */ + if (ifa->ifa_addr->sa_family != sa->sa_family) + continue; + +#ifdef INET6 + if (ifa->ifa_addr->sa_family == AF_INET6) { + /* IPv6 address */ + struct sockaddr_in6 *sin1, *sin2, sin6_tmp; + + sin1 = (struct sockaddr_in6 *)ifa->ifa_addr; + if (IN6_IS_SCOPE_LINKLOCAL(&sin1->sin6_addr)) { + /* create a copy and clear scope */ + memcpy(&sin6_tmp, sin1, + sizeof(struct sockaddr_in6)); + sin1 = &sin6_tmp; + in6_clearscope(&sin1->sin6_addr); + } + sin2 = (struct sockaddr_in6 *)sa; + if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, + sizeof(struct in6_addr)) == 0) { + /* found it */ + return (ifa); + } + } else +#endif + if (ifa->ifa_addr->sa_family == AF_INET) { + /* IPv4 address */ + struct sockaddr_in *sin1, *sin2; + + sin1 = (struct sockaddr_in *)ifa->ifa_addr; + sin2 = (struct sockaddr_in *)sa; + if (sin1->sin_addr.s_addr == + sin2->sin_addr.s_addr) { + /* found it */ + return (ifa); + } + } + /* else, not AF_INET or AF_INET6, so skip */ + } /* end foreach ifa */ + } /* end foreach ifn */ + /* not found! */ + return (NULL); +} + + + + + + + + +static void +sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock, + uint32_t rwnd_req) +{ + /* User pulled some data, do we need a rwnd update? */ + int r_unlocked = 0; + int tcb_incr_up = 0; + uint32_t dif, rwnd; + struct socket *so = NULL; + + if (stcb == NULL) + return; + + atomic_add_16(&stcb->asoc.refcnt, 1); + tcb_incr_up = 1; + + if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + /* Pre-check If we are freeing no update */ + goto no_lock; + } + SCTP_INP_INCR_REF(stcb->sctp_ep); + if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { + goto out; + } + so = stcb->sctp_socket; + if (so == NULL) { + goto out; + } + atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); + /* Have you have freed enough to look */ +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_ENTER_USER_RECV, + (stcb->asoc.my_rwnd - stcb->asoc.my_last_reported_rwnd), + *freed_so_far, + stcb->freed_by_sorcv_sincelast, + rwnd_req); +#endif + *freed_so_far = 0; + /* Yep, its worth a look and the lock overhead */ + + /* Figure out what the rwnd would be */ + rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); + if (rwnd >= stcb->asoc.my_last_reported_rwnd) { + dif = rwnd - stcb->asoc.my_last_reported_rwnd; + } else { + dif = 0; + } + if (dif >= rwnd_req) { + if (hold_rlock) { + SCTP_INP_READ_UNLOCK(stcb->sctp_ep); + r_unlocked = 1; + } + if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + /* + * One last check before we allow the guy possibly + * to get in. There is a race, where the guy has not + * reached the gate. In that case + */ + goto out; + } + SCTP_TCB_LOCK(stcb); + if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + /* No reports here */ + SCTP_TCB_UNLOCK(stcb); + goto out; + } +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_USER_RECV_SACKS, + stcb->asoc.my_rwnd, + stcb->asoc.my_last_reported_rwnd, + stcb->freed_by_sorcv_sincelast, + dif); +#endif + SCTP_STAT_INCR(sctps_wu_sacks_sent); + sctp_send_sack(stcb); + sctp_chunk_output(stcb->sctp_ep, stcb, + SCTP_OUTPUT_FROM_USR_RCVD); + /* make sure no timer is running */ + sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL); + SCTP_TCB_UNLOCK(stcb); + } else { + /* Update how much we have pending */ + stcb->freed_by_sorcv_sincelast = dif; +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_USER_RECV_SACKS, + stcb->asoc.my_rwnd, + stcb->asoc.my_last_reported_rwnd, + stcb->freed_by_sorcv_sincelast, + 0); +#endif + } +out: + if (so && r_unlocked && hold_rlock) { + SCTP_STAT_INCR(sctps_locks_in_rcv); + SCTP_INP_READ_LOCK(stcb->sctp_ep); + } + SCTP_INP_DECR_REF(stcb->sctp_ep); +no_lock: + if (tcb_incr_up) { + atomic_add_16(&stcb->asoc.refcnt, -1); + } + return; +} + +int +sctp_sorecvmsg(struct socket *so, + struct uio *uio, + struct mbuf **mp, + struct sockaddr *from, + int fromlen, + int *msg_flags, + struct sctp_sndrcvinfo *sinfo, + int filling_sinfo) +{ + /* + * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. + * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy + * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? + * On the way out we may send out any combination of: + * MSG_NOTIFICATION MSG_EOR + * + */ + struct sctp_inpcb *inp = NULL; + int my_len = 0; + int cp_len = 0, error = 0; + struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; + struct mbuf *m = NULL, *embuf = NULL; + struct sctp_tcb *stcb = NULL; + int wakeup_read_socket = 0; + int freecnt_applied = 0; + int out_flags = 0, in_flags = 0; + int block_allowed = 1; + int freed_so_far = 0; + int copied_so_far = 0; + int s, in_eeor_mode = 0; + int no_rcv_needed = 0; + uint32_t rwnd_req = 0; + int hold_sblock = 0; + int hold_rlock = 0; + int alen = 0, slen = 0; + int held_length = 0; + + if (msg_flags) { + in_flags = *msg_flags; + } else { + in_flags = 0; + } + slen = uio->uio_resid; + /* Pull in and set up our int flags */ + if (in_flags & MSG_OOB) { + /* Out of band's NOT supported */ + return (EOPNOTSUPP); + } + if ((in_flags & MSG_PEEK) && (mp != NULL)) { + return (EINVAL); + } + if ((in_flags & (MSG_DONTWAIT + | MSG_NBIO + )) || + (so->so_state & SS_NBIO)) { + block_allowed = 0; + } + /* setup the endpoint */ + inp = (struct sctp_inpcb *)so->so_pcb; + if (inp == NULL) { + return (EFAULT); + } + s = splnet(); + rwnd_req = (so->so_rcv.sb_hiwat >> SCTP_RWND_HIWAT_SHIFT); + /* Must be at least a MTU's worth */ + if (rwnd_req < SCTP_MIN_RWND) + rwnd_req = SCTP_MIN_RWND; + in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); +#ifdef SCTP_RECV_RWND_LOGGING + sctp_misc_ints(SCTP_SORECV_ENTER, + rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, uio->uio_resid); +#endif + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; +#ifdef SCTP_RECV_RWND_LOGGING + sctp_misc_ints(SCTP_SORECV_ENTERPL, + rwnd_req, block_allowed, so->so_rcv.sb_cc, uio->uio_resid); +#endif + + + error = sblock(&so->so_rcv, (block_allowed ? M_WAITOK : 0)); + if (error) { + goto release_unlocked; + } +restart: + if (hold_sblock == 0) { + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; + } + sbunlock(&so->so_rcv); + +restart_nosblocks: + if (hold_sblock == 0) { + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; + } + if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || + (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { + goto out; + } + if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) { + if (so->so_error) { + error = so->so_error; + } else { + error = ENOTCONN; + } + goto out; + } + if ((so->so_rcv.sb_cc <= held_length) && block_allowed) { + /* we need to wait for data */ +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORECV_BLOCKSA, + 0, 0, so->so_rcv.sb_cc, uio->uio_resid); +#endif + if ((so->so_rcv.sb_cc == 0) && + ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || + (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { + if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { + /* + * For active open side clear flags for + * re-use passive open is blocked by + * connect. + */ + if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { + /* + * You were aborted, passive side + * always hits here + */ + error = ECONNRESET; + /* + * You get this once if you are + * active open side + */ + if (!(inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { + /* + * Remove flag if on the + * active open side + */ + inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_ABORTED; + } + } + so->so_state &= ~(SS_ISCONNECTING | + SS_ISDISCONNECTING | + SS_ISCONFIRMING | + SS_ISCONNECTED); + if (error == 0) { + if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { + error = ENOTCONN; + } else { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_CONNECTED; + } + } + goto out; + } + } + error = sbwait(&so->so_rcv); + if (error) { + goto out; + } + held_length = 0; + goto restart_nosblocks; + } else if (so->so_rcv.sb_cc == 0) { + error = EWOULDBLOCK; + goto out; + } + error = sblock(&so->so_rcv, (block_allowed ? M_WAITOK : 0)); + /* we possibly have data we can read */ + control = TAILQ_FIRST(&inp->read_queue); + if (control == NULL) { + /* + * This could be happening since the appender did the + * increment but as not yet did the tailq insert onto the + * read_queue + */ + if (hold_rlock == 0) { + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; + } + control = TAILQ_FIRST(&inp->read_queue); + if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { +#ifdef INVARIENTS + panic("Huh, its non zero and nothing on control?"); +#endif + so->so_rcv.sb_cc = 0; + } + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + goto restart; + } + if ((control->length == 0) && + (control->do_not_ref_stcb)) { + /* + * Clean up code for freeing assoc that left behind a + * pdapi.. maybe a peer in EEOR that just closed after + * sending and never indicated a EOR. + */ + SCTP_STAT_INCR(sctps_locks_in_rcva); + if (hold_rlock == 0) { + hold_rlock = 1; + SCTP_INP_READ_LOCK(inp); + } + control->held_length = 0; + if (control->data) { + /* Hmm there is data here .. fix */ + struct mbuf *m; + int cnt = 0; + + m = control->data; + while (m) { + cnt += m->m_len; + if (m->m_next == NULL) { + control->tail_mbuf = m; + m->m_flags |= M_EOR; + control->end_added = 1; + } + m = m->m_next; + } + control->length = cnt; + } else { + /* remove it */ + TAILQ_REMOVE(&inp->read_queue, control, next); + /* Add back any hiddend data */ + sctp_free_remote_addr(control->whoFrom); + sctp_free_a_readq(stcb, control); + } + if (hold_rlock) { + hold_rlock = 0; + SCTP_INP_READ_UNLOCK(inp); + } + goto restart; + } + if (control->length == 0) { + if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && + (filling_sinfo)) { + /* find a more suitable one then this */ + ctl = TAILQ_NEXT(control, next); + while (ctl) { + if ((ctl->stcb != control->stcb) && (ctl->length)) { + /* found one */ + control = ctl; + goto found_one; + } + ctl = TAILQ_NEXT(ctl, next); + } + } + /* + * if we reach here, not suitable replacement is available + * <or> fragment interleave is NOT on. So stuff the sb_cc + * into the our held count, and its time to sleep again. + */ + held_length = so->so_rcv.sb_cc; + control->held_length = so->so_rcv.sb_cc; + goto restart; + } + /* Clear the held length since there is something to read */ + control->held_length = 0; + if (hold_rlock) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } +found_one: + /* + * If we reach here, control has a some data for us to read off. + * Note that stcb COULD be NULL. + */ + if (hold_sblock) { + SOCKBUF_UNLOCK(&so->so_rcv); + hold_sblock = 0; + } + stcb = control->stcb; + if (stcb) { + if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) && + (control->do_not_ref_stcb == 0)) { + stcb = NULL; + } else if (control->do_not_ref_stcb == 0) { + /* you can't free it on me please */ + /* + * The lock on the socket buffer protects us so the + * free code will stop. But since we used the + * socketbuf lock and the sender uses the tcb_lock + * to increment, we need to use the atomic add to + * the refcnt + */ + atomic_add_16(&stcb->asoc.refcnt, 1); + freecnt_applied = 1; + /* + * Setup to remember how much we have not yet told + * the peer our rwnd has opened up. Note we grab the + * value from the tcb from last time. Note too that + * sack sending clears this when a sack is sent.. + * which is fine. Once we hit the rwnd_req, we then + * will go to the sctp_user_rcvd() that will not + * lock until it KNOWs it MUST send a WUP-SACK. + * + */ + freed_so_far = stcb->freed_by_sorcv_sincelast; + stcb->freed_by_sorcv_sincelast = 0; + } + } + /* First lets get off the sinfo and sockaddr info */ + if ((sinfo) && filling_sinfo) { + memcpy(sinfo, control, sizeof(struct sctp_nonpad_sndrcvinfo)); + nxt = TAILQ_NEXT(control, next); + if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) { + struct sctp_extrcvinfo *s_extra; + + s_extra = (struct sctp_extrcvinfo *)sinfo; + if (nxt) { + s_extra->next_flags = SCTP_NEXT_MSG_AVAIL; + if (nxt->sinfo_flags & SCTP_UNORDERED) { + s_extra->next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; + } + s_extra->next_asocid = nxt->sinfo_assoc_id; + s_extra->next_length = nxt->length; + s_extra->next_ppid = nxt->sinfo_ppid; + s_extra->next_stream = nxt->sinfo_stream; + if (nxt->tail_mbuf != NULL) { + if (nxt->tail_mbuf->m_flags & M_EOR) { + s_extra->next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; + } + } + } else { + /* + * we explicitly 0 this, since the memcpy + * got some other things beyond the older + * sinfo_ that is on the control's structure + * :-D + */ + s_extra->next_flags = SCTP_NO_NEXT_MSG; + s_extra->next_asocid = 0; + s_extra->next_length = 0; + s_extra->next_ppid = 0; + s_extra->next_stream = 0; + } + } + /* + * update off the real current cum-ack, if we have an stcb. + */ + if (stcb) + sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; + /* + * mask off the high bits, we keep the actual chunk bits in + * there. + */ + sinfo->sinfo_flags &= 0x00ff; + } + if (fromlen && from) { + struct sockaddr *to; + +#ifdef AF_INET + cp_len = min(fromlen, control->whoFrom->ro._l_addr.sin.sin_len); + memcpy(from, &control->whoFrom->ro._l_addr, cp_len); + ((struct sockaddr_in *)from)->sin_port = control->port_from; +#else + /* No AF_INET use AF_INET6 */ + cp_len = min(fromlen, control->whoFrom->ro._l_addr.sin6.sin6_len); + memcpy(from, &control->whoFrom->ro._l_addr, cp_len); + ((struct sockaddr_in6 *)from)->sin6_port = control->port_from; +#endif + + to = from; +#if defined(AF_INET) && defined(AF_INET6) + if ((inp->sctp_flags & SCTP_PCB_FLAGS_NEEDS_MAPPED_V4) && + (to->sa_family == AF_INET) && + ((size_t)fromlen >= sizeof(struct sockaddr_in6))) { + struct sockaddr_in *sin; + struct sockaddr_in6 sin6; + + sin = (struct sockaddr_in *)to; + bzero(&sin6, sizeof(sin6)); + sin6.sin6_family = AF_INET6; + sin6.sin6_len = sizeof(struct sockaddr_in6); + sin6.sin6_addr.s6_addr16[2] = 0xffff; + bcopy(&sin->sin_addr, + &sin6.sin6_addr.s6_addr16[3], + sizeof(sin6.sin6_addr.s6_addr16[3])); + sin6.sin6_port = sin->sin_port; + memcpy(from, (caddr_t)&sin6, sizeof(sin6)); + } +#endif +#if defined(AF_INET6) + { + struct sockaddr_in6 lsa6, *to6; + + to6 = (struct sockaddr_in6 *)to; + sctp_recover_scope_mac(to6, (&lsa6)); + + } +#endif + } + /* now copy out what data we can */ + if (mp == NULL) { + /* copy out each mbuf in the chain up to length */ +get_more_data: + m = control->data; + while (m) { + /* Move out all we can */ + cp_len = (int)uio->uio_resid; + my_len = (int)m->m_len; + if (cp_len > my_len) { + /* not enough in this buf */ + cp_len = my_len; + } + if (hold_rlock) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } + splx(s); + if (cp_len > 0) + error = uiomove(mtod(m, char *), cp_len, uio); + s = splnet(); +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_DOESCPY, + so->so_rcv.sb_cc, + cp_len, + 0, + 0); +#endif + /* re-read */ + if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { + goto release; + } + if (stcb && + stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + no_rcv_needed = 1; + } + if (error) { + /* error we are out of here */ + goto release; + } + if ((m->m_next == NULL) && + (cp_len >= m->m_len) && + ((control->end_added == 0) || + (control->end_added && (TAILQ_NEXT(control, next) == NULL))) + ) { +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_DOESLCK, + so->so_rcv.sb_cc, + cp_len, + m->m_len, + control->length); +#endif + SCTP_STAT_INCR(sctps_locks_in_rcvb); + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; + } + if (cp_len == m->m_len) { +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_DOESADJ, + so->so_rcv.sb_cc, + control->length, + cp_len, + 0); +#endif + if (m->m_flags & M_EOR) { + out_flags |= MSG_EOR; + } + if (m->m_flags & M_NOTIFICATION) { + out_flags |= MSG_NOTIFICATION; + } + /* we ate up the mbuf */ + if (in_flags & MSG_PEEK) { + /* just looking */ + m = m->m_next; + copied_so_far += cp_len; + } else { + /* dispose of the mbuf */ +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, + control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); +#endif + sctp_sbfree(control, stcb, &so->so_rcv, m); +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, + control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + embuf = m; + copied_so_far += cp_len; + freed_so_far += cp_len; + alen = atomic_fetchadd_int(&control->length, -(cp_len)); + if (alen < cp_len) { + panic("Control length goes negative?"); + } +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_PASSBF, + so->so_rcv.sb_cc, + control->length, + 0, + 0); +#endif + control->data = sctp_m_free(m); + m = control->data; + /* + * been through it all, must hold sb + * lock ok to null tail + */ + if (control->data == NULL) { +#ifdef INVARIENTS + if ((control->end_added == 0) || + (TAILQ_NEXT(control, next) == NULL)) { + /* + * If the end is not + * added, OR the + * next is NOT null + * we MUST have the + * lock. + */ + if (mtx_owned(&inp->inp_rdata_mtx) == 0) { + panic("Hmm we don't own the lock?"); + } + } +#endif + control->tail_mbuf = NULL; +#ifdef INVARIENTS + if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { + panic("end_added, nothing left and no MSG_EOR"); + } +#endif + } +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_ADJD, + so->so_rcv.sb_cc, + control->length, + 0, + 0); +#endif + } + } else { + /* Do we need to trim the mbuf? */ + if (m->m_flags & M_NOTIFICATION) { + out_flags |= MSG_NOTIFICATION; + } + if ((in_flags & MSG_PEEK) == 0) { + if (out_flags & MSG_NOTIFICATION) { + /* + * remark this one with the + * notify flag, they read + * only part of the + * notification. + */ + m->m_flags |= M_NOTIFICATION; + } + m->m_data += cp_len; + m->m_len -= cp_len; +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); +#endif + atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); + if (stcb) { + atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); + } + copied_so_far += cp_len; + embuf = m; + freed_so_far += cp_len; +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, + SCTP_LOG_SBRESULT, 0); +#endif + alen = atomic_fetchadd_int(&control->length, -(cp_len)); + if (alen < cp_len) { + panic("Control length goes negative2?"); + } + } else { + copied_so_far += cp_len; + } + } + if ((out_flags & MSG_EOR) || + (uio->uio_resid == 0) + ) { + break; + } + if (((stcb) && (in_flags & MSG_PEEK) == 0) && + (control->do_not_ref_stcb == 0) && + (freed_so_far >= rwnd_req)) { + sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); + } +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_BOTWHILE, + so->so_rcv.sb_cc, + control->length, + 0, + 0); +#endif + + } /* end while(m) */ + /* + * At this point we have looked at it all and we either have + * a MSG_EOR/or read all the user wants... <OR> + * control->length == 0. + */ + if ((out_flags & MSG_EOR) && + ((in_flags & MSG_PEEK) == 0)) { + /* we are done with this control */ + if (control->length == 0) { + if (control->data) { +#ifdef INVARIENTS + panic("control->data not null at read eor?"); +#else + printf("Strange, data left in the control buffer .. invarients would panic?\n"); + sctp_m_freem(control->data); + control->data = NULL; +#endif + } + done_with_control: +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + sctp_misc_ints(SCTP_SORCV_FREECTL, + so->so_rcv.sb_cc, + 0, + 0, + 0); +#endif + if (TAILQ_NEXT(control, next) == NULL) { + /* + * If we don't have a next we need a + * lock, if there is a next interupt + * is filling ahead of us and we + * don't need a lock to remove this + * guy (which is the head of the + * queue). + */ + if (hold_rlock == 0) { + SCTP_STAT_INCR(sctps_locks_in_rcvc); + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; + } + } + TAILQ_REMOVE(&inp->read_queue, control, next); + /* Add back any hiddend data */ + if (control->held_length) { + held_length = 0; + control->held_length = 0; + wakeup_read_socket = 1; + } + no_rcv_needed = control->do_not_ref_stcb; + sctp_free_remote_addr(control->whoFrom); + control->data = NULL; + sctp_free_a_readq(stcb, control); + control = NULL; + if ((freed_so_far >= rwnd_req) && (no_rcv_needed == 0)) + sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); + + } else { + /* + * The user did not read all of this + * message, turn off the returned MSG_EOR + * since we are leaving more behind on the + * control to read. + */ +#ifdef INVARIENTS + if (control->end_added && (control->data == NULL) && + (control->tail_mbuf == NULL)) { + panic("Gak, control->length is corrupt?"); + } +#endif + no_rcv_needed = control->do_not_ref_stcb; + out_flags &= ~MSG_EOR; + } + } + if (out_flags & MSG_EOR) { + goto release; + } + if ((uio->uio_resid == 0) || + ((in_eeor_mode) && (copied_so_far >= max(so->so_rcv.sb_lowat, 1))) + ) { + goto release; + } + /* + * If I hit here the receiver wants more and this message is + * NOT done (pd-api). So two questions. Can we block? if not + * we are done. Did the user NOT set MSG_WAITALL? + */ + if (block_allowed == 0) { + goto release; + } + /* + * We need to wait for more data a few things: - We don't + * sbunlock() so we don't get someone else reading. - We + * must be sure to account for the case where what is added + * is NOT to our control when we wakeup. + */ + + /* + * Do we need to tell the transport a rwnd update might be + * needed before we go to sleep? + */ + if (((stcb) && (in_flags & MSG_PEEK) == 0) && + ((freed_so_far >= rwnd_req) && + (control->do_not_ref_stcb == 0) && + (no_rcv_needed == 0))) { + sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); + } +wait_some_more: + if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) { + goto release; + } + if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) + goto release; + + if (hold_rlock == 1) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } + if (hold_sblock == 0) { + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; + } +#ifdef SCTP_RECV_DETAIL_RWND_LOGGING + if (stcb) + sctp_misc_ints(SCTP_SORECV_BLOCKSB, + freed_so_far, + stcb->asoc.my_rwnd, + so->so_rcv.sb_cc, + uio->uio_resid); + else + sctp_misc_ints(SCTP_SORECV_BLOCKSB, + freed_so_far, + 0, + so->so_rcv.sb_cc, + uio->uio_resid); +#endif + if (so->so_rcv.sb_cc <= control->held_length) { + error = sbwait(&so->so_rcv); + if (error) { + goto release; + } + control->held_length = 0; + } + if (hold_sblock) { + SOCKBUF_UNLOCK(&so->so_rcv); + hold_sblock = 0; + } + if (control->length == 0) { + /* still nothing here */ + if (control->end_added == 1) { + /* he aborted, or is done i.e.did a shutdown */ + out_flags |= MSG_EOR; + goto done_with_control; + } + if (so->so_rcv.sb_cc > held_length) { + SCTP_STAT_INCR(sctps_locks_in_rcvf); + control->held_length = so->so_rcv.sb_cc; + held_length = 0; + } + goto wait_some_more; + } else if (control->data == NULL) { + panic("Impossible data==NULL length !=0"); + } + goto get_more_data; + } else { + /* copy out the mbuf chain */ +get_more_data2: + /* + * Do we have a uio, I doubt it if so we grab the size from + * it, if not you get it all + */ + if (uio) + cp_len = uio->uio_resid; + else + cp_len = control->length; + + if ((uint32_t) cp_len >= control->length) { + /* easy way */ + if ((control->end_added == 0) || + (TAILQ_NEXT(control, next) == NULL)) { + /* Need to get rlock */ + if (hold_rlock == 0) { + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; + } + } + if (control->tail_mbuf->m_flags & M_EOR) { + out_flags |= MSG_EOR; + } + if (control->data->m_flags & M_NOTIFICATION) { + out_flags |= MSG_NOTIFICATION; + } + if (uio) + uio->uio_resid -= control->length; + *mp = control->data; + m = control->data; + while (m) { +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, + control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); +#endif + sctp_sbfree(control, stcb, &so->so_rcv, m); + freed_so_far += m->m_len; +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, + control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + m = m->m_next; + } + control->data = control->tail_mbuf = NULL; + control->length = 0; + if (out_flags & MSG_EOR) { + /* Done with this control */ + goto done_with_control; + } + /* still more to do with this conntrol */ + /* do we really support msg_waitall here? */ + if ((block_allowed == 0) || + ((in_flags & MSG_WAITALL) == 0)) { + goto release; + } + wait_some_more2: + if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) + goto release; + if (hold_rlock == 1) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } + if (hold_sblock == 0) { + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; + } + if (so->so_rcv.sb_cc <= control->held_length) { + error = sbwait(&so->so_rcv); + if (error) { + goto release; + } + } + if (hold_sblock) { + SOCKBUF_UNLOCK(&so->so_rcv); + hold_sblock = 0; + } + if (control->length == 0) { + /* still nothing here */ + if (control->end_added == 1) { + /* + * he aborted, or is done i.e. + * shutdown + */ + out_flags |= MSG_EOR; + goto done_with_control; + } + if (so->so_rcv.sb_cc > held_length) { + control->held_length = so->so_rcv.sb_cc; + /* + * We don't use held_length while + * getting a message + */ + held_length = 0; + } + goto wait_some_more2; + } + goto get_more_data2; + } else { + /* hard way mbuf by mbuf */ + m = control->data; + if (control->end_added == 0) { + /* need the rlock */ + if (hold_rlock == 0) { + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; + } + } + if (m->m_flags & M_NOTIFICATION) { + out_flags |= MSG_NOTIFICATION; + } + while ((m) && (cp_len > 0)) { + if (cp_len >= m->m_len) { + *mp = m; + atomic_subtract_int(&control->length, m->m_len); + if (uio) + uio->uio_resid -= m->m_len; + cp_len -= m->m_len; + control->data = m->m_next; + m->m_next = NULL; +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, + control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); +#endif + sctp_sbfree(control, stcb, &so->so_rcv, m); + freed_so_far += m->m_len; +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, + control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); +#endif + mp = &m->m_next; + m = control->data; + } else { + /* + * got all he wants and its part of + * this mbuf only. + */ + if (uio) + uio->uio_resid -= m->m_len; + cp_len -= m->m_len; + if (hold_rlock) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } + if (hold_sblock) { + SOCKBUF_UNLOCK(&so->so_rcv); + hold_sblock = 0; + } + splx(s); + *mp = sctp_m_copym(m, 0, cp_len, + M_TRYWAIT + ); + s = splnet(); +#ifdef SCTP_LOCK_LOGGING + sctp_log_lock(inp, stcb, SCTP_LOG_LOCK_SOCKBUF_R); +#endif + if (hold_sblock == 0) { + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; + } + if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) + goto release; + + if (stcb && + stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + no_rcv_needed = 1; + } + m->m_data += cp_len; + m->m_len -= cp_len; +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); +#endif + freed_so_far += cp_len; + atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); + if (stcb) { + atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); + if ((freed_so_far >= rwnd_req) && + (control->do_not_ref_stcb == 0) && + (no_rcv_needed == 0)) + sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); + } +#ifdef SCTP_SB_LOGGING + sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, + SCTP_LOG_SBRESULT, 0); +#endif + if (out_flags & MSG_NOTIFICATION) { + /* + * remark the first mbuf if + * they took a partial read. + */ + control->data->m_flags |= M_NOTIFICATION; + } + goto release; + } + } + } + } +release: + if (hold_rlock == 1) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } + if (hold_sblock == 0) { + SOCKBUF_LOCK(&so->so_rcv); + hold_sblock = 1; + } + sbunlock(&so->so_rcv); + +release_unlocked: + if (hold_sblock) { + SOCKBUF_UNLOCK(&so->so_rcv); + hold_sblock = 0; + } + if ((stcb) && (in_flags & MSG_PEEK) == 0) { + if ((freed_so_far >= rwnd_req) && + (control && (control->do_not_ref_stcb == 0)) && + (no_rcv_needed == 0)) + sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); + } + if (msg_flags) + *msg_flags |= out_flags; +out: + if (hold_rlock == 1) { + SCTP_INP_READ_UNLOCK(inp); + hold_rlock = 0; + } + if (hold_sblock) { + SOCKBUF_UNLOCK(&so->so_rcv); + hold_sblock = 0; + } + if ((stcb) && freecnt_applied) { + /* + * The lock on the socket buffer protects us so the free + * code will stop. But since we used the socketbuf lock and + * the sender uses the tcb_lock to increment, we need to use + * the atomic add to the refcnt. + */ + atomic_add_16(&stcb->asoc.refcnt, -1); + freecnt_applied = 0; + /* Save the value back for next time */ + stcb->freed_by_sorcv_sincelast = freed_so_far; + } + splx(s); +#ifdef SCTP_RECV_RWND_LOGGING + if (stcb) { + sctp_misc_ints(SCTP_SORECV_DONE, + freed_so_far, + ((uio) ? (slen - uio->uio_resid) : slen), + stcb->asoc.my_rwnd, + so->so_rcv.sb_cc); + } else { + sctp_misc_ints(SCTP_SORECV_DONE, + freed_so_far, + ((uio) ? (slen - uio->uio_resid) : slen), + 0, + so->so_rcv.sb_cc); + } +#endif + if (wakeup_read_socket) { + sctp_sorwakeup(inp, so); + } + return (error); +} + + +#ifdef SCTP_MBUF_LOGGING +struct mbuf * +sctp_m_free(struct mbuf *m) +{ + if (m->m_flags & M_EXT) { + sctp_log_mb(m, SCTP_MBUF_IFREE); + } + return (m_free(m)); +} + +void +sctp_m_freem(struct mbuf *mb) +{ + while (mb != NULL) + mb = sctp_m_free(mb); +} + +#endif + + +int +sctp_soreceive(so, psa, uio, mp0, controlp, flagsp) + struct socket *so; + struct sockaddr **psa; + struct uio *uio; + struct mbuf **mp0; + struct mbuf **controlp; + int *flagsp; +{ + int error, fromlen; + uint8_t sockbuf[256]; + struct sockaddr *from; + struct sctp_extrcvinfo sinfo; + int filling_sinfo = 1; + struct sctp_inpcb *inp; + + inp = (struct sctp_inpcb *)so->so_pcb; + /* pickup the assoc we are reading from */ + if (inp == NULL) { + return (EINVAL); + } + if ((sctp_is_feature_off(inp, + SCTP_PCB_FLAGS_RECVDATAIOEVNT)) || + (controlp == NULL)) { + /* user does not want the sndrcv ctl */ + filling_sinfo = 0; + } + if (psa) { + from = (struct sockaddr *)sockbuf; + fromlen = sizeof(sockbuf); + from->sa_len = 0; + } else { + from = NULL; + fromlen = 0; + } + + error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, + (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); + if ((controlp) && (filling_sinfo)) { + /* copy back the sinfo in a CMSG format */ + if (filling_sinfo) + *controlp = sctp_build_ctl_nchunk(inp, + (struct sctp_sndrcvinfo *)&sinfo); + else + *controlp = NULL; + } + if (psa) { + /* copy back the address info */ + if (from && from->sa_len) { + *psa = sodupsockaddr(from, M_NOWAIT); + } else { + *psa = NULL; + } + } + return (error); +} |
