1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #ifdef __FreeBSD__
36 #include <sys/cdefs.h>
37 __FBSDID("$FreeBSD: head/sys/netinet/sctp_timer.c 338134 2018-08-21 13:25:32Z tuexen $");
38 #endif
39
40 #define _IP_VHL
41 #include <netinet/sctp_os.h>
42 #include <netinet/sctp_pcb.h>
43 #ifdef INET6
44 #if defined(__Userspace_os_FreeBSD)
45 #include <netinet6/sctp6_var.h>
46 #endif
47 #endif
48 #include <netinet/sctp_var.h>
49 #include <netinet/sctp_sysctl.h>
50 #include <netinet/sctp_timer.h>
51 #include <netinet/sctputil.h>
52 #include <netinet/sctp_output.h>
53 #include <netinet/sctp_header.h>
54 #include <netinet/sctp_indata.h>
55 #include <netinet/sctp_asconf.h>
56 #include <netinet/sctp_input.h>
57 #include <netinet/sctp.h>
58 #include <netinet/sctp_uio.h>
59 #if defined(INET) || defined(INET6)
60 #if !defined(__Userspace_os_Windows)
61 #include <netinet/udp.h>
62 #endif
63 #endif
64
65 #if defined(__APPLE__)
66 #define APPLE_FILE_NO 6
67 #endif
68
69 void
sctp_audit_retranmission_queue(struct sctp_association * asoc)70 sctp_audit_retranmission_queue(struct sctp_association *asoc)
71 {
72 struct sctp_tmit_chunk *chk;
73
74 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
75 asoc->sent_queue_retran_cnt,
76 asoc->sent_queue_cnt);
77 asoc->sent_queue_retran_cnt = 0;
78 asoc->sent_queue_cnt = 0;
79 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
80 if (chk->sent == SCTP_DATAGRAM_RESEND) {
81 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
82 }
83 asoc->sent_queue_cnt++;
84 }
85 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
86 if (chk->sent == SCTP_DATAGRAM_RESEND) {
87 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
88 }
89 }
90 TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
91 if (chk->sent == SCTP_DATAGRAM_RESEND) {
92 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
93 }
94 }
95 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
96 asoc->sent_queue_retran_cnt,
97 asoc->sent_queue_cnt);
98 }
99
100 static int
sctp_threshold_management(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net,uint16_t threshold)101 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
102 struct sctp_nets *net, uint16_t threshold)
103 {
104 if (net) {
105 net->error_count++;
106 SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
107 (void *)net, net->error_count,
108 net->failure_threshold);
109 if (net->error_count > net->failure_threshold) {
110 /* We had a threshold failure */
111 if (net->dest_state & SCTP_ADDR_REACHABLE) {
112 net->dest_state &= ~SCTP_ADDR_REACHABLE;
113 net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
114 net->dest_state &= ~SCTP_ADDR_PF;
115 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
116 stcb, 0,
117 (void *)net, SCTP_SO_NOT_LOCKED);
118 }
119 } else if ((net->pf_threshold < net->failure_threshold) &&
120 (net->error_count > net->pf_threshold)) {
121 if (!(net->dest_state & SCTP_ADDR_PF)) {
122 net->dest_state |= SCTP_ADDR_PF;
123 net->last_active = sctp_get_tick_count();
124 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
125 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
126 inp, stcb, net,
127 SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
128 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
129 }
130 }
131 }
132 if (stcb == NULL)
133 return (0);
134
135 if (net) {
136 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
137 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
138 sctp_misc_ints(SCTP_THRESHOLD_INCR,
139 stcb->asoc.overall_error_count,
140 (stcb->asoc.overall_error_count+1),
141 SCTP_FROM_SCTP_TIMER,
142 __LINE__);
143 }
144 stcb->asoc.overall_error_count++;
145 }
146 } else {
147 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
148 sctp_misc_ints(SCTP_THRESHOLD_INCR,
149 stcb->asoc.overall_error_count,
150 (stcb->asoc.overall_error_count+1),
151 SCTP_FROM_SCTP_TIMER,
152 __LINE__);
153 }
154 stcb->asoc.overall_error_count++;
155 }
156 SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
157 (void *)&stcb->asoc, stcb->asoc.overall_error_count,
158 (uint32_t)threshold,
159 ((net == NULL) ? (uint32_t) 0 : (uint32_t) net->dest_state));
160 /*
161 * We specifically do not do >= to give the assoc one more change
162 * before we fail it.
163 */
164 if (stcb->asoc.overall_error_count > threshold) {
165 /* Abort notification sends a ULP notify */
166 struct mbuf *op_err;
167
168 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
169 "Association error counter exceeded");
170 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_2;
171 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
172 return (1);
173 }
174 return (0);
175 }
176
177 /*
178 * sctp_find_alternate_net() returns a non-NULL pointer as long
179 * the argument net is non-NULL.
180 */
181 struct sctp_nets *
sctp_find_alternate_net(struct sctp_tcb * stcb,struct sctp_nets * net,int mode)182 sctp_find_alternate_net(struct sctp_tcb *stcb,
183 struct sctp_nets *net,
184 int mode)
185 {
186 /* Find and return an alternate network if possible */
187 struct sctp_nets *alt, *mnet, *min_errors_net = NULL , *max_cwnd_net = NULL;
188 int once;
189 /* JRS 5/14/07 - Initialize min_errors to an impossible value. */
190 int min_errors = -1;
191 uint32_t max_cwnd = 0;
192
193 if (stcb->asoc.numnets == 1) {
194 /* No others but net */
195 return (TAILQ_FIRST(&stcb->asoc.nets));
196 }
197 /*
198 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate net algorithm.
199 * This algorithm chooses the active destination (not in PF state) with the largest
200 * cwnd value. If all destinations are in PF state, unreachable, or unconfirmed, choose
201 * the desination that is in PF state with the lowest error count. In case of a tie,
202 * choose the destination that was most recently active.
203 */
204 if (mode == 2) {
205 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
206 /* JRS 5/14/07 - If the destination is unreachable or unconfirmed, skip it. */
207 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
208 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
209 continue;
210 }
211 /*
212 * JRS 5/14/07 - If the destination is reachable but in PF state, compare
213 * the error count of the destination to the minimum error count seen thus far.
214 * Store the destination with the lower error count. If the error counts are
215 * equal, store the destination that was most recently active.
216 */
217 if (mnet->dest_state & SCTP_ADDR_PF) {
218 /*
219 * JRS 5/14/07 - If the destination under consideration is the current
220 * destination, work as if the error count is one higher. The
221 * actual error count will not be incremented until later in the
222 * t3 handler.
223 */
224 if (mnet == net) {
225 if (min_errors == -1) {
226 min_errors = mnet->error_count + 1;
227 min_errors_net = mnet;
228 } else if (mnet->error_count + 1 < min_errors) {
229 min_errors = mnet->error_count + 1;
230 min_errors_net = mnet;
231 } else if (mnet->error_count + 1 == min_errors
232 && mnet->last_active > min_errors_net->last_active) {
233 min_errors_net = mnet;
234 min_errors = mnet->error_count + 1;
235 }
236 continue;
237 } else {
238 if (min_errors == -1) {
239 min_errors = mnet->error_count;
240 min_errors_net = mnet;
241 } else if (mnet->error_count < min_errors) {
242 min_errors = mnet->error_count;
243 min_errors_net = mnet;
244 } else if (mnet->error_count == min_errors
245 && mnet->last_active > min_errors_net->last_active) {
246 min_errors_net = mnet;
247 min_errors = mnet->error_count;
248 }
249 continue;
250 }
251 }
252 /*
253 * JRS 5/14/07 - If the destination is reachable and not in PF state, compare the
254 * cwnd of the destination to the highest cwnd seen thus far. Store the
255 * destination with the higher cwnd value. If the cwnd values are equal,
256 * randomly choose one of the two destinations.
257 */
258 if (max_cwnd < mnet->cwnd) {
259 max_cwnd_net = mnet;
260 max_cwnd = mnet->cwnd;
261 } else if (max_cwnd == mnet->cwnd) {
262 uint32_t rndval;
263 uint8_t this_random;
264
265 if (stcb->asoc.hb_random_idx > 3) {
266 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
267 memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
268 this_random = stcb->asoc.hb_random_values[0];
269 stcb->asoc.hb_random_idx++;
270 stcb->asoc.hb_ect_randombit = 0;
271 } else {
272 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
273 stcb->asoc.hb_random_idx++;
274 stcb->asoc.hb_ect_randombit = 0;
275 }
276 if (this_random % 2 == 1) {
277 max_cwnd_net = mnet;
278 max_cwnd = mnet->cwnd; /* Useless? */
279 }
280 }
281 }
282 if (max_cwnd_net == NULL) {
283 if (min_errors_net == NULL) {
284 return (net);
285 }
286 return (min_errors_net);
287 } else {
288 return (max_cwnd_net);
289 }
290 } /* JRS 5/14/07 - If mode is set to 1, use the CMT policy for choosing an alternate net. */
291 else if (mode == 1) {
292 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
293 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
294 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
295 /*
296 * will skip ones that are not-reachable or
297 * unconfirmed
298 */
299 continue;
300 }
301 if (max_cwnd < mnet->cwnd) {
302 max_cwnd_net = mnet;
303 max_cwnd = mnet->cwnd;
304 } else if (max_cwnd == mnet->cwnd) {
305 uint32_t rndval;
306 uint8_t this_random;
307
308 if (stcb->asoc.hb_random_idx > 3) {
309 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
310 memcpy(stcb->asoc.hb_random_values, &rndval,
311 sizeof(stcb->asoc.hb_random_values));
312 this_random = stcb->asoc.hb_random_values[0];
313 stcb->asoc.hb_random_idx = 0;
314 stcb->asoc.hb_ect_randombit = 0;
315 } else {
316 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
317 stcb->asoc.hb_random_idx++;
318 stcb->asoc.hb_ect_randombit = 0;
319 }
320 if (this_random % 2) {
321 max_cwnd_net = mnet;
322 max_cwnd = mnet->cwnd;
323 }
324 }
325 }
326 if (max_cwnd_net) {
327 return (max_cwnd_net);
328 }
329 }
330 mnet = net;
331 once = 0;
332
333 if (mnet == NULL) {
334 mnet = TAILQ_FIRST(&stcb->asoc.nets);
335 if (mnet == NULL) {
336 return (NULL);
337 }
338 }
339 for (;;) {
340 alt = TAILQ_NEXT(mnet, sctp_next);
341 if (alt == NULL) {
342 once++;
343 if (once > 1) {
344 break;
345 }
346 alt = TAILQ_FIRST(&stcb->asoc.nets);
347 if (alt == NULL) {
348 return (NULL);
349 }
350 }
351 if (alt->ro.ro_rt == NULL) {
352 if (alt->ro._s_addr) {
353 sctp_free_ifa(alt->ro._s_addr);
354 alt->ro._s_addr = NULL;
355 }
356 alt->src_addr_selected = 0;
357 }
358 if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
359 (alt->ro.ro_rt != NULL) &&
360 (!(alt->dest_state & SCTP_ADDR_UNCONFIRMED))) {
361 /* Found a reachable address */
362 break;
363 }
364 mnet = alt;
365 }
366
367 if (alt == NULL) {
368 /* Case where NO insv network exists (dormant state) */
369 /* we rotate destinations */
370 once = 0;
371 mnet = net;
372 for (;;) {
373 if (mnet == NULL) {
374 return (TAILQ_FIRST(&stcb->asoc.nets));
375 }
376 alt = TAILQ_NEXT(mnet, sctp_next);
377 if (alt == NULL) {
378 once++;
379 if (once > 1) {
380 break;
381 }
382 alt = TAILQ_FIRST(&stcb->asoc.nets);
383 if (alt == NULL) {
384 break;
385 }
386 }
387 if ((!(alt->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
388 (alt != net)) {
389 /* Found an alternate address */
390 break;
391 }
392 mnet = alt;
393 }
394 }
395 if (alt == NULL) {
396 return (net);
397 }
398 return (alt);
399 }
400
401 static void
sctp_backoff_on_timeout(struct sctp_tcb * stcb,struct sctp_nets * net,int win_probe,int num_marked,int num_abandoned)402 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
403 struct sctp_nets *net,
404 int win_probe,
405 int num_marked, int num_abandoned)
406 {
407 if (net->RTO == 0) {
408 if (net->RTO_measured) {
409 net->RTO = stcb->asoc.minrto;
410 } else {
411 net->RTO = stcb->asoc.initial_rto;
412 }
413 }
414 net->RTO <<= 1;
415 if (net->RTO > stcb->asoc.maxrto) {
416 net->RTO = stcb->asoc.maxrto;
417 }
418 if ((win_probe == 0) && (num_marked || num_abandoned)) {
419 /* We don't apply penalty to window probe scenarios */
420 /* JRS - Use the congestion control given in the CC module */
421 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
422 }
423 }
424
425 #ifndef INVARIANTS
426 static void
sctp_recover_sent_list(struct sctp_tcb * stcb)427 sctp_recover_sent_list(struct sctp_tcb *stcb)
428 {
429 struct sctp_tmit_chunk *chk, *nchk;
430 struct sctp_association *asoc;
431
432 asoc = &stcb->asoc;
433 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
434 if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.tsn)) {
435 SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
436 (void *)chk, chk->rec.data.tsn, asoc->last_acked_seq);
437 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
438 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
439 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
440 }
441 }
442 if ((asoc->strmout[chk->rec.data.sid].chunks_on_queues == 0) &&
443 (asoc->strmout[chk->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
444 TAILQ_EMPTY(&asoc->strmout[chk->rec.data.sid].outqueue)) {
445 asoc->trigger_reset = 1;
446 }
447 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
448 if (PR_SCTP_ENABLED(chk->flags)) {
449 if (asoc->pr_sctp_cnt != 0)
450 asoc->pr_sctp_cnt--;
451 }
452 if (chk->data) {
453 /*sa_ignore NO_NULL_CHK*/
454 sctp_free_bufspace(stcb, asoc, chk, 1);
455 sctp_m_freem(chk->data);
456 chk->data = NULL;
457 if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(chk->flags)) {
458 asoc->sent_queue_cnt_removeable--;
459 }
460 }
461 asoc->sent_queue_cnt--;
462 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
463 }
464 }
465 SCTP_PRINTF("after recover order is as follows\n");
466 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
467 SCTP_PRINTF("chk:%p TSN:%x\n", (void *)chk, chk->rec.data.tsn);
468 }
469 }
470 #endif
471
472 static int
sctp_mark_all_for_resend(struct sctp_tcb * stcb,struct sctp_nets * net,struct sctp_nets * alt,int window_probe,int * num_marked,int * num_abandoned)473 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
474 struct sctp_nets *net,
475 struct sctp_nets *alt,
476 int window_probe,
477 int *num_marked,
478 int *num_abandoned)
479 {
480
481 /*
482 * Mark all chunks (well not all) that were sent to *net for
483 * retransmission. Move them to alt for there destination as well...
484 * We only mark chunks that have been outstanding long enough to
485 * have received feed-back.
486 */
487 struct sctp_tmit_chunk *chk, *nchk;
488 struct sctp_nets *lnets;
489 struct timeval now, min_wait, tv;
490 int cur_rto;
491 int cnt_abandoned;
492 int audit_tf, num_mk, fir;
493 unsigned int cnt_mk;
494 uint32_t orig_flight, orig_tf;
495 uint32_t tsnlast, tsnfirst;
496 int recovery_cnt = 0;
497
498
499 /* none in flight now */
500 audit_tf = 0;
501 fir = 0;
502 /*
503 * figure out how long a data chunk must be pending before we can
504 * mark it ..
505 */
506 (void)SCTP_GETTIME_TIMEVAL(&now);
507 /* get cur rto in micro-seconds */
508 cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
509 cur_rto *= 1000;
510 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
511 sctp_log_fr(cur_rto,
512 stcb->asoc.peers_rwnd,
513 window_probe,
514 SCTP_FR_T3_MARK_TIME);
515 sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
516 sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
517 }
518 tv.tv_sec = cur_rto / 1000000;
519 tv.tv_usec = cur_rto % 1000000;
520 #ifndef __FreeBSD__
521 timersub(&now, &tv, &min_wait);
522 #else
523 min_wait = now;
524 timevalsub(&min_wait, &tv);
525 #endif
526 if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
527 /*
528 * if we hit here, we don't have enough seconds on the clock
529 * to account for the RTO. We just let the lower seconds be
530 * the bounds and don't worry about it. This may mean we
531 * will mark a lot more than we should.
532 */
533 min_wait.tv_sec = min_wait.tv_usec = 0;
534 }
535 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
536 sctp_log_fr(cur_rto, now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
537 sctp_log_fr(0, min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
538 }
539 /*
540 * Our rwnd will be incorrect here since we are not adding back the
541 * cnt * mbuf but we will fix that down below.
542 */
543 orig_flight = net->flight_size;
544 orig_tf = stcb->asoc.total_flight;
545
546 net->fast_retran_ip = 0;
547 /* Now on to each chunk */
548 cnt_abandoned = 0;
549 num_mk = cnt_mk = 0;
550 tsnfirst = tsnlast = 0;
551 #ifndef INVARIANTS
552 start_again:
553 #endif
554 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
555 if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.tsn)) {
556 /* Strange case our list got out of order? */
557 SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x\n",
558 (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.tsn);
559 recovery_cnt++;
560 #ifdef INVARIANTS
561 panic("last acked >= chk on sent-Q");
562 #else
563 SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
564 sctp_recover_sent_list(stcb);
565 if (recovery_cnt < 10) {
566 goto start_again;
567 } else {
568 SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
569 }
570 #endif
571 }
572 if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
573 /*
574 * found one to mark: If it is less than
575 * DATAGRAM_ACKED it MUST not be a skipped or marked
576 * TSN but instead one that is either already set
577 * for retransmission OR one that needs
578 * retransmission.
579 */
580
581 /* validate its been outstanding long enough */
582 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
583 sctp_log_fr(chk->rec.data.tsn,
584 chk->sent_rcv_time.tv_sec,
585 chk->sent_rcv_time.tv_usec,
586 SCTP_FR_T3_MARK_TIME);
587 }
588 if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
589 /*
590 * we have reached a chunk that was sent
591 * some seconds past our min.. forget it we
592 * will find no more to send.
593 */
594 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
595 sctp_log_fr(0,
596 chk->sent_rcv_time.tv_sec,
597 chk->sent_rcv_time.tv_usec,
598 SCTP_FR_T3_STOPPED);
599 }
600 continue;
601 } else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
602 (window_probe == 0)) {
603 /*
604 * we must look at the micro seconds to
605 * know.
606 */
607 if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
608 /*
609 * ok it was sent after our boundary
610 * time.
611 */
612 continue;
613 }
614 }
615 if (stcb->asoc.prsctp_supported && PR_SCTP_TTL_ENABLED(chk->flags)) {
616 /* Is it expired? */
617 #ifndef __FreeBSD__
618 if (timercmp(&now, &chk->rec.data.timetodrop, >)) {
619 #else
620 if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
621 #endif
622 /* Yes so drop it */
623 if (chk->data) {
624 (void)sctp_release_pr_sctp_chunk(stcb,
625 chk,
626 1,
627 SCTP_SO_NOT_LOCKED);
628 cnt_abandoned++;
629 }
630 continue;
631 }
632 }
633 if (stcb->asoc.prsctp_supported && PR_SCTP_RTX_ENABLED(chk->flags)) {
634 /* Has it been retransmitted tv_sec times? */
635 if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
636 if (chk->data) {
637 (void)sctp_release_pr_sctp_chunk(stcb,
638 chk,
639 1,
640 SCTP_SO_NOT_LOCKED);
641 cnt_abandoned++;
642 }
643 continue;
644 }
645 }
646 if (chk->sent < SCTP_DATAGRAM_RESEND) {
647 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
648 num_mk++;
649 if (fir == 0) {
650 fir = 1;
651 tsnfirst = chk->rec.data.tsn;
652 }
653 tsnlast = chk->rec.data.tsn;
654 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
655 sctp_log_fr(chk->rec.data.tsn, chk->snd_count,
656 0, SCTP_FR_T3_MARKED);
657 }
658
659 if (chk->rec.data.chunk_was_revoked) {
660 /* deflate the cwnd */
661 chk->whoTo->cwnd -= chk->book_size;
662 chk->rec.data.chunk_was_revoked = 0;
663 }
664 net->marked_retrans++;
665 stcb->asoc.marked_retrans++;
666 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
667 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
668 chk->whoTo->flight_size,
669 chk->book_size,
670 (uint32_t)(uintptr_t)chk->whoTo,
671 chk->rec.data.tsn);
672 }
673 sctp_flight_size_decrease(chk);
674 sctp_total_flight_decrease(stcb, chk);
675 stcb->asoc.peers_rwnd += chk->send_size;
676 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
677 }
678 chk->sent = SCTP_DATAGRAM_RESEND;
679 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
680 SCTP_STAT_INCR(sctps_markedretrans);
681
682 /* reset the TSN for striking and other FR stuff */
683 chk->rec.data.doing_fast_retransmit = 0;
684 /* Clear any time so NO RTT is being done */
685
686 if (chk->do_rtt) {
687 if (chk->whoTo->rto_needed == 0) {
688 chk->whoTo->rto_needed = 1;
689 }
690 }
691 chk->do_rtt = 0;
692 if (alt != net) {
693 sctp_free_remote_addr(chk->whoTo);
694 chk->no_fr_allowed = 1;
695 chk->whoTo = alt;
696 atomic_add_int(&alt->ref_count, 1);
697 } else {
698 chk->no_fr_allowed = 0;
699 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
700 chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
701 } else {
702 chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn;
703 }
704 }
705 /* CMT: Do not allow FRs on retransmitted TSNs.
706 */
707 if (stcb->asoc.sctp_cmt_on_off > 0) {
708 chk->no_fr_allowed = 1;
709 }
710 #ifdef THIS_SHOULD_NOT_BE_DONE
711 } else if (chk->sent == SCTP_DATAGRAM_ACKED) {
712 /* remember highest acked one */
713 could_be_sent = chk;
714 #endif
715 }
716 if (chk->sent == SCTP_DATAGRAM_RESEND) {
717 cnt_mk++;
718 }
719 }
720 if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
721 /* we did not subtract the same things? */
722 audit_tf = 1;
723 }
724
725 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
726 sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
727 }
728 #ifdef SCTP_DEBUG
729 if (num_mk) {
730 SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
731 tsnlast);
732 SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%u\n",
733 num_mk,
734 stcb->asoc.peers_rwnd);
735 }
736 #endif
737 *num_marked = num_mk;
738 *num_abandoned = cnt_abandoned;
739 /* Now check for a ECN Echo that may be stranded And
740 * include the cnt_mk'd to have all resends in the
741 * control queue.
742 */
743 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
744 if (chk->sent == SCTP_DATAGRAM_RESEND) {
745 cnt_mk++;
746 }
747 if ((chk->whoTo == net) &&
748 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
749 sctp_free_remote_addr(chk->whoTo);
750 chk->whoTo = alt;
751 if (chk->sent != SCTP_DATAGRAM_RESEND) {
752 chk->sent = SCTP_DATAGRAM_RESEND;
753 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
754 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
755 cnt_mk++;
756 }
757 atomic_add_int(&alt->ref_count, 1);
758 }
759 }
760 #ifdef THIS_SHOULD_NOT_BE_DONE
761 if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
762 /* fix it so we retransmit the highest acked anyway */
763 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
764 cnt_mk++;
765 could_be_sent->sent = SCTP_DATAGRAM_RESEND;
766 }
767 #endif
768 if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
769 #ifdef INVARIANTS
770 SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
771 cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
772 #endif
773 #ifndef SCTP_AUDITING_ENABLED
774 stcb->asoc.sent_queue_retran_cnt = cnt_mk;
775 #endif
776 }
777 if (audit_tf) {
778 SCTPDBG(SCTP_DEBUG_TIMER4,
779 "Audit total flight due to negative value net:%p\n",
780 (void *)net);
781 stcb->asoc.total_flight = 0;
782 stcb->asoc.total_flight_count = 0;
783 /* Clear all networks flight size */
784 TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
785 lnets->flight_size = 0;
786 SCTPDBG(SCTP_DEBUG_TIMER4,
787 "Net:%p c-f cwnd:%d ssthresh:%d\n",
788 (void *)lnets, lnets->cwnd, lnets->ssthresh);
789 }
790 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
791 if (chk->sent < SCTP_DATAGRAM_RESEND) {
792 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
793 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
794 chk->whoTo->flight_size,
795 chk->book_size,
796 (uint32_t)(uintptr_t)chk->whoTo,
797 chk->rec.data.tsn);
798 }
799
800 sctp_flight_size_increase(chk);
801 sctp_total_flight_increase(stcb, chk);
802 }
803 }
804 }
805 /* We return 1 if we only have a window probe outstanding */
806 return (0);
807 }
808
809
810 int
811 sctp_t3rxt_timer(struct sctp_inpcb *inp,
812 struct sctp_tcb *stcb,
813 struct sctp_nets *net)
814 {
815 struct sctp_nets *alt;
816 int win_probe, num_mk, num_abandoned;
817
818 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
819 sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
820 }
821 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
822 struct sctp_nets *lnet;
823
824 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
825 if (net == lnet) {
826 sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
827 } else {
828 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
829 }
830 }
831 }
832 /* Find an alternate and mark those for retransmission */
833 if ((stcb->asoc.peers_rwnd == 0) &&
834 (stcb->asoc.total_flight < net->mtu)) {
835 SCTP_STAT_INCR(sctps_timowindowprobe);
836 win_probe = 1;
837 } else {
838 win_probe = 0;
839 }
840
841 if (win_probe == 0) {
842 /* We don't do normal threshold management on window probes */
843 if (sctp_threshold_management(inp, stcb, net,
844 stcb->asoc.max_send_times)) {
845 /* Association was destroyed */
846 return (1);
847 } else {
848 if (net != stcb->asoc.primary_destination) {
849 /* send a immediate HB if our RTO is stale */
850 struct timeval now;
851 unsigned int ms_goneby;
852
853 (void)SCTP_GETTIME_TIMEVAL(&now);
854 if (net->last_sent_time.tv_sec) {
855 ms_goneby = (now.tv_sec - net->last_sent_time.tv_sec) * 1000;
856 } else {
857 ms_goneby = 0;
858 }
859 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
860 if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
861 /*
862 * no recent feed back in an RTO or
863 * more, request a RTT update
864 */
865 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
866 }
867 }
868 }
869 }
870 } else {
871 /*
872 * For a window probe we don't penalize the net's but only
873 * the association. This may fail it if SACKs are not coming
874 * back. If sack's are coming with rwnd locked at 0, we will
875 * continue to hold things waiting for rwnd to raise
876 */
877 if (sctp_threshold_management(inp, stcb, NULL,
878 stcb->asoc.max_send_times)) {
879 /* Association was destroyed */
880 return (1);
881 }
882 }
883 if (stcb->asoc.sctp_cmt_on_off > 0) {
884 if (net->pf_threshold < net->failure_threshold) {
885 alt = sctp_find_alternate_net(stcb, net, 2);
886 } else {
887 /*
888 * CMT: Using RTX_SSTHRESH policy for CMT.
889 * If CMT is being used, then pick dest with
890 * largest ssthresh for any retransmission.
891 */
892 alt = sctp_find_alternate_net(stcb, net, 1);
893 /*
894 * CUCv2: If a different dest is picked for
895 * the retransmission, then new
896 * (rtx-)pseudo_cumack needs to be tracked
897 * for orig dest. Let CUCv2 track new (rtx-)
898 * pseudo-cumack always.
899 */
900 net->find_pseudo_cumack = 1;
901 net->find_rtx_pseudo_cumack = 1;
902 }
903 } else {
904 alt = sctp_find_alternate_net(stcb, net, 0);
905 }
906
907 num_mk = 0;
908 num_abandoned = 0;
909 (void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
910 &num_mk, &num_abandoned);
911 /* FR Loss recovery just ended with the T3. */
912 stcb->asoc.fast_retran_loss_recovery = 0;
913
914 /* CMT FR loss recovery ended with the T3 */
915 net->fast_retran_loss_recovery = 0;
916 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
917 (net->flight_size == 0)) {
918 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins)(stcb, net);
919 }
920
921 /*
922 * setup the sat loss recovery that prevents satellite cwnd advance.
923 */
924 stcb->asoc.sat_t3_loss_recovery = 1;
925 stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
926
927 /* Backoff the timer and cwnd */
928 sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
929 if ((!(net->dest_state & SCTP_ADDR_REACHABLE)) ||
930 (net->dest_state & SCTP_ADDR_PF)) {
931 /* Move all pending over too */
932 sctp_move_chunks_from_net(stcb, net);
933
934 /* Get the address that failed, to
935 * force a new src address selecton and
936 * a route allocation.
937 */
938 if (net->ro._s_addr) {
939 sctp_free_ifa(net->ro._s_addr);
940 net->ro._s_addr = NULL;
941 }
942 net->src_addr_selected = 0;
943
944 /* Force a route allocation too */
945 if (net->ro.ro_rt) {
946 RTFREE(net->ro.ro_rt);
947 net->ro.ro_rt = NULL;
948 }
949
950 /* Was it our primary? */
951 if ((stcb->asoc.primary_destination == net) && (alt != net)) {
952 /*
953 * Yes, note it as such and find an alternate note:
954 * this means HB code must use this to resent the
955 * primary if it goes active AND if someone does a
956 * change-primary then this flag must be cleared
957 * from any net structures.
958 */
959 if (stcb->asoc.alternate) {
960 sctp_free_remote_addr(stcb->asoc.alternate);
961 }
962 stcb->asoc.alternate = alt;
963 atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
964 }
965 }
966 /*
967 * Special case for cookie-echo'ed case, we don't do output but must
968 * await the COOKIE-ACK before retransmission
969 */
970 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
971 /*
972 * Here we just reset the timer and start again since we
973 * have not established the asoc
974 */
975 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
976 return (0);
977 }
978 if (stcb->asoc.prsctp_supported) {
979 struct sctp_tmit_chunk *lchk;
980
981 lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
982 /* C3. See if we need to send a Fwd-TSN */
983 if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
984 send_forward_tsn(stcb, &stcb->asoc);
985 if (lchk) {
986 /* Assure a timer is up */
987 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
988 }
989 }
990 }
991 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
992 sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
993 }
994 return (0);
995 }
996
997 int
998 sctp_t1init_timer(struct sctp_inpcb *inp,
999 struct sctp_tcb *stcb,
1000 struct sctp_nets *net)
1001 {
1002 /* bump the thresholds */
1003 if (stcb->asoc.delayed_connection) {
1004 /*
1005 * special hook for delayed connection. The library did NOT
1006 * complete the rest of its sends.
1007 */
1008 stcb->asoc.delayed_connection = 0;
1009 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1010 return (0);
1011 }
1012 if (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT) {
1013 return (0);
1014 }
1015 if (sctp_threshold_management(inp, stcb, net,
1016 stcb->asoc.max_init_times)) {
1017 /* Association was destroyed */
1018 return (1);
1019 }
1020 stcb->asoc.dropped_special_cnt = 0;
1021 sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1022 if (stcb->asoc.initial_init_rto_max < net->RTO) {
1023 net->RTO = stcb->asoc.initial_init_rto_max;
1024 }
1025 if (stcb->asoc.numnets > 1) {
1026 /* If we have more than one addr use it */
1027 struct sctp_nets *alt;
1028
1029 alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1030 if (alt != stcb->asoc.primary_destination) {
1031 sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1032 stcb->asoc.primary_destination = alt;
1033 }
1034 }
1035 /* Send out a new init */
1036 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1037 return (0);
1038 }
1039
1040 /*
1041 * For cookie and asconf we actually need to find and mark for resend, then
1042 * increment the resend counter (after all the threshold management stuff of
1043 * course).
1044 */
1045 int
1046 sctp_cookie_timer(struct sctp_inpcb *inp,
1047 struct sctp_tcb *stcb,
1048 struct sctp_nets *net SCTP_UNUSED)
1049 {
1050 struct sctp_nets *alt;
1051 struct sctp_tmit_chunk *cookie;
1052
1053 /* first before all else we must find the cookie */
1054 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1055 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1056 break;
1057 }
1058 }
1059 if (cookie == NULL) {
1060 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
1061 /* FOOBAR! */
1062 struct mbuf *op_err;
1063
1064 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
1065 "Cookie timer expired, but no cookie");
1066 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_3;
1067 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
1068 } else {
1069 #ifdef INVARIANTS
1070 panic("Cookie timer expires in wrong state?");
1071 #else
1072 SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(stcb));
1073 return (0);
1074 #endif
1075 }
1076 return (0);
1077 }
1078 /* Ok we found the cookie, threshold management next */
1079 if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1080 stcb->asoc.max_init_times)) {
1081 /* Assoc is over */
1082 return (1);
1083 }
1084 /*
1085 * Cleared threshold management, now lets backoff the address
1086 * and select an alternate
1087 */
1088 stcb->asoc.dropped_special_cnt = 0;
1089 sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1090 alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1091 if (alt != cookie->whoTo) {
1092 sctp_free_remote_addr(cookie->whoTo);
1093 cookie->whoTo = alt;
1094 atomic_add_int(&alt->ref_count, 1);
1095 }
1096 /* Now mark the retran info */
1097 if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1098 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1099 }
1100 cookie->sent = SCTP_DATAGRAM_RESEND;
1101 cookie->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1102 /*
1103 * Now call the output routine to kick out the cookie again, Note we
1104 * don't mark any chunks for retran so that FR will need to kick in
1105 * to move these (or a send timer).
1106 */
1107 return (0);
1108 }
1109
1110 int
1111 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1112 struct sctp_nets *net)
1113 {
1114 struct sctp_nets *alt;
1115 struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1116
1117 if (stcb->asoc.stream_reset_outstanding == 0) {
1118 return (0);
1119 }
1120 /* find the existing STRRESET, we use the seq number we sent out on */
1121 (void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1122 if (strrst == NULL) {
1123 return (0);
1124 }
1125 /* do threshold management */
1126 if (sctp_threshold_management(inp, stcb, strrst->whoTo,
1127 stcb->asoc.max_send_times)) {
1128 /* Assoc is over */
1129 return (1);
1130 }
1131 /*
1132 * Cleared threshold management, now lets backoff the address
1133 * and select an alternate
1134 */
1135 sctp_backoff_on_timeout(stcb, strrst->whoTo, 1, 0, 0);
1136 alt = sctp_find_alternate_net(stcb, strrst->whoTo, 0);
1137 sctp_free_remote_addr(strrst->whoTo);
1138 strrst->whoTo = alt;
1139 atomic_add_int(&alt->ref_count, 1);
1140
1141 /* See if a ECN Echo is also stranded */
1142 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1143 if ((chk->whoTo == net) &&
1144 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1145 sctp_free_remote_addr(chk->whoTo);
1146 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1147 chk->sent = SCTP_DATAGRAM_RESEND;
1148 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1149 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1150 }
1151 chk->whoTo = alt;
1152 atomic_add_int(&alt->ref_count, 1);
1153 }
1154 }
1155 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1156 /*
1157 * If the address went un-reachable, we need to move to
1158 * alternates for ALL chk's in queue
1159 */
1160 sctp_move_chunks_from_net(stcb, net);
1161 }
1162 /* mark the retran info */
1163 if (strrst->sent != SCTP_DATAGRAM_RESEND)
1164 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1165 strrst->sent = SCTP_DATAGRAM_RESEND;
1166 strrst->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1167
1168 /* restart the timer */
1169 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, strrst->whoTo);
1170 return (0);
1171 }
1172
1173 int
1174 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1175 struct sctp_nets *net)
1176 {
1177 struct sctp_nets *alt;
1178 struct sctp_tmit_chunk *asconf, *chk;
1179
1180 /* is this a first send, or a retransmission? */
1181 if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1182 /* compose a new ASCONF chunk and send it */
1183 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1184 } else {
1185 /*
1186 * Retransmission of the existing ASCONF is needed
1187 */
1188
1189 /* find the existing ASCONF */
1190 asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1191 if (asconf == NULL) {
1192 return (0);
1193 }
1194 /* do threshold management */
1195 if (sctp_threshold_management(inp, stcb, asconf->whoTo,
1196 stcb->asoc.max_send_times)) {
1197 /* Assoc is over */
1198 return (1);
1199 }
1200 if (asconf->snd_count > stcb->asoc.max_send_times) {
1201 /*
1202 * Something is rotten: our peer is not responding to
1203 * ASCONFs but apparently is to other chunks. i.e. it
1204 * is not properly handling the chunk type upper bits.
1205 * Mark this peer as ASCONF incapable and cleanup.
1206 */
1207 SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1208 sctp_asconf_cleanup(stcb, net);
1209 return (0);
1210 }
1211 /*
1212 * cleared threshold management, so now backoff the net and
1213 * select an alternate
1214 */
1215 sctp_backoff_on_timeout(stcb, asconf->whoTo, 1, 0, 0);
1216 alt = sctp_find_alternate_net(stcb, asconf->whoTo, 0);
1217 if (asconf->whoTo != alt) {
1218 sctp_free_remote_addr(asconf->whoTo);
1219 asconf->whoTo = alt;
1220 atomic_add_int(&alt->ref_count, 1);
1221 }
1222
1223 /* See if an ECN Echo is also stranded */
1224 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1225 if ((chk->whoTo == net) &&
1226 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1227 sctp_free_remote_addr(chk->whoTo);
1228 chk->whoTo = alt;
1229 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1230 chk->sent = SCTP_DATAGRAM_RESEND;
1231 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1232 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1233 }
1234 atomic_add_int(&alt->ref_count, 1);
1235 }
1236 }
1237 TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1238 if (chk->whoTo != alt) {
1239 sctp_free_remote_addr(chk->whoTo);
1240 chk->whoTo = alt;
1241 atomic_add_int(&alt->ref_count, 1);
1242 }
1243 if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1244 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1245 chk->sent = SCTP_DATAGRAM_RESEND;
1246 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1247 }
1248 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1249 /*
1250 * If the address went un-reachable, we need to move
1251 * to the alternate for ALL chunks in queue
1252 */
1253 sctp_move_chunks_from_net(stcb, net);
1254 }
1255 /* mark the retran info */
1256 if (asconf->sent != SCTP_DATAGRAM_RESEND)
1257 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1258 asconf->sent = SCTP_DATAGRAM_RESEND;
1259 asconf->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1260
1261 /* send another ASCONF if any and we can do */
1262 sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1263 }
1264 return (0);
1265 }
1266
1267 /* Mobility adaptation */
1268 void
1269 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1270 struct sctp_nets *net SCTP_UNUSED)
1271 {
1272 if (stcb->asoc.deleted_primary == NULL) {
1273 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1274 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1275 return;
1276 }
1277 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1278 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1279 sctp_free_remote_addr(stcb->asoc.deleted_primary);
1280 stcb->asoc.deleted_primary = NULL;
1281 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1282 return;
1283 }
1284
1285 /*
1286 * For the shutdown and shutdown-ack, we do not keep one around on the
1287 * control queue. This means we must generate a new one and call the general
1288 * chunk output routine, AFTER having done threshold management.
1289 * It is assumed that net is non-NULL.
1290 */
1291 int
1292 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1293 struct sctp_nets *net)
1294 {
1295 struct sctp_nets *alt;
1296
1297 /* first threshold management */
1298 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1299 /* Assoc is over */
1300 return (1);
1301 }
1302 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1303 /* second select an alternative */
1304 alt = sctp_find_alternate_net(stcb, net, 0);
1305
1306 /* third generate a shutdown into the queue for out net */
1307 sctp_send_shutdown(stcb, alt);
1308
1309 /* fourth restart timer */
1310 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1311 return (0);
1312 }
1313
1314 int
1315 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1316 struct sctp_nets *net)
1317 {
1318 struct sctp_nets *alt;
1319
1320 /* first threshold management */
1321 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1322 /* Assoc is over */
1323 return (1);
1324 }
1325 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1326 /* second select an alternative */
1327 alt = sctp_find_alternate_net(stcb, net, 0);
1328
1329 /* third generate a shutdown into the queue for out net */
1330 sctp_send_shutdown_ack(stcb, alt);
1331
1332 /* fourth restart timer */
1333 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1334 return (0);
1335 }
1336
1337 static void
1338 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp,
1339 struct sctp_tcb *stcb)
1340 {
1341 struct sctp_stream_queue_pending *sp;
1342 unsigned int i, chks_in_queue = 0;
1343 int being_filled = 0;
1344 /*
1345 * This function is ONLY called when the send/sent queues are empty.
1346 */
1347 if ((stcb == NULL) || (inp == NULL))
1348 return;
1349
1350 if (stcb->asoc.sent_queue_retran_cnt) {
1351 SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1352 stcb->asoc.sent_queue_retran_cnt);
1353 stcb->asoc.sent_queue_retran_cnt = 0;
1354 }
1355 if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1356 /* No stream scheduler information, initialize scheduler */
1357 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc, 0);
1358 if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1359 /* yep, we lost a stream or two */
1360 SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1361 } else {
1362 /* no streams lost */
1363 stcb->asoc.total_output_queue_size = 0;
1364 }
1365 }
1366 /* Check to see if some data queued, if so report it */
1367 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1368 if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1369 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1370 if (sp->msg_is_complete)
1371 being_filled++;
1372 chks_in_queue++;
1373 }
1374 }
1375 }
1376 if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1377 SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1378 stcb->asoc.stream_queue_cnt, chks_in_queue);
1379 }
1380 if (chks_in_queue) {
1381 /* call the output queue function */
1382 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1383 if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1384 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1385 /*
1386 * Probably should go in and make it go back through
1387 * and add fragments allowed
1388 */
1389 if (being_filled == 0) {
1390 SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1391 chks_in_queue);
1392 }
1393 }
1394 } else {
1395 SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1396 (u_long)stcb->asoc.total_output_queue_size);
1397 stcb->asoc.total_output_queue_size = 0;
1398 }
1399 }
1400
1401 int
1402 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1403 struct sctp_nets *net)
1404 {
1405 uint8_t net_was_pf;
1406
1407 if (net->dest_state & SCTP_ADDR_PF) {
1408 net_was_pf = 1;
1409 } else {
1410 net_was_pf = 0;
1411 }
1412 if (net->hb_responded == 0) {
1413 if (net->ro._s_addr) {
1414 /* Invalidate the src address if we did not get
1415 * a response last time.
1416 */
1417 sctp_free_ifa(net->ro._s_addr);
1418 net->ro._s_addr = NULL;
1419 net->src_addr_selected = 0;
1420 }
1421 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1422 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1423 /* Assoc is over */
1424 return (1);
1425 }
1426 }
1427 /* Zero PBA, if it needs it */
1428 if (net->partial_bytes_acked) {
1429 net->partial_bytes_acked = 0;
1430 }
1431 if ((stcb->asoc.total_output_queue_size > 0) &&
1432 (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1433 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1434 sctp_audit_stream_queues_for_size(inp, stcb);
1435 }
1436 if (!(net->dest_state & SCTP_ADDR_NOHB) &&
1437 !((net_was_pf == 0) && (net->dest_state & SCTP_ADDR_PF))) {
1438 /* when move to PF during threshold mangement, a HB has been
1439 queued in that routine */
1440 uint32_t ms_gone_by;
1441
1442 if ((net->last_sent_time.tv_sec > 0) ||
1443 (net->last_sent_time.tv_usec > 0)) {
1444 #ifdef __FreeBSD__
1445 struct timeval diff;
1446
1447 SCTP_GETTIME_TIMEVAL(&diff);
1448 timevalsub(&diff, &net->last_sent_time);
1449 #else
1450 struct timeval diff, now;
1451
1452 SCTP_GETTIME_TIMEVAL(&now);
1453 timersub(&now, &net->last_sent_time, &diff);
1454 #endif
1455 ms_gone_by = (uint32_t)(diff.tv_sec * 1000) +
1456 (uint32_t)(diff.tv_usec / 1000);
1457 } else {
1458 ms_gone_by = 0xffffffff;
1459 }
1460 if ((ms_gone_by >= net->heart_beat_delay) ||
1461 (net->dest_state & SCTP_ADDR_PF)) {
1462 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1463 }
1464 }
1465 return (0);
1466 }
1467
1468 void
1469 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1470 struct sctp_tcb *stcb,
1471 struct sctp_nets *net)
1472 {
1473 uint32_t next_mtu, mtu;
1474
1475 next_mtu = sctp_get_next_mtu(net->mtu);
1476
1477 if ((next_mtu > net->mtu) && (net->port == 0)) {
1478 if ((net->src_addr_selected == 0) ||
1479 (net->ro._s_addr == NULL) ||
1480 (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1481 if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1482 sctp_free_ifa(net->ro._s_addr);
1483 net->ro._s_addr = NULL;
1484 net->src_addr_selected = 0;
1485 } else if (net->ro._s_addr == NULL) {
1486 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1487 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1488 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1489 /* KAME hack: embed scopeid */
1490 #if defined(__APPLE__)
1491 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
1492 (void)in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL);
1493 #else
1494 (void)in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL);
1495 #endif
1496 #elif defined(SCTP_KAME)
1497 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1498 #else
1499 (void)in6_embedscope(&sin6->sin6_addr, sin6);
1500 #endif
1501 }
1502 #endif
1503
1504 net->ro._s_addr = sctp_source_address_selection(inp,
1505 stcb,
1506 (sctp_route_t *)&net->ro,
1507 net, 0, stcb->asoc.vrf_id);
1508 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1509 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1510 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1511 #ifdef SCTP_KAME
1512 (void)sa6_recoverscope(sin6);
1513 #else
1514 (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
1515 #endif /* SCTP_KAME */
1516 }
1517 #endif /* INET6 */
1518 }
1519 if (net->ro._s_addr)
1520 net->src_addr_selected = 1;
1521 }
1522 if (net->ro._s_addr) {
1523 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_rt);
1524 #if defined(INET) || defined(INET6)
1525 if (net->port) {
1526 mtu -= sizeof(struct udphdr);
1527 }
1528 #endif
1529 if (mtu > next_mtu) {
1530 net->mtu = next_mtu;
1531 } else {
1532 net->mtu = mtu;
1533 }
1534 }
1535 }
1536 /* restart the timer */
1537 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1538 }
1539
1540 void
1541 sctp_autoclose_timer(struct sctp_inpcb *inp,
1542 struct sctp_tcb *stcb,
1543 struct sctp_nets *net)
1544 {
1545 struct timeval tn, *tim_touse;
1546 struct sctp_association *asoc;
1547 int ticks_gone_by;
1548
1549 (void)SCTP_GETTIME_TIMEVAL(&tn);
1550 if (stcb->asoc.sctp_autoclose_ticks &&
1551 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1552 /* Auto close is on */
1553 asoc = &stcb->asoc;
1554 /* pick the time to use */
1555 if (asoc->time_last_rcvd.tv_sec >
1556 asoc->time_last_sent.tv_sec) {
1557 tim_touse = &asoc->time_last_rcvd;
1558 } else {
1559 tim_touse = &asoc->time_last_sent;
1560 }
1561 /* Now has long enough transpired to autoclose? */
1562 ticks_gone_by = SEC_TO_TICKS(tn.tv_sec - tim_touse->tv_sec);
1563 if ((ticks_gone_by > 0) &&
1564 (ticks_gone_by >= (int)asoc->sctp_autoclose_ticks)) {
1565 /*
1566 * autoclose time has hit, call the output routine,
1567 * which should do nothing just to be SURE we don't
1568 * have hanging data. We can then safely check the
1569 * queues and know that we are clear to send
1570 * shutdown
1571 */
1572 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1573 /* Are we clean? */
1574 if (TAILQ_EMPTY(&asoc->send_queue) &&
1575 TAILQ_EMPTY(&asoc->sent_queue)) {
1576 /*
1577 * there is nothing queued to send, so I'm
1578 * done...
1579 */
1580 if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) {
1581 /* only send SHUTDOWN 1st time thru */
1582 struct sctp_nets *netp;
1583
1584 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
1585 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1586 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1587 }
1588 SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
1589 sctp_stop_timers_for_shutdown(stcb);
1590 if (stcb->asoc.alternate) {
1591 netp = stcb->asoc.alternate;
1592 } else {
1593 netp = stcb->asoc.primary_destination;
1594 }
1595 sctp_send_shutdown(stcb, netp);
1596 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1597 stcb->sctp_ep, stcb,
1598 netp);
1599 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1600 stcb->sctp_ep, stcb,
1601 netp);
1602 }
1603 }
1604 } else {
1605 /*
1606 * No auto close at this time, reset t-o to check
1607 * later
1608 */
1609 int tmp;
1610
1611 /* fool the timer startup to use the time left */
1612 tmp = asoc->sctp_autoclose_ticks;
1613 asoc->sctp_autoclose_ticks -= ticks_gone_by;
1614 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1615 net);
1616 /* restore the real tick value */
1617 asoc->sctp_autoclose_ticks = tmp;
1618 }
1619 }
1620 }
1621
1622