1 /*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2011, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2011, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * a) Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * b) Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the distribution. 15 * 16 * c) Neither the name of Cisco Systems, Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* $KAME: sctp_output.c,v 1.46 2005/03/06 16:04:17 itojun Exp $ */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <sys/proc.h> 40 #include <netinet/sctp_var.h> 41 #include <netinet/sctp_sysctl.h> 42 #include <netinet/sctp_header.h> 43 #include <netinet/sctp_pcb.h> 44 #include <netinet/sctputil.h> 45 #include <netinet/sctp_output.h> 46 #include <netinet/sctp_uio.h> 47 #include <netinet/sctputil.h> 48 #include <netinet/sctp_auth.h> 49 #include <netinet/sctp_timer.h> 50 #include <netinet/sctp_asconf.h> 51 #include <netinet/sctp_indata.h> 52 #include <netinet/sctp_bsd_addr.h> 53 #include <netinet/sctp_input.h> 54 #include <netinet/sctp_crc32.h> 55 #include <netinet/udp.h> 56 #include <machine/in_cksum.h> 57 58 59 60 #define SCTP_MAX_GAPS_INARRAY 4 61 struct sack_track { 62 uint8_t right_edge; /* mergable on the right edge */ 63 uint8_t left_edge; /* mergable on the left edge */ 64 uint8_t num_entries; 65 uint8_t spare; 66 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY]; 67 }; 68 69 struct sack_track sack_array[256] = { 70 {0, 0, 0, 0, /* 0x00 */ 71 {{0, 0}, 72 {0, 0}, 73 {0, 0}, 74 {0, 0} 75 } 76 }, 77 {1, 0, 1, 0, /* 0x01 */ 78 {{0, 0}, 79 {0, 0}, 80 {0, 0}, 81 {0, 0} 82 } 83 }, 84 {0, 0, 1, 0, /* 0x02 */ 85 {{1, 1}, 86 {0, 0}, 87 {0, 0}, 88 {0, 0} 89 } 90 }, 91 {1, 0, 1, 0, /* 0x03 */ 92 {{0, 1}, 93 {0, 0}, 94 {0, 0}, 95 {0, 0} 96 } 97 }, 98 {0, 0, 1, 0, /* 0x04 */ 99 {{2, 2}, 100 {0, 0}, 101 {0, 0}, 102 {0, 0} 103 } 104 }, 105 {1, 0, 2, 0, /* 0x05 */ 106 {{0, 0}, 107 {2, 2}, 108 {0, 0}, 109 {0, 0} 110 } 111 }, 112 {0, 0, 1, 0, /* 0x06 */ 113 {{1, 2}, 114 {0, 0}, 115 {0, 0}, 116 {0, 0} 117 } 118 }, 119 {1, 0, 1, 0, /* 0x07 */ 120 {{0, 2}, 121 {0, 0}, 122 {0, 0}, 123 {0, 0} 124 } 125 }, 126 {0, 0, 1, 0, /* 0x08 */ 127 {{3, 3}, 128 {0, 0}, 129 {0, 0}, 130 {0, 0} 131 } 132 }, 133 {1, 0, 2, 0, /* 0x09 */ 134 {{0, 0}, 135 {3, 3}, 136 {0, 0}, 137 {0, 0} 138 } 139 }, 140 {0, 0, 2, 0, /* 0x0a */ 141 {{1, 1}, 142 {3, 3}, 143 {0, 0}, 144 {0, 0} 145 } 146 }, 147 {1, 0, 2, 0, /* 0x0b */ 148 {{0, 1}, 149 {3, 3}, 150 {0, 0}, 151 {0, 0} 152 } 153 }, 154 {0, 0, 1, 0, /* 0x0c */ 155 {{2, 3}, 156 {0, 0}, 157 {0, 0}, 158 {0, 0} 159 } 160 }, 161 {1, 0, 2, 0, /* 0x0d */ 162 {{0, 0}, 163 {2, 3}, 164 {0, 0}, 165 {0, 0} 166 } 167 }, 168 {0, 0, 1, 0, /* 0x0e */ 169 {{1, 3}, 170 {0, 0}, 171 {0, 0}, 172 {0, 0} 173 } 174 }, 175 {1, 0, 1, 0, /* 0x0f */ 176 {{0, 3}, 177 {0, 0}, 178 {0, 0}, 179 {0, 0} 180 } 181 }, 182 {0, 0, 1, 0, /* 0x10 */ 183 {{4, 4}, 184 {0, 0}, 185 {0, 0}, 186 {0, 0} 187 } 188 }, 189 {1, 0, 2, 0, /* 0x11 */ 190 {{0, 0}, 191 {4, 4}, 192 {0, 0}, 193 {0, 0} 194 } 195 }, 196 {0, 0, 2, 0, /* 0x12 */ 197 {{1, 1}, 198 {4, 4}, 199 {0, 0}, 200 {0, 0} 201 } 202 }, 203 {1, 0, 2, 0, /* 0x13 */ 204 {{0, 1}, 205 {4, 4}, 206 {0, 0}, 207 {0, 0} 208 } 209 }, 210 {0, 0, 2, 0, /* 0x14 */ 211 {{2, 2}, 212 {4, 4}, 213 {0, 0}, 214 {0, 0} 215 } 216 }, 217 {1, 0, 3, 0, /* 0x15 */ 218 {{0, 0}, 219 {2, 2}, 220 {4, 4}, 221 {0, 0} 222 } 223 }, 224 {0, 0, 2, 0, /* 0x16 */ 225 {{1, 2}, 226 {4, 4}, 227 {0, 0}, 228 {0, 0} 229 } 230 }, 231 {1, 0, 2, 0, /* 0x17 */ 232 {{0, 2}, 233 {4, 4}, 234 {0, 0}, 235 {0, 0} 236 } 237 }, 238 {0, 0, 1, 0, /* 0x18 */ 239 {{3, 4}, 240 {0, 0}, 241 {0, 0}, 242 {0, 0} 243 } 244 }, 245 {1, 0, 2, 0, /* 0x19 */ 246 {{0, 0}, 247 {3, 4}, 248 {0, 0}, 249 {0, 0} 250 } 251 }, 252 {0, 0, 2, 0, /* 0x1a */ 253 {{1, 1}, 254 {3, 4}, 255 {0, 0}, 256 {0, 0} 257 } 258 }, 259 {1, 0, 2, 0, /* 0x1b */ 260 {{0, 1}, 261 {3, 4}, 262 {0, 0}, 263 {0, 0} 264 } 265 }, 266 {0, 0, 1, 0, /* 0x1c */ 267 {{2, 4}, 268 {0, 0}, 269 {0, 0}, 270 {0, 0} 271 } 272 }, 273 {1, 0, 2, 0, /* 0x1d */ 274 {{0, 0}, 275 {2, 4}, 276 {0, 0}, 277 {0, 0} 278 } 279 }, 280 {0, 0, 1, 0, /* 0x1e */ 281 {{1, 4}, 282 {0, 0}, 283 {0, 0}, 284 {0, 0} 285 } 286 }, 287 {1, 0, 1, 0, /* 0x1f */ 288 {{0, 4}, 289 {0, 0}, 290 {0, 0}, 291 {0, 0} 292 } 293 }, 294 {0, 0, 1, 0, /* 0x20 */ 295 {{5, 5}, 296 {0, 0}, 297 {0, 0}, 298 {0, 0} 299 } 300 }, 301 {1, 0, 2, 0, /* 0x21 */ 302 {{0, 0}, 303 {5, 5}, 304 {0, 0}, 305 {0, 0} 306 } 307 }, 308 {0, 0, 2, 0, /* 0x22 */ 309 {{1, 1}, 310 {5, 5}, 311 {0, 0}, 312 {0, 0} 313 } 314 }, 315 {1, 0, 2, 0, /* 0x23 */ 316 {{0, 1}, 317 {5, 5}, 318 {0, 0}, 319 {0, 0} 320 } 321 }, 322 {0, 0, 2, 0, /* 0x24 */ 323 {{2, 2}, 324 {5, 5}, 325 {0, 0}, 326 {0, 0} 327 } 328 }, 329 {1, 0, 3, 0, /* 0x25 */ 330 {{0, 0}, 331 {2, 2}, 332 {5, 5}, 333 {0, 0} 334 } 335 }, 336 {0, 0, 2, 0, /* 0x26 */ 337 {{1, 2}, 338 {5, 5}, 339 {0, 0}, 340 {0, 0} 341 } 342 }, 343 {1, 0, 2, 0, /* 0x27 */ 344 {{0, 2}, 345 {5, 5}, 346 {0, 0}, 347 {0, 0} 348 } 349 }, 350 {0, 0, 2, 0, /* 0x28 */ 351 {{3, 3}, 352 {5, 5}, 353 {0, 0}, 354 {0, 0} 355 } 356 }, 357 {1, 0, 3, 0, /* 0x29 */ 358 {{0, 0}, 359 {3, 3}, 360 {5, 5}, 361 {0, 0} 362 } 363 }, 364 {0, 0, 3, 0, /* 0x2a */ 365 {{1, 1}, 366 {3, 3}, 367 {5, 5}, 368 {0, 0} 369 } 370 }, 371 {1, 0, 3, 0, /* 0x2b */ 372 {{0, 1}, 373 {3, 3}, 374 {5, 5}, 375 {0, 0} 376 } 377 }, 378 {0, 0, 2, 0, /* 0x2c */ 379 {{2, 3}, 380 {5, 5}, 381 {0, 0}, 382 {0, 0} 383 } 384 }, 385 {1, 0, 3, 0, /* 0x2d */ 386 {{0, 0}, 387 {2, 3}, 388 {5, 5}, 389 {0, 0} 390 } 391 }, 392 {0, 0, 2, 0, /* 0x2e */ 393 {{1, 3}, 394 {5, 5}, 395 {0, 0}, 396 {0, 0} 397 } 398 }, 399 {1, 0, 2, 0, /* 0x2f */ 400 {{0, 3}, 401 {5, 5}, 402 {0, 0}, 403 {0, 0} 404 } 405 }, 406 {0, 0, 1, 0, /* 0x30 */ 407 {{4, 5}, 408 {0, 0}, 409 {0, 0}, 410 {0, 0} 411 } 412 }, 413 {1, 0, 2, 0, /* 0x31 */ 414 {{0, 0}, 415 {4, 5}, 416 {0, 0}, 417 {0, 0} 418 } 419 }, 420 {0, 0, 2, 0, /* 0x32 */ 421 {{1, 1}, 422 {4, 5}, 423 {0, 0}, 424 {0, 0} 425 } 426 }, 427 {1, 0, 2, 0, /* 0x33 */ 428 {{0, 1}, 429 {4, 5}, 430 {0, 0}, 431 {0, 0} 432 } 433 }, 434 {0, 0, 2, 0, /* 0x34 */ 435 {{2, 2}, 436 {4, 5}, 437 {0, 0}, 438 {0, 0} 439 } 440 }, 441 {1, 0, 3, 0, /* 0x35 */ 442 {{0, 0}, 443 {2, 2}, 444 {4, 5}, 445 {0, 0} 446 } 447 }, 448 {0, 0, 2, 0, /* 0x36 */ 449 {{1, 2}, 450 {4, 5}, 451 {0, 0}, 452 {0, 0} 453 } 454 }, 455 {1, 0, 2, 0, /* 0x37 */ 456 {{0, 2}, 457 {4, 5}, 458 {0, 0}, 459 {0, 0} 460 } 461 }, 462 {0, 0, 1, 0, /* 0x38 */ 463 {{3, 5}, 464 {0, 0}, 465 {0, 0}, 466 {0, 0} 467 } 468 }, 469 {1, 0, 2, 0, /* 0x39 */ 470 {{0, 0}, 471 {3, 5}, 472 {0, 0}, 473 {0, 0} 474 } 475 }, 476 {0, 0, 2, 0, /* 0x3a */ 477 {{1, 1}, 478 {3, 5}, 479 {0, 0}, 480 {0, 0} 481 } 482 }, 483 {1, 0, 2, 0, /* 0x3b */ 484 {{0, 1}, 485 {3, 5}, 486 {0, 0}, 487 {0, 0} 488 } 489 }, 490 {0, 0, 1, 0, /* 0x3c */ 491 {{2, 5}, 492 {0, 0}, 493 {0, 0}, 494 {0, 0} 495 } 496 }, 497 {1, 0, 2, 0, /* 0x3d */ 498 {{0, 0}, 499 {2, 5}, 500 {0, 0}, 501 {0, 0} 502 } 503 }, 504 {0, 0, 1, 0, /* 0x3e */ 505 {{1, 5}, 506 {0, 0}, 507 {0, 0}, 508 {0, 0} 509 } 510 }, 511 {1, 0, 1, 0, /* 0x3f */ 512 {{0, 5}, 513 {0, 0}, 514 {0, 0}, 515 {0, 0} 516 } 517 }, 518 {0, 0, 1, 0, /* 0x40 */ 519 {{6, 6}, 520 {0, 0}, 521 {0, 0}, 522 {0, 0} 523 } 524 }, 525 {1, 0, 2, 0, /* 0x41 */ 526 {{0, 0}, 527 {6, 6}, 528 {0, 0}, 529 {0, 0} 530 } 531 }, 532 {0, 0, 2, 0, /* 0x42 */ 533 {{1, 1}, 534 {6, 6}, 535 {0, 0}, 536 {0, 0} 537 } 538 }, 539 {1, 0, 2, 0, /* 0x43 */ 540 {{0, 1}, 541 {6, 6}, 542 {0, 0}, 543 {0, 0} 544 } 545 }, 546 {0, 0, 2, 0, /* 0x44 */ 547 {{2, 2}, 548 {6, 6}, 549 {0, 0}, 550 {0, 0} 551 } 552 }, 553 {1, 0, 3, 0, /* 0x45 */ 554 {{0, 0}, 555 {2, 2}, 556 {6, 6}, 557 {0, 0} 558 } 559 }, 560 {0, 0, 2, 0, /* 0x46 */ 561 {{1, 2}, 562 {6, 6}, 563 {0, 0}, 564 {0, 0} 565 } 566 }, 567 {1, 0, 2, 0, /* 0x47 */ 568 {{0, 2}, 569 {6, 6}, 570 {0, 0}, 571 {0, 0} 572 } 573 }, 574 {0, 0, 2, 0, /* 0x48 */ 575 {{3, 3}, 576 {6, 6}, 577 {0, 0}, 578 {0, 0} 579 } 580 }, 581 {1, 0, 3, 0, /* 0x49 */ 582 {{0, 0}, 583 {3, 3}, 584 {6, 6}, 585 {0, 0} 586 } 587 }, 588 {0, 0, 3, 0, /* 0x4a */ 589 {{1, 1}, 590 {3, 3}, 591 {6, 6}, 592 {0, 0} 593 } 594 }, 595 {1, 0, 3, 0, /* 0x4b */ 596 {{0, 1}, 597 {3, 3}, 598 {6, 6}, 599 {0, 0} 600 } 601 }, 602 {0, 0, 2, 0, /* 0x4c */ 603 {{2, 3}, 604 {6, 6}, 605 {0, 0}, 606 {0, 0} 607 } 608 }, 609 {1, 0, 3, 0, /* 0x4d */ 610 {{0, 0}, 611 {2, 3}, 612 {6, 6}, 613 {0, 0} 614 } 615 }, 616 {0, 0, 2, 0, /* 0x4e */ 617 {{1, 3}, 618 {6, 6}, 619 {0, 0}, 620 {0, 0} 621 } 622 }, 623 {1, 0, 2, 0, /* 0x4f */ 624 {{0, 3}, 625 {6, 6}, 626 {0, 0}, 627 {0, 0} 628 } 629 }, 630 {0, 0, 2, 0, /* 0x50 */ 631 {{4, 4}, 632 {6, 6}, 633 {0, 0}, 634 {0, 0} 635 } 636 }, 637 {1, 0, 3, 0, /* 0x51 */ 638 {{0, 0}, 639 {4, 4}, 640 {6, 6}, 641 {0, 0} 642 } 643 }, 644 {0, 0, 3, 0, /* 0x52 */ 645 {{1, 1}, 646 {4, 4}, 647 {6, 6}, 648 {0, 0} 649 } 650 }, 651 {1, 0, 3, 0, /* 0x53 */ 652 {{0, 1}, 653 {4, 4}, 654 {6, 6}, 655 {0, 0} 656 } 657 }, 658 {0, 0, 3, 0, /* 0x54 */ 659 {{2, 2}, 660 {4, 4}, 661 {6, 6}, 662 {0, 0} 663 } 664 }, 665 {1, 0, 4, 0, /* 0x55 */ 666 {{0, 0}, 667 {2, 2}, 668 {4, 4}, 669 {6, 6} 670 } 671 }, 672 {0, 0, 3, 0, /* 0x56 */ 673 {{1, 2}, 674 {4, 4}, 675 {6, 6}, 676 {0, 0} 677 } 678 }, 679 {1, 0, 3, 0, /* 0x57 */ 680 {{0, 2}, 681 {4, 4}, 682 {6, 6}, 683 {0, 0} 684 } 685 }, 686 {0, 0, 2, 0, /* 0x58 */ 687 {{3, 4}, 688 {6, 6}, 689 {0, 0}, 690 {0, 0} 691 } 692 }, 693 {1, 0, 3, 0, /* 0x59 */ 694 {{0, 0}, 695 {3, 4}, 696 {6, 6}, 697 {0, 0} 698 } 699 }, 700 {0, 0, 3, 0, /* 0x5a */ 701 {{1, 1}, 702 {3, 4}, 703 {6, 6}, 704 {0, 0} 705 } 706 }, 707 {1, 0, 3, 0, /* 0x5b */ 708 {{0, 1}, 709 {3, 4}, 710 {6, 6}, 711 {0, 0} 712 } 713 }, 714 {0, 0, 2, 0, /* 0x5c */ 715 {{2, 4}, 716 {6, 6}, 717 {0, 0}, 718 {0, 0} 719 } 720 }, 721 {1, 0, 3, 0, /* 0x5d */ 722 {{0, 0}, 723 {2, 4}, 724 {6, 6}, 725 {0, 0} 726 } 727 }, 728 {0, 0, 2, 0, /* 0x5e */ 729 {{1, 4}, 730 {6, 6}, 731 {0, 0}, 732 {0, 0} 733 } 734 }, 735 {1, 0, 2, 0, /* 0x5f */ 736 {{0, 4}, 737 {6, 6}, 738 {0, 0}, 739 {0, 0} 740 } 741 }, 742 {0, 0, 1, 0, /* 0x60 */ 743 {{5, 6}, 744 {0, 0}, 745 {0, 0}, 746 {0, 0} 747 } 748 }, 749 {1, 0, 2, 0, /* 0x61 */ 750 {{0, 0}, 751 {5, 6}, 752 {0, 0}, 753 {0, 0} 754 } 755 }, 756 {0, 0, 2, 0, /* 0x62 */ 757 {{1, 1}, 758 {5, 6}, 759 {0, 0}, 760 {0, 0} 761 } 762 }, 763 {1, 0, 2, 0, /* 0x63 */ 764 {{0, 1}, 765 {5, 6}, 766 {0, 0}, 767 {0, 0} 768 } 769 }, 770 {0, 0, 2, 0, /* 0x64 */ 771 {{2, 2}, 772 {5, 6}, 773 {0, 0}, 774 {0, 0} 775 } 776 }, 777 {1, 0, 3, 0, /* 0x65 */ 778 {{0, 0}, 779 {2, 2}, 780 {5, 6}, 781 {0, 0} 782 } 783 }, 784 {0, 0, 2, 0, /* 0x66 */ 785 {{1, 2}, 786 {5, 6}, 787 {0, 0}, 788 {0, 0} 789 } 790 }, 791 {1, 0, 2, 0, /* 0x67 */ 792 {{0, 2}, 793 {5, 6}, 794 {0, 0}, 795 {0, 0} 796 } 797 }, 798 {0, 0, 2, 0, /* 0x68 */ 799 {{3, 3}, 800 {5, 6}, 801 {0, 0}, 802 {0, 0} 803 } 804 }, 805 {1, 0, 3, 0, /* 0x69 */ 806 {{0, 0}, 807 {3, 3}, 808 {5, 6}, 809 {0, 0} 810 } 811 }, 812 {0, 0, 3, 0, /* 0x6a */ 813 {{1, 1}, 814 {3, 3}, 815 {5, 6}, 816 {0, 0} 817 } 818 }, 819 {1, 0, 3, 0, /* 0x6b */ 820 {{0, 1}, 821 {3, 3}, 822 {5, 6}, 823 {0, 0} 824 } 825 }, 826 {0, 0, 2, 0, /* 0x6c */ 827 {{2, 3}, 828 {5, 6}, 829 {0, 0}, 830 {0, 0} 831 } 832 }, 833 {1, 0, 3, 0, /* 0x6d */ 834 {{0, 0}, 835 {2, 3}, 836 {5, 6}, 837 {0, 0} 838 } 839 }, 840 {0, 0, 2, 0, /* 0x6e */ 841 {{1, 3}, 842 {5, 6}, 843 {0, 0}, 844 {0, 0} 845 } 846 }, 847 {1, 0, 2, 0, /* 0x6f */ 848 {{0, 3}, 849 {5, 6}, 850 {0, 0}, 851 {0, 0} 852 } 853 }, 854 {0, 0, 1, 0, /* 0x70 */ 855 {{4, 6}, 856 {0, 0}, 857 {0, 0}, 858 {0, 0} 859 } 860 }, 861 {1, 0, 2, 0, /* 0x71 */ 862 {{0, 0}, 863 {4, 6}, 864 {0, 0}, 865 {0, 0} 866 } 867 }, 868 {0, 0, 2, 0, /* 0x72 */ 869 {{1, 1}, 870 {4, 6}, 871 {0, 0}, 872 {0, 0} 873 } 874 }, 875 {1, 0, 2, 0, /* 0x73 */ 876 {{0, 1}, 877 {4, 6}, 878 {0, 0}, 879 {0, 0} 880 } 881 }, 882 {0, 0, 2, 0, /* 0x74 */ 883 {{2, 2}, 884 {4, 6}, 885 {0, 0}, 886 {0, 0} 887 } 888 }, 889 {1, 0, 3, 0, /* 0x75 */ 890 {{0, 0}, 891 {2, 2}, 892 {4, 6}, 893 {0, 0} 894 } 895 }, 896 {0, 0, 2, 0, /* 0x76 */ 897 {{1, 2}, 898 {4, 6}, 899 {0, 0}, 900 {0, 0} 901 } 902 }, 903 {1, 0, 2, 0, /* 0x77 */ 904 {{0, 2}, 905 {4, 6}, 906 {0, 0}, 907 {0, 0} 908 } 909 }, 910 {0, 0, 1, 0, /* 0x78 */ 911 {{3, 6}, 912 {0, 0}, 913 {0, 0}, 914 {0, 0} 915 } 916 }, 917 {1, 0, 2, 0, /* 0x79 */ 918 {{0, 0}, 919 {3, 6}, 920 {0, 0}, 921 {0, 0} 922 } 923 }, 924 {0, 0, 2, 0, /* 0x7a */ 925 {{1, 1}, 926 {3, 6}, 927 {0, 0}, 928 {0, 0} 929 } 930 }, 931 {1, 0, 2, 0, /* 0x7b */ 932 {{0, 1}, 933 {3, 6}, 934 {0, 0}, 935 {0, 0} 936 } 937 }, 938 {0, 0, 1, 0, /* 0x7c */ 939 {{2, 6}, 940 {0, 0}, 941 {0, 0}, 942 {0, 0} 943 } 944 }, 945 {1, 0, 2, 0, /* 0x7d */ 946 {{0, 0}, 947 {2, 6}, 948 {0, 0}, 949 {0, 0} 950 } 951 }, 952 {0, 0, 1, 0, /* 0x7e */ 953 {{1, 6}, 954 {0, 0}, 955 {0, 0}, 956 {0, 0} 957 } 958 }, 959 {1, 0, 1, 0, /* 0x7f */ 960 {{0, 6}, 961 {0, 0}, 962 {0, 0}, 963 {0, 0} 964 } 965 }, 966 {0, 1, 1, 0, /* 0x80 */ 967 {{7, 7}, 968 {0, 0}, 969 {0, 0}, 970 {0, 0} 971 } 972 }, 973 {1, 1, 2, 0, /* 0x81 */ 974 {{0, 0}, 975 {7, 7}, 976 {0, 0}, 977 {0, 0} 978 } 979 }, 980 {0, 1, 2, 0, /* 0x82 */ 981 {{1, 1}, 982 {7, 7}, 983 {0, 0}, 984 {0, 0} 985 } 986 }, 987 {1, 1, 2, 0, /* 0x83 */ 988 {{0, 1}, 989 {7, 7}, 990 {0, 0}, 991 {0, 0} 992 } 993 }, 994 {0, 1, 2, 0, /* 0x84 */ 995 {{2, 2}, 996 {7, 7}, 997 {0, 0}, 998 {0, 0} 999 } 1000 }, 1001 {1, 1, 3, 0, /* 0x85 */ 1002 {{0, 0}, 1003 {2, 2}, 1004 {7, 7}, 1005 {0, 0} 1006 } 1007 }, 1008 {0, 1, 2, 0, /* 0x86 */ 1009 {{1, 2}, 1010 {7, 7}, 1011 {0, 0}, 1012 {0, 0} 1013 } 1014 }, 1015 {1, 1, 2, 0, /* 0x87 */ 1016 {{0, 2}, 1017 {7, 7}, 1018 {0, 0}, 1019 {0, 0} 1020 } 1021 }, 1022 {0, 1, 2, 0, /* 0x88 */ 1023 {{3, 3}, 1024 {7, 7}, 1025 {0, 0}, 1026 {0, 0} 1027 } 1028 }, 1029 {1, 1, 3, 0, /* 0x89 */ 1030 {{0, 0}, 1031 {3, 3}, 1032 {7, 7}, 1033 {0, 0} 1034 } 1035 }, 1036 {0, 1, 3, 0, /* 0x8a */ 1037 {{1, 1}, 1038 {3, 3}, 1039 {7, 7}, 1040 {0, 0} 1041 } 1042 }, 1043 {1, 1, 3, 0, /* 0x8b */ 1044 {{0, 1}, 1045 {3, 3}, 1046 {7, 7}, 1047 {0, 0} 1048 } 1049 }, 1050 {0, 1, 2, 0, /* 0x8c */ 1051 {{2, 3}, 1052 {7, 7}, 1053 {0, 0}, 1054 {0, 0} 1055 } 1056 }, 1057 {1, 1, 3, 0, /* 0x8d */ 1058 {{0, 0}, 1059 {2, 3}, 1060 {7, 7}, 1061 {0, 0} 1062 } 1063 }, 1064 {0, 1, 2, 0, /* 0x8e */ 1065 {{1, 3}, 1066 {7, 7}, 1067 {0, 0}, 1068 {0, 0} 1069 } 1070 }, 1071 {1, 1, 2, 0, /* 0x8f */ 1072 {{0, 3}, 1073 {7, 7}, 1074 {0, 0}, 1075 {0, 0} 1076 } 1077 }, 1078 {0, 1, 2, 0, /* 0x90 */ 1079 {{4, 4}, 1080 {7, 7}, 1081 {0, 0}, 1082 {0, 0} 1083 } 1084 }, 1085 {1, 1, 3, 0, /* 0x91 */ 1086 {{0, 0}, 1087 {4, 4}, 1088 {7, 7}, 1089 {0, 0} 1090 } 1091 }, 1092 {0, 1, 3, 0, /* 0x92 */ 1093 {{1, 1}, 1094 {4, 4}, 1095 {7, 7}, 1096 {0, 0} 1097 } 1098 }, 1099 {1, 1, 3, 0, /* 0x93 */ 1100 {{0, 1}, 1101 {4, 4}, 1102 {7, 7}, 1103 {0, 0} 1104 } 1105 }, 1106 {0, 1, 3, 0, /* 0x94 */ 1107 {{2, 2}, 1108 {4, 4}, 1109 {7, 7}, 1110 {0, 0} 1111 } 1112 }, 1113 {1, 1, 4, 0, /* 0x95 */ 1114 {{0, 0}, 1115 {2, 2}, 1116 {4, 4}, 1117 {7, 7} 1118 } 1119 }, 1120 {0, 1, 3, 0, /* 0x96 */ 1121 {{1, 2}, 1122 {4, 4}, 1123 {7, 7}, 1124 {0, 0} 1125 } 1126 }, 1127 {1, 1, 3, 0, /* 0x97 */ 1128 {{0, 2}, 1129 {4, 4}, 1130 {7, 7}, 1131 {0, 0} 1132 } 1133 }, 1134 {0, 1, 2, 0, /* 0x98 */ 1135 {{3, 4}, 1136 {7, 7}, 1137 {0, 0}, 1138 {0, 0} 1139 } 1140 }, 1141 {1, 1, 3, 0, /* 0x99 */ 1142 {{0, 0}, 1143 {3, 4}, 1144 {7, 7}, 1145 {0, 0} 1146 } 1147 }, 1148 {0, 1, 3, 0, /* 0x9a */ 1149 {{1, 1}, 1150 {3, 4}, 1151 {7, 7}, 1152 {0, 0} 1153 } 1154 }, 1155 {1, 1, 3, 0, /* 0x9b */ 1156 {{0, 1}, 1157 {3, 4}, 1158 {7, 7}, 1159 {0, 0} 1160 } 1161 }, 1162 {0, 1, 2, 0, /* 0x9c */ 1163 {{2, 4}, 1164 {7, 7}, 1165 {0, 0}, 1166 {0, 0} 1167 } 1168 }, 1169 {1, 1, 3, 0, /* 0x9d */ 1170 {{0, 0}, 1171 {2, 4}, 1172 {7, 7}, 1173 {0, 0} 1174 } 1175 }, 1176 {0, 1, 2, 0, /* 0x9e */ 1177 {{1, 4}, 1178 {7, 7}, 1179 {0, 0}, 1180 {0, 0} 1181 } 1182 }, 1183 {1, 1, 2, 0, /* 0x9f */ 1184 {{0, 4}, 1185 {7, 7}, 1186 {0, 0}, 1187 {0, 0} 1188 } 1189 }, 1190 {0, 1, 2, 0, /* 0xa0 */ 1191 {{5, 5}, 1192 {7, 7}, 1193 {0, 0}, 1194 {0, 0} 1195 } 1196 }, 1197 {1, 1, 3, 0, /* 0xa1 */ 1198 {{0, 0}, 1199 {5, 5}, 1200 {7, 7}, 1201 {0, 0} 1202 } 1203 }, 1204 {0, 1, 3, 0, /* 0xa2 */ 1205 {{1, 1}, 1206 {5, 5}, 1207 {7, 7}, 1208 {0, 0} 1209 } 1210 }, 1211 {1, 1, 3, 0, /* 0xa3 */ 1212 {{0, 1}, 1213 {5, 5}, 1214 {7, 7}, 1215 {0, 0} 1216 } 1217 }, 1218 {0, 1, 3, 0, /* 0xa4 */ 1219 {{2, 2}, 1220 {5, 5}, 1221 {7, 7}, 1222 {0, 0} 1223 } 1224 }, 1225 {1, 1, 4, 0, /* 0xa5 */ 1226 {{0, 0}, 1227 {2, 2}, 1228 {5, 5}, 1229 {7, 7} 1230 } 1231 }, 1232 {0, 1, 3, 0, /* 0xa6 */ 1233 {{1, 2}, 1234 {5, 5}, 1235 {7, 7}, 1236 {0, 0} 1237 } 1238 }, 1239 {1, 1, 3, 0, /* 0xa7 */ 1240 {{0, 2}, 1241 {5, 5}, 1242 {7, 7}, 1243 {0, 0} 1244 } 1245 }, 1246 {0, 1, 3, 0, /* 0xa8 */ 1247 {{3, 3}, 1248 {5, 5}, 1249 {7, 7}, 1250 {0, 0} 1251 } 1252 }, 1253 {1, 1, 4, 0, /* 0xa9 */ 1254 {{0, 0}, 1255 {3, 3}, 1256 {5, 5}, 1257 {7, 7} 1258 } 1259 }, 1260 {0, 1, 4, 0, /* 0xaa */ 1261 {{1, 1}, 1262 {3, 3}, 1263 {5, 5}, 1264 {7, 7} 1265 } 1266 }, 1267 {1, 1, 4, 0, /* 0xab */ 1268 {{0, 1}, 1269 {3, 3}, 1270 {5, 5}, 1271 {7, 7} 1272 } 1273 }, 1274 {0, 1, 3, 0, /* 0xac */ 1275 {{2, 3}, 1276 {5, 5}, 1277 {7, 7}, 1278 {0, 0} 1279 } 1280 }, 1281 {1, 1, 4, 0, /* 0xad */ 1282 {{0, 0}, 1283 {2, 3}, 1284 {5, 5}, 1285 {7, 7} 1286 } 1287 }, 1288 {0, 1, 3, 0, /* 0xae */ 1289 {{1, 3}, 1290 {5, 5}, 1291 {7, 7}, 1292 {0, 0} 1293 } 1294 }, 1295 {1, 1, 3, 0, /* 0xaf */ 1296 {{0, 3}, 1297 {5, 5}, 1298 {7, 7}, 1299 {0, 0} 1300 } 1301 }, 1302 {0, 1, 2, 0, /* 0xb0 */ 1303 {{4, 5}, 1304 {7, 7}, 1305 {0, 0}, 1306 {0, 0} 1307 } 1308 }, 1309 {1, 1, 3, 0, /* 0xb1 */ 1310 {{0, 0}, 1311 {4, 5}, 1312 {7, 7}, 1313 {0, 0} 1314 } 1315 }, 1316 {0, 1, 3, 0, /* 0xb2 */ 1317 {{1, 1}, 1318 {4, 5}, 1319 {7, 7}, 1320 {0, 0} 1321 } 1322 }, 1323 {1, 1, 3, 0, /* 0xb3 */ 1324 {{0, 1}, 1325 {4, 5}, 1326 {7, 7}, 1327 {0, 0} 1328 } 1329 }, 1330 {0, 1, 3, 0, /* 0xb4 */ 1331 {{2, 2}, 1332 {4, 5}, 1333 {7, 7}, 1334 {0, 0} 1335 } 1336 }, 1337 {1, 1, 4, 0, /* 0xb5 */ 1338 {{0, 0}, 1339 {2, 2}, 1340 {4, 5}, 1341 {7, 7} 1342 } 1343 }, 1344 {0, 1, 3, 0, /* 0xb6 */ 1345 {{1, 2}, 1346 {4, 5}, 1347 {7, 7}, 1348 {0, 0} 1349 } 1350 }, 1351 {1, 1, 3, 0, /* 0xb7 */ 1352 {{0, 2}, 1353 {4, 5}, 1354 {7, 7}, 1355 {0, 0} 1356 } 1357 }, 1358 {0, 1, 2, 0, /* 0xb8 */ 1359 {{3, 5}, 1360 {7, 7}, 1361 {0, 0}, 1362 {0, 0} 1363 } 1364 }, 1365 {1, 1, 3, 0, /* 0xb9 */ 1366 {{0, 0}, 1367 {3, 5}, 1368 {7, 7}, 1369 {0, 0} 1370 } 1371 }, 1372 {0, 1, 3, 0, /* 0xba */ 1373 {{1, 1}, 1374 {3, 5}, 1375 {7, 7}, 1376 {0, 0} 1377 } 1378 }, 1379 {1, 1, 3, 0, /* 0xbb */ 1380 {{0, 1}, 1381 {3, 5}, 1382 {7, 7}, 1383 {0, 0} 1384 } 1385 }, 1386 {0, 1, 2, 0, /* 0xbc */ 1387 {{2, 5}, 1388 {7, 7}, 1389 {0, 0}, 1390 {0, 0} 1391 } 1392 }, 1393 {1, 1, 3, 0, /* 0xbd */ 1394 {{0, 0}, 1395 {2, 5}, 1396 {7, 7}, 1397 {0, 0} 1398 } 1399 }, 1400 {0, 1, 2, 0, /* 0xbe */ 1401 {{1, 5}, 1402 {7, 7}, 1403 {0, 0}, 1404 {0, 0} 1405 } 1406 }, 1407 {1, 1, 2, 0, /* 0xbf */ 1408 {{0, 5}, 1409 {7, 7}, 1410 {0, 0}, 1411 {0, 0} 1412 } 1413 }, 1414 {0, 1, 1, 0, /* 0xc0 */ 1415 {{6, 7}, 1416 {0, 0}, 1417 {0, 0}, 1418 {0, 0} 1419 } 1420 }, 1421 {1, 1, 2, 0, /* 0xc1 */ 1422 {{0, 0}, 1423 {6, 7}, 1424 {0, 0}, 1425 {0, 0} 1426 } 1427 }, 1428 {0, 1, 2, 0, /* 0xc2 */ 1429 {{1, 1}, 1430 {6, 7}, 1431 {0, 0}, 1432 {0, 0} 1433 } 1434 }, 1435 {1, 1, 2, 0, /* 0xc3 */ 1436 {{0, 1}, 1437 {6, 7}, 1438 {0, 0}, 1439 {0, 0} 1440 } 1441 }, 1442 {0, 1, 2, 0, /* 0xc4 */ 1443 {{2, 2}, 1444 {6, 7}, 1445 {0, 0}, 1446 {0, 0} 1447 } 1448 }, 1449 {1, 1, 3, 0, /* 0xc5 */ 1450 {{0, 0}, 1451 {2, 2}, 1452 {6, 7}, 1453 {0, 0} 1454 } 1455 }, 1456 {0, 1, 2, 0, /* 0xc6 */ 1457 {{1, 2}, 1458 {6, 7}, 1459 {0, 0}, 1460 {0, 0} 1461 } 1462 }, 1463 {1, 1, 2, 0, /* 0xc7 */ 1464 {{0, 2}, 1465 {6, 7}, 1466 {0, 0}, 1467 {0, 0} 1468 } 1469 }, 1470 {0, 1, 2, 0, /* 0xc8 */ 1471 {{3, 3}, 1472 {6, 7}, 1473 {0, 0}, 1474 {0, 0} 1475 } 1476 }, 1477 {1, 1, 3, 0, /* 0xc9 */ 1478 {{0, 0}, 1479 {3, 3}, 1480 {6, 7}, 1481 {0, 0} 1482 } 1483 }, 1484 {0, 1, 3, 0, /* 0xca */ 1485 {{1, 1}, 1486 {3, 3}, 1487 {6, 7}, 1488 {0, 0} 1489 } 1490 }, 1491 {1, 1, 3, 0, /* 0xcb */ 1492 {{0, 1}, 1493 {3, 3}, 1494 {6, 7}, 1495 {0, 0} 1496 } 1497 }, 1498 {0, 1, 2, 0, /* 0xcc */ 1499 {{2, 3}, 1500 {6, 7}, 1501 {0, 0}, 1502 {0, 0} 1503 } 1504 }, 1505 {1, 1, 3, 0, /* 0xcd */ 1506 {{0, 0}, 1507 {2, 3}, 1508 {6, 7}, 1509 {0, 0} 1510 } 1511 }, 1512 {0, 1, 2, 0, /* 0xce */ 1513 {{1, 3}, 1514 {6, 7}, 1515 {0, 0}, 1516 {0, 0} 1517 } 1518 }, 1519 {1, 1, 2, 0, /* 0xcf */ 1520 {{0, 3}, 1521 {6, 7}, 1522 {0, 0}, 1523 {0, 0} 1524 } 1525 }, 1526 {0, 1, 2, 0, /* 0xd0 */ 1527 {{4, 4}, 1528 {6, 7}, 1529 {0, 0}, 1530 {0, 0} 1531 } 1532 }, 1533 {1, 1, 3, 0, /* 0xd1 */ 1534 {{0, 0}, 1535 {4, 4}, 1536 {6, 7}, 1537 {0, 0} 1538 } 1539 }, 1540 {0, 1, 3, 0, /* 0xd2 */ 1541 {{1, 1}, 1542 {4, 4}, 1543 {6, 7}, 1544 {0, 0} 1545 } 1546 }, 1547 {1, 1, 3, 0, /* 0xd3 */ 1548 {{0, 1}, 1549 {4, 4}, 1550 {6, 7}, 1551 {0, 0} 1552 } 1553 }, 1554 {0, 1, 3, 0, /* 0xd4 */ 1555 {{2, 2}, 1556 {4, 4}, 1557 {6, 7}, 1558 {0, 0} 1559 } 1560 }, 1561 {1, 1, 4, 0, /* 0xd5 */ 1562 {{0, 0}, 1563 {2, 2}, 1564 {4, 4}, 1565 {6, 7} 1566 } 1567 }, 1568 {0, 1, 3, 0, /* 0xd6 */ 1569 {{1, 2}, 1570 {4, 4}, 1571 {6, 7}, 1572 {0, 0} 1573 } 1574 }, 1575 {1, 1, 3, 0, /* 0xd7 */ 1576 {{0, 2}, 1577 {4, 4}, 1578 {6, 7}, 1579 {0, 0} 1580 } 1581 }, 1582 {0, 1, 2, 0, /* 0xd8 */ 1583 {{3, 4}, 1584 {6, 7}, 1585 {0, 0}, 1586 {0, 0} 1587 } 1588 }, 1589 {1, 1, 3, 0, /* 0xd9 */ 1590 {{0, 0}, 1591 {3, 4}, 1592 {6, 7}, 1593 {0, 0} 1594 } 1595 }, 1596 {0, 1, 3, 0, /* 0xda */ 1597 {{1, 1}, 1598 {3, 4}, 1599 {6, 7}, 1600 {0, 0} 1601 } 1602 }, 1603 {1, 1, 3, 0, /* 0xdb */ 1604 {{0, 1}, 1605 {3, 4}, 1606 {6, 7}, 1607 {0, 0} 1608 } 1609 }, 1610 {0, 1, 2, 0, /* 0xdc */ 1611 {{2, 4}, 1612 {6, 7}, 1613 {0, 0}, 1614 {0, 0} 1615 } 1616 }, 1617 {1, 1, 3, 0, /* 0xdd */ 1618 {{0, 0}, 1619 {2, 4}, 1620 {6, 7}, 1621 {0, 0} 1622 } 1623 }, 1624 {0, 1, 2, 0, /* 0xde */ 1625 {{1, 4}, 1626 {6, 7}, 1627 {0, 0}, 1628 {0, 0} 1629 } 1630 }, 1631 {1, 1, 2, 0, /* 0xdf */ 1632 {{0, 4}, 1633 {6, 7}, 1634 {0, 0}, 1635 {0, 0} 1636 } 1637 }, 1638 {0, 1, 1, 0, /* 0xe0 */ 1639 {{5, 7}, 1640 {0, 0}, 1641 {0, 0}, 1642 {0, 0} 1643 } 1644 }, 1645 {1, 1, 2, 0, /* 0xe1 */ 1646 {{0, 0}, 1647 {5, 7}, 1648 {0, 0}, 1649 {0, 0} 1650 } 1651 }, 1652 {0, 1, 2, 0, /* 0xe2 */ 1653 {{1, 1}, 1654 {5, 7}, 1655 {0, 0}, 1656 {0, 0} 1657 } 1658 }, 1659 {1, 1, 2, 0, /* 0xe3 */ 1660 {{0, 1}, 1661 {5, 7}, 1662 {0, 0}, 1663 {0, 0} 1664 } 1665 }, 1666 {0, 1, 2, 0, /* 0xe4 */ 1667 {{2, 2}, 1668 {5, 7}, 1669 {0, 0}, 1670 {0, 0} 1671 } 1672 }, 1673 {1, 1, 3, 0, /* 0xe5 */ 1674 {{0, 0}, 1675 {2, 2}, 1676 {5, 7}, 1677 {0, 0} 1678 } 1679 }, 1680 {0, 1, 2, 0, /* 0xe6 */ 1681 {{1, 2}, 1682 {5, 7}, 1683 {0, 0}, 1684 {0, 0} 1685 } 1686 }, 1687 {1, 1, 2, 0, /* 0xe7 */ 1688 {{0, 2}, 1689 {5, 7}, 1690 {0, 0}, 1691 {0, 0} 1692 } 1693 }, 1694 {0, 1, 2, 0, /* 0xe8 */ 1695 {{3, 3}, 1696 {5, 7}, 1697 {0, 0}, 1698 {0, 0} 1699 } 1700 }, 1701 {1, 1, 3, 0, /* 0xe9 */ 1702 {{0, 0}, 1703 {3, 3}, 1704 {5, 7}, 1705 {0, 0} 1706 } 1707 }, 1708 {0, 1, 3, 0, /* 0xea */ 1709 {{1, 1}, 1710 {3, 3}, 1711 {5, 7}, 1712 {0, 0} 1713 } 1714 }, 1715 {1, 1, 3, 0, /* 0xeb */ 1716 {{0, 1}, 1717 {3, 3}, 1718 {5, 7}, 1719 {0, 0} 1720 } 1721 }, 1722 {0, 1, 2, 0, /* 0xec */ 1723 {{2, 3}, 1724 {5, 7}, 1725 {0, 0}, 1726 {0, 0} 1727 } 1728 }, 1729 {1, 1, 3, 0, /* 0xed */ 1730 {{0, 0}, 1731 {2, 3}, 1732 {5, 7}, 1733 {0, 0} 1734 } 1735 }, 1736 {0, 1, 2, 0, /* 0xee */ 1737 {{1, 3}, 1738 {5, 7}, 1739 {0, 0}, 1740 {0, 0} 1741 } 1742 }, 1743 {1, 1, 2, 0, /* 0xef */ 1744 {{0, 3}, 1745 {5, 7}, 1746 {0, 0}, 1747 {0, 0} 1748 } 1749 }, 1750 {0, 1, 1, 0, /* 0xf0 */ 1751 {{4, 7}, 1752 {0, 0}, 1753 {0, 0}, 1754 {0, 0} 1755 } 1756 }, 1757 {1, 1, 2, 0, /* 0xf1 */ 1758 {{0, 0}, 1759 {4, 7}, 1760 {0, 0}, 1761 {0, 0} 1762 } 1763 }, 1764 {0, 1, 2, 0, /* 0xf2 */ 1765 {{1, 1}, 1766 {4, 7}, 1767 {0, 0}, 1768 {0, 0} 1769 } 1770 }, 1771 {1, 1, 2, 0, /* 0xf3 */ 1772 {{0, 1}, 1773 {4, 7}, 1774 {0, 0}, 1775 {0, 0} 1776 } 1777 }, 1778 {0, 1, 2, 0, /* 0xf4 */ 1779 {{2, 2}, 1780 {4, 7}, 1781 {0, 0}, 1782 {0, 0} 1783 } 1784 }, 1785 {1, 1, 3, 0, /* 0xf5 */ 1786 {{0, 0}, 1787 {2, 2}, 1788 {4, 7}, 1789 {0, 0} 1790 } 1791 }, 1792 {0, 1, 2, 0, /* 0xf6 */ 1793 {{1, 2}, 1794 {4, 7}, 1795 {0, 0}, 1796 {0, 0} 1797 } 1798 }, 1799 {1, 1, 2, 0, /* 0xf7 */ 1800 {{0, 2}, 1801 {4, 7}, 1802 {0, 0}, 1803 {0, 0} 1804 } 1805 }, 1806 {0, 1, 1, 0, /* 0xf8 */ 1807 {{3, 7}, 1808 {0, 0}, 1809 {0, 0}, 1810 {0, 0} 1811 } 1812 }, 1813 {1, 1, 2, 0, /* 0xf9 */ 1814 {{0, 0}, 1815 {3, 7}, 1816 {0, 0}, 1817 {0, 0} 1818 } 1819 }, 1820 {0, 1, 2, 0, /* 0xfa */ 1821 {{1, 1}, 1822 {3, 7}, 1823 {0, 0}, 1824 {0, 0} 1825 } 1826 }, 1827 {1, 1, 2, 0, /* 0xfb */ 1828 {{0, 1}, 1829 {3, 7}, 1830 {0, 0}, 1831 {0, 0} 1832 } 1833 }, 1834 {0, 1, 1, 0, /* 0xfc */ 1835 {{2, 7}, 1836 {0, 0}, 1837 {0, 0}, 1838 {0, 0} 1839 } 1840 }, 1841 {1, 1, 2, 0, /* 0xfd */ 1842 {{0, 0}, 1843 {2, 7}, 1844 {0, 0}, 1845 {0, 0} 1846 } 1847 }, 1848 {0, 1, 1, 0, /* 0xfe */ 1849 {{1, 7}, 1850 {0, 0}, 1851 {0, 0}, 1852 {0, 0} 1853 } 1854 }, 1855 {1, 1, 1, 0, /* 0xff */ 1856 {{0, 7}, 1857 {0, 0}, 1858 {0, 0}, 1859 {0, 0} 1860 } 1861 } 1862 }; 1863 1864 1865 int 1866 sctp_is_address_in_scope(struct sctp_ifa *ifa, 1867 int ipv4_addr_legal, 1868 int ipv6_addr_legal, 1869 int loopback_scope, 1870 int ipv4_local_scope, 1871 int local_scope, 1872 int site_scope, 1873 int do_update) 1874 { 1875 if ((loopback_scope == 0) && 1876 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) { 1877 /* 1878 * skip loopback if not in scope * 1879 */ 1880 return (0); 1881 } 1882 switch (ifa->address.sa.sa_family) { 1883 case AF_INET: 1884 if (ipv4_addr_legal) { 1885 struct sockaddr_in *sin; 1886 1887 sin = (struct sockaddr_in *)&ifa->address.sin; 1888 if (sin->sin_addr.s_addr == 0) { 1889 /* not in scope , unspecified */ 1890 return (0); 1891 } 1892 if ((ipv4_local_scope == 0) && 1893 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1894 /* private address not in scope */ 1895 return (0); 1896 } 1897 } else { 1898 return (0); 1899 } 1900 break; 1901 #ifdef INET6 1902 case AF_INET6: 1903 if (ipv6_addr_legal) { 1904 struct sockaddr_in6 *sin6; 1905 1906 /* 1907 * Must update the flags, bummer, which means any 1908 * IFA locks must now be applied HERE <-> 1909 */ 1910 if (do_update) { 1911 sctp_gather_internal_ifa_flags(ifa); 1912 } 1913 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1914 return (0); 1915 } 1916 /* ok to use deprecated addresses? */ 1917 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1918 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1919 /* skip unspecifed addresses */ 1920 return (0); 1921 } 1922 if ( /* (local_scope == 0) && */ 1923 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1924 return (0); 1925 } 1926 if ((site_scope == 0) && 1927 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1928 return (0); 1929 } 1930 } else { 1931 return (0); 1932 } 1933 break; 1934 #endif 1935 default: 1936 return (0); 1937 } 1938 return (1); 1939 } 1940 1941 static struct mbuf * 1942 sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa) 1943 { 1944 struct sctp_paramhdr *parmh; 1945 struct mbuf *mret; 1946 int len; 1947 1948 if (ifa->address.sa.sa_family == AF_INET) { 1949 len = sizeof(struct sctp_ipv4addr_param); 1950 } else if (ifa->address.sa.sa_family == AF_INET6) { 1951 len = sizeof(struct sctp_ipv6addr_param); 1952 } else { 1953 /* unknown type */ 1954 return (m); 1955 } 1956 if (M_TRAILINGSPACE(m) >= len) { 1957 /* easy side we just drop it on the end */ 1958 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 1959 mret = m; 1960 } else { 1961 /* Need more space */ 1962 mret = m; 1963 while (SCTP_BUF_NEXT(mret) != NULL) { 1964 mret = SCTP_BUF_NEXT(mret); 1965 } 1966 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA); 1967 if (SCTP_BUF_NEXT(mret) == NULL) { 1968 /* We are hosed, can't add more addresses */ 1969 return (m); 1970 } 1971 mret = SCTP_BUF_NEXT(mret); 1972 parmh = mtod(mret, struct sctp_paramhdr *); 1973 } 1974 /* now add the parameter */ 1975 switch (ifa->address.sa.sa_family) { 1976 case AF_INET: 1977 { 1978 struct sctp_ipv4addr_param *ipv4p; 1979 struct sockaddr_in *sin; 1980 1981 sin = (struct sockaddr_in *)&ifa->address.sin; 1982 ipv4p = (struct sctp_ipv4addr_param *)parmh; 1983 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 1984 parmh->param_length = htons(len); 1985 ipv4p->addr = sin->sin_addr.s_addr; 1986 SCTP_BUF_LEN(mret) += len; 1987 break; 1988 } 1989 #ifdef INET6 1990 case AF_INET6: 1991 { 1992 struct sctp_ipv6addr_param *ipv6p; 1993 struct sockaddr_in6 *sin6; 1994 1995 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1996 ipv6p = (struct sctp_ipv6addr_param *)parmh; 1997 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 1998 parmh->param_length = htons(len); 1999 memcpy(ipv6p->addr, &sin6->sin6_addr, 2000 sizeof(ipv6p->addr)); 2001 /* clear embedded scope in the address */ 2002 in6_clearscope((struct in6_addr *)ipv6p->addr); 2003 SCTP_BUF_LEN(mret) += len; 2004 break; 2005 } 2006 #endif 2007 default: 2008 return (m); 2009 } 2010 return (mret); 2011 } 2012 2013 2014 struct mbuf * 2015 sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope, 2016 struct mbuf *m_at, int cnt_inits_to) 2017 { 2018 struct sctp_vrf *vrf = NULL; 2019 int cnt, limit_out = 0, total_count; 2020 uint32_t vrf_id; 2021 2022 vrf_id = inp->def_vrf_id; 2023 SCTP_IPI_ADDR_RLOCK(); 2024 vrf = sctp_find_vrf(vrf_id); 2025 if (vrf == NULL) { 2026 SCTP_IPI_ADDR_RUNLOCK(); 2027 return (m_at); 2028 } 2029 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2030 struct sctp_ifa *sctp_ifap; 2031 struct sctp_ifn *sctp_ifnp; 2032 2033 cnt = cnt_inits_to; 2034 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) { 2035 limit_out = 1; 2036 cnt = SCTP_ADDRESS_LIMIT; 2037 goto skip_count; 2038 } 2039 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2040 if ((scope->loopback_scope == 0) && 2041 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2042 /* 2043 * Skip loopback devices if loopback_scope 2044 * not set 2045 */ 2046 continue; 2047 } 2048 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2049 if (sctp_is_address_in_scope(sctp_ifap, 2050 scope->ipv4_addr_legal, 2051 scope->ipv6_addr_legal, 2052 scope->loopback_scope, 2053 scope->ipv4_local_scope, 2054 scope->local_scope, 2055 scope->site_scope, 1) == 0) { 2056 continue; 2057 } 2058 cnt++; 2059 if (cnt > SCTP_ADDRESS_LIMIT) { 2060 break; 2061 } 2062 } 2063 if (cnt > SCTP_ADDRESS_LIMIT) { 2064 break; 2065 } 2066 } 2067 skip_count: 2068 if (cnt > 1) { 2069 total_count = 0; 2070 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2071 cnt = 0; 2072 if ((scope->loopback_scope == 0) && 2073 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2074 /* 2075 * Skip loopback devices if 2076 * loopback_scope not set 2077 */ 2078 continue; 2079 } 2080 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2081 if (sctp_is_address_in_scope(sctp_ifap, 2082 scope->ipv4_addr_legal, 2083 scope->ipv6_addr_legal, 2084 scope->loopback_scope, 2085 scope->ipv4_local_scope, 2086 scope->local_scope, 2087 scope->site_scope, 0) == 0) { 2088 continue; 2089 } 2090 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap); 2091 if (limit_out) { 2092 cnt++; 2093 total_count++; 2094 if (cnt >= 2) { 2095 /* 2096 * two from each 2097 * address 2098 */ 2099 break; 2100 } 2101 if (total_count > SCTP_ADDRESS_LIMIT) { 2102 /* No more addresses */ 2103 break; 2104 } 2105 } 2106 } 2107 } 2108 } 2109 } else { 2110 struct sctp_laddr *laddr; 2111 2112 cnt = cnt_inits_to; 2113 /* First, how many ? */ 2114 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2115 if (laddr->ifa == NULL) { 2116 continue; 2117 } 2118 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2119 /* 2120 * Address being deleted by the system, dont 2121 * list. 2122 */ 2123 continue; 2124 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2125 /* 2126 * Address being deleted on this ep don't 2127 * list. 2128 */ 2129 continue; 2130 } 2131 if (sctp_is_address_in_scope(laddr->ifa, 2132 scope->ipv4_addr_legal, 2133 scope->ipv6_addr_legal, 2134 scope->loopback_scope, 2135 scope->ipv4_local_scope, 2136 scope->local_scope, 2137 scope->site_scope, 1) == 0) { 2138 continue; 2139 } 2140 cnt++; 2141 } 2142 if (cnt > SCTP_ADDRESS_LIMIT) { 2143 limit_out = 1; 2144 } 2145 /* 2146 * To get through a NAT we only list addresses if we have 2147 * more than one. That way if you just bind a single address 2148 * we let the source of the init dictate our address. 2149 */ 2150 if (cnt > 1) { 2151 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2152 cnt = 0; 2153 if (laddr->ifa == NULL) { 2154 continue; 2155 } 2156 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2157 continue; 2158 2159 if (sctp_is_address_in_scope(laddr->ifa, 2160 scope->ipv4_addr_legal, 2161 scope->ipv6_addr_legal, 2162 scope->loopback_scope, 2163 scope->ipv4_local_scope, 2164 scope->local_scope, 2165 scope->site_scope, 0) == 0) { 2166 continue; 2167 } 2168 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 2169 cnt++; 2170 if (cnt >= SCTP_ADDRESS_LIMIT) { 2171 break; 2172 } 2173 } 2174 } 2175 } 2176 SCTP_IPI_ADDR_RUNLOCK(); 2177 return (m_at); 2178 } 2179 2180 static struct sctp_ifa * 2181 sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa, 2182 uint8_t dest_is_loop, 2183 uint8_t dest_is_priv, 2184 sa_family_t fam) 2185 { 2186 uint8_t dest_is_global = 0; 2187 2188 /* dest_is_priv is true if destination is a private address */ 2189 /* dest_is_loop is true if destination is a loopback addresses */ 2190 2191 /** 2192 * Here we determine if its a preferred address. A preferred address 2193 * means it is the same scope or higher scope then the destination. 2194 * L = loopback, P = private, G = global 2195 * ----------------------------------------- 2196 * src | dest | result 2197 * ---------------------------------------- 2198 * L | L | yes 2199 * ----------------------------------------- 2200 * P | L | yes-v4 no-v6 2201 * ----------------------------------------- 2202 * G | L | yes-v4 no-v6 2203 * ----------------------------------------- 2204 * L | P | no 2205 * ----------------------------------------- 2206 * P | P | yes 2207 * ----------------------------------------- 2208 * G | P | no 2209 * ----------------------------------------- 2210 * L | G | no 2211 * ----------------------------------------- 2212 * P | G | no 2213 * ----------------------------------------- 2214 * G | G | yes 2215 * ----------------------------------------- 2216 */ 2217 2218 if (ifa->address.sa.sa_family != fam) { 2219 /* forget mis-matched family */ 2220 return (NULL); 2221 } 2222 if ((dest_is_priv == 0) && (dest_is_loop == 0)) { 2223 dest_is_global = 1; 2224 } 2225 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:"); 2226 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa); 2227 /* Ok the address may be ok */ 2228 if (fam == AF_INET6) { 2229 /* ok to use deprecated addresses? no lets not! */ 2230 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2231 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n"); 2232 return (NULL); 2233 } 2234 if (ifa->src_is_priv && !ifa->src_is_loop) { 2235 if (dest_is_loop) { 2236 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n"); 2237 return (NULL); 2238 } 2239 } 2240 if (ifa->src_is_glob) { 2241 if (dest_is_loop) { 2242 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n"); 2243 return (NULL); 2244 } 2245 } 2246 } 2247 /* 2248 * Now that we know what is what, implement or table this could in 2249 * theory be done slicker (it used to be), but this is 2250 * straightforward and easier to validate :-) 2251 */ 2252 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n", 2253 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob); 2254 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n", 2255 dest_is_loop, dest_is_priv, dest_is_global); 2256 2257 if ((ifa->src_is_loop) && (dest_is_priv)) { 2258 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n"); 2259 return (NULL); 2260 } 2261 if ((ifa->src_is_glob) && (dest_is_priv)) { 2262 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n"); 2263 return (NULL); 2264 } 2265 if ((ifa->src_is_loop) && (dest_is_global)) { 2266 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n"); 2267 return (NULL); 2268 } 2269 if ((ifa->src_is_priv) && (dest_is_global)) { 2270 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n"); 2271 return (NULL); 2272 } 2273 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n"); 2274 /* its a preferred address */ 2275 return (ifa); 2276 } 2277 2278 static struct sctp_ifa * 2279 sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa, 2280 uint8_t dest_is_loop, 2281 uint8_t dest_is_priv, 2282 sa_family_t fam) 2283 { 2284 uint8_t dest_is_global = 0; 2285 2286 /* 2287 * Here we determine if its a acceptable address. A acceptable 2288 * address means it is the same scope or higher scope but we can 2289 * allow for NAT which means its ok to have a global dest and a 2290 * private src. 2291 * 2292 * L = loopback, P = private, G = global 2293 * ----------------------------------------- src | dest | result 2294 * ----------------------------------------- L | L | yes 2295 * ----------------------------------------- P | L | 2296 * yes-v4 no-v6 ----------------------------------------- G | 2297 * L | yes ----------------------------------------- L | 2298 * P | no ----------------------------------------- P | P 2299 * | yes ----------------------------------------- G | P 2300 * | yes - May not work ----------------------------------------- 2301 * L | G | no ----------------------------------------- P 2302 * | G | yes - May not work 2303 * ----------------------------------------- G | G | yes 2304 * ----------------------------------------- 2305 */ 2306 2307 if (ifa->address.sa.sa_family != fam) { 2308 /* forget non matching family */ 2309 return (NULL); 2310 } 2311 /* Ok the address may be ok */ 2312 if ((dest_is_loop == 0) && (dest_is_priv == 0)) { 2313 dest_is_global = 1; 2314 } 2315 if (fam == AF_INET6) { 2316 /* ok to use deprecated addresses? */ 2317 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2318 return (NULL); 2319 } 2320 if (ifa->src_is_priv) { 2321 /* Special case, linklocal to loop */ 2322 if (dest_is_loop) 2323 return (NULL); 2324 } 2325 } 2326 /* 2327 * Now that we know what is what, implement our table. This could in 2328 * theory be done slicker (it used to be), but this is 2329 * straightforward and easier to validate :-) 2330 */ 2331 if ((ifa->src_is_loop == 1) && (dest_is_priv)) { 2332 return (NULL); 2333 } 2334 if ((ifa->src_is_loop == 1) && (dest_is_global)) { 2335 return (NULL); 2336 } 2337 /* its an acceptable address */ 2338 return (ifa); 2339 } 2340 2341 int 2342 sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 2343 { 2344 struct sctp_laddr *laddr; 2345 2346 if (stcb == NULL) { 2347 /* There are no restrictions, no TCB :-) */ 2348 return (0); 2349 } 2350 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 2351 if (laddr->ifa == NULL) { 2352 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2353 __FUNCTION__); 2354 continue; 2355 } 2356 if (laddr->ifa == ifa) { 2357 /* Yes it is on the list */ 2358 return (1); 2359 } 2360 } 2361 return (0); 2362 } 2363 2364 2365 int 2366 sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 2367 { 2368 struct sctp_laddr *laddr; 2369 2370 if (ifa == NULL) 2371 return (0); 2372 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2373 if (laddr->ifa == NULL) { 2374 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2375 __FUNCTION__); 2376 continue; 2377 } 2378 if ((laddr->ifa == ifa) && laddr->action == 0) 2379 /* same pointer */ 2380 return (1); 2381 } 2382 return (0); 2383 } 2384 2385 2386 2387 static struct sctp_ifa * 2388 sctp_choose_boundspecific_inp(struct sctp_inpcb *inp, 2389 sctp_route_t * ro, 2390 uint32_t vrf_id, 2391 int non_asoc_addr_ok, 2392 uint8_t dest_is_priv, 2393 uint8_t dest_is_loop, 2394 sa_family_t fam) 2395 { 2396 struct sctp_laddr *laddr, *starting_point; 2397 void *ifn; 2398 int resettotop = 0; 2399 struct sctp_ifn *sctp_ifn; 2400 struct sctp_ifa *sctp_ifa, *sifa; 2401 struct sctp_vrf *vrf; 2402 uint32_t ifn_index; 2403 2404 vrf = sctp_find_vrf(vrf_id); 2405 if (vrf == NULL) 2406 return (NULL); 2407 2408 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2409 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2410 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2411 /* 2412 * first question, is the ifn we will emit on in our list, if so, we 2413 * want such an address. Note that we first looked for a preferred 2414 * address. 2415 */ 2416 if (sctp_ifn) { 2417 /* is a preferred one on the interface we route out? */ 2418 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2419 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2420 (non_asoc_addr_ok == 0)) 2421 continue; 2422 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, 2423 dest_is_loop, 2424 dest_is_priv, fam); 2425 if (sifa == NULL) 2426 continue; 2427 if (sctp_is_addr_in_ep(inp, sifa)) { 2428 atomic_add_int(&sifa->refcount, 1); 2429 return (sifa); 2430 } 2431 } 2432 } 2433 /* 2434 * ok, now we now need to find one on the list of the addresses. We 2435 * can't get one on the emitting interface so let's find first a 2436 * preferred one. If not that an acceptable one otherwise... we 2437 * return NULL. 2438 */ 2439 starting_point = inp->next_addr_touse; 2440 once_again: 2441 if (inp->next_addr_touse == NULL) { 2442 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2443 resettotop = 1; 2444 } 2445 for (laddr = inp->next_addr_touse; laddr; 2446 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2447 if (laddr->ifa == NULL) { 2448 /* address has been removed */ 2449 continue; 2450 } 2451 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2452 /* address is being deleted */ 2453 continue; 2454 } 2455 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, 2456 dest_is_priv, fam); 2457 if (sifa == NULL) 2458 continue; 2459 atomic_add_int(&sifa->refcount, 1); 2460 return (sifa); 2461 } 2462 if (resettotop == 0) { 2463 inp->next_addr_touse = NULL; 2464 goto once_again; 2465 } 2466 inp->next_addr_touse = starting_point; 2467 resettotop = 0; 2468 once_again_too: 2469 if (inp->next_addr_touse == NULL) { 2470 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2471 resettotop = 1; 2472 } 2473 /* ok, what about an acceptable address in the inp */ 2474 for (laddr = inp->next_addr_touse; laddr; 2475 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2476 if (laddr->ifa == NULL) { 2477 /* address has been removed */ 2478 continue; 2479 } 2480 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2481 /* address is being deleted */ 2482 continue; 2483 } 2484 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2485 dest_is_priv, fam); 2486 if (sifa == NULL) 2487 continue; 2488 atomic_add_int(&sifa->refcount, 1); 2489 return (sifa); 2490 } 2491 if (resettotop == 0) { 2492 inp->next_addr_touse = NULL; 2493 goto once_again_too; 2494 } 2495 /* 2496 * no address bound can be a source for the destination we are in 2497 * trouble 2498 */ 2499 return (NULL); 2500 } 2501 2502 2503 2504 static struct sctp_ifa * 2505 sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp, 2506 struct sctp_tcb *stcb, 2507 struct sctp_nets *net, 2508 sctp_route_t * ro, 2509 uint32_t vrf_id, 2510 uint8_t dest_is_priv, 2511 uint8_t dest_is_loop, 2512 int non_asoc_addr_ok, 2513 sa_family_t fam) 2514 { 2515 struct sctp_laddr *laddr, *starting_point; 2516 void *ifn; 2517 struct sctp_ifn *sctp_ifn; 2518 struct sctp_ifa *sctp_ifa, *sifa; 2519 uint8_t start_at_beginning = 0; 2520 struct sctp_vrf *vrf; 2521 uint32_t ifn_index; 2522 2523 /* 2524 * first question, is the ifn we will emit on in our list, if so, we 2525 * want that one. 2526 */ 2527 vrf = sctp_find_vrf(vrf_id); 2528 if (vrf == NULL) 2529 return (NULL); 2530 2531 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2532 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2533 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2534 2535 /* 2536 * first question, is the ifn we will emit on in our list? If so, 2537 * we want that one. First we look for a preferred. Second, we go 2538 * for an acceptable. 2539 */ 2540 if (sctp_ifn) { 2541 /* first try for a preferred address on the ep */ 2542 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2543 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2544 continue; 2545 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2546 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2547 if (sifa == NULL) 2548 continue; 2549 if (((non_asoc_addr_ok == 0) && 2550 (sctp_is_addr_restricted(stcb, sifa))) || 2551 (non_asoc_addr_ok && 2552 (sctp_is_addr_restricted(stcb, sifa)) && 2553 (!sctp_is_addr_pending(stcb, sifa)))) { 2554 /* on the no-no list */ 2555 continue; 2556 } 2557 atomic_add_int(&sifa->refcount, 1); 2558 return (sifa); 2559 } 2560 } 2561 /* next try for an acceptable address on the ep */ 2562 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2563 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2564 continue; 2565 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2566 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2567 if (sifa == NULL) 2568 continue; 2569 if (((non_asoc_addr_ok == 0) && 2570 (sctp_is_addr_restricted(stcb, sifa))) || 2571 (non_asoc_addr_ok && 2572 (sctp_is_addr_restricted(stcb, sifa)) && 2573 (!sctp_is_addr_pending(stcb, sifa)))) { 2574 /* on the no-no list */ 2575 continue; 2576 } 2577 atomic_add_int(&sifa->refcount, 1); 2578 return (sifa); 2579 } 2580 } 2581 2582 } 2583 /* 2584 * if we can't find one like that then we must look at all addresses 2585 * bound to pick one at first preferable then secondly acceptable. 2586 */ 2587 starting_point = stcb->asoc.last_used_address; 2588 sctp_from_the_top: 2589 if (stcb->asoc.last_used_address == NULL) { 2590 start_at_beginning = 1; 2591 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2592 } 2593 /* search beginning with the last used address */ 2594 for (laddr = stcb->asoc.last_used_address; laddr; 2595 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2596 if (laddr->ifa == NULL) { 2597 /* address has been removed */ 2598 continue; 2599 } 2600 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2601 /* address is being deleted */ 2602 continue; 2603 } 2604 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2605 if (sifa == NULL) 2606 continue; 2607 if (((non_asoc_addr_ok == 0) && 2608 (sctp_is_addr_restricted(stcb, sifa))) || 2609 (non_asoc_addr_ok && 2610 (sctp_is_addr_restricted(stcb, sifa)) && 2611 (!sctp_is_addr_pending(stcb, sifa)))) { 2612 /* on the no-no list */ 2613 continue; 2614 } 2615 stcb->asoc.last_used_address = laddr; 2616 atomic_add_int(&sifa->refcount, 1); 2617 return (sifa); 2618 } 2619 if (start_at_beginning == 0) { 2620 stcb->asoc.last_used_address = NULL; 2621 goto sctp_from_the_top; 2622 } 2623 /* now try for any higher scope than the destination */ 2624 stcb->asoc.last_used_address = starting_point; 2625 start_at_beginning = 0; 2626 sctp_from_the_top2: 2627 if (stcb->asoc.last_used_address == NULL) { 2628 start_at_beginning = 1; 2629 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2630 } 2631 /* search beginning with the last used address */ 2632 for (laddr = stcb->asoc.last_used_address; laddr; 2633 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2634 if (laddr->ifa == NULL) { 2635 /* address has been removed */ 2636 continue; 2637 } 2638 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2639 /* address is being deleted */ 2640 continue; 2641 } 2642 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2643 dest_is_priv, fam); 2644 if (sifa == NULL) 2645 continue; 2646 if (((non_asoc_addr_ok == 0) && 2647 (sctp_is_addr_restricted(stcb, sifa))) || 2648 (non_asoc_addr_ok && 2649 (sctp_is_addr_restricted(stcb, sifa)) && 2650 (!sctp_is_addr_pending(stcb, sifa)))) { 2651 /* on the no-no list */ 2652 continue; 2653 } 2654 stcb->asoc.last_used_address = laddr; 2655 atomic_add_int(&sifa->refcount, 1); 2656 return (sifa); 2657 } 2658 if (start_at_beginning == 0) { 2659 stcb->asoc.last_used_address = NULL; 2660 goto sctp_from_the_top2; 2661 } 2662 return (NULL); 2663 } 2664 2665 static struct sctp_ifa * 2666 sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn, 2667 struct sctp_tcb *stcb, 2668 int non_asoc_addr_ok, 2669 uint8_t dest_is_loop, 2670 uint8_t dest_is_priv, 2671 int addr_wanted, 2672 sa_family_t fam, 2673 sctp_route_t * ro 2674 ) 2675 { 2676 struct sctp_ifa *ifa, *sifa; 2677 int num_eligible_addr = 0; 2678 2679 #ifdef INET6 2680 struct sockaddr_in6 sin6, lsa6; 2681 2682 if (fam == AF_INET6) { 2683 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6)); 2684 (void)sa6_recoverscope(&sin6); 2685 } 2686 #endif /* INET6 */ 2687 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2688 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2689 (non_asoc_addr_ok == 0)) 2690 continue; 2691 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2692 dest_is_priv, fam); 2693 if (sifa == NULL) 2694 continue; 2695 #ifdef INET6 2696 if (fam == AF_INET6 && 2697 dest_is_loop && 2698 sifa->src_is_loop && sifa->src_is_priv) { 2699 /* 2700 * don't allow fe80::1 to be a src on loop ::1, we 2701 * don't list it to the peer so we will get an 2702 * abort. 2703 */ 2704 continue; 2705 } 2706 if (fam == AF_INET6 && 2707 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) && 2708 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 2709 /* 2710 * link-local <-> link-local must belong to the same 2711 * scope. 2712 */ 2713 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6)); 2714 (void)sa6_recoverscope(&lsa6); 2715 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) { 2716 continue; 2717 } 2718 } 2719 #endif /* INET6 */ 2720 2721 /* 2722 * Check if the IPv6 address matches to next-hop. In the 2723 * mobile case, old IPv6 address may be not deleted from the 2724 * interface. Then, the interface has previous and new 2725 * addresses. We should use one corresponding to the 2726 * next-hop. (by micchie) 2727 */ 2728 #ifdef INET6 2729 if (stcb && fam == AF_INET6 && 2730 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2731 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) 2732 == 0) { 2733 continue; 2734 } 2735 } 2736 #endif 2737 /* Avoid topologically incorrect IPv4 address */ 2738 if (stcb && fam == AF_INET && 2739 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2740 if (sctp_v4src_match_nexthop(sifa, ro) == 0) { 2741 continue; 2742 } 2743 } 2744 if (stcb) { 2745 if (sctp_is_address_in_scope(ifa, 2746 stcb->asoc.ipv4_addr_legal, 2747 stcb->asoc.ipv6_addr_legal, 2748 stcb->asoc.loopback_scope, 2749 stcb->asoc.ipv4_local_scope, 2750 stcb->asoc.local_scope, 2751 stcb->asoc.site_scope, 0) == 0) { 2752 continue; 2753 } 2754 if (((non_asoc_addr_ok == 0) && 2755 (sctp_is_addr_restricted(stcb, sifa))) || 2756 (non_asoc_addr_ok && 2757 (sctp_is_addr_restricted(stcb, sifa)) && 2758 (!sctp_is_addr_pending(stcb, sifa)))) { 2759 /* 2760 * It is restricted for some reason.. 2761 * probably not yet added. 2762 */ 2763 continue; 2764 } 2765 } 2766 if (num_eligible_addr >= addr_wanted) { 2767 return (sifa); 2768 } 2769 num_eligible_addr++; 2770 } 2771 return (NULL); 2772 } 2773 2774 2775 static int 2776 sctp_count_num_preferred_boundall(struct sctp_ifn *ifn, 2777 struct sctp_tcb *stcb, 2778 int non_asoc_addr_ok, 2779 uint8_t dest_is_loop, 2780 uint8_t dest_is_priv, 2781 sa_family_t fam) 2782 { 2783 struct sctp_ifa *ifa, *sifa; 2784 int num_eligible_addr = 0; 2785 2786 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2787 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2788 (non_asoc_addr_ok == 0)) { 2789 continue; 2790 } 2791 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2792 dest_is_priv, fam); 2793 if (sifa == NULL) { 2794 continue; 2795 } 2796 if (stcb) { 2797 if (sctp_is_address_in_scope(ifa, 2798 stcb->asoc.ipv4_addr_legal, 2799 stcb->asoc.ipv6_addr_legal, 2800 stcb->asoc.loopback_scope, 2801 stcb->asoc.ipv4_local_scope, 2802 stcb->asoc.local_scope, 2803 stcb->asoc.site_scope, 0) == 0) { 2804 continue; 2805 } 2806 if (((non_asoc_addr_ok == 0) && 2807 (sctp_is_addr_restricted(stcb, sifa))) || 2808 (non_asoc_addr_ok && 2809 (sctp_is_addr_restricted(stcb, sifa)) && 2810 (!sctp_is_addr_pending(stcb, sifa)))) { 2811 /* 2812 * It is restricted for some reason.. 2813 * probably not yet added. 2814 */ 2815 continue; 2816 } 2817 } 2818 num_eligible_addr++; 2819 } 2820 return (num_eligible_addr); 2821 } 2822 2823 static struct sctp_ifa * 2824 sctp_choose_boundall(struct sctp_inpcb *inp, 2825 struct sctp_tcb *stcb, 2826 struct sctp_nets *net, 2827 sctp_route_t * ro, 2828 uint32_t vrf_id, 2829 uint8_t dest_is_priv, 2830 uint8_t dest_is_loop, 2831 int non_asoc_addr_ok, 2832 sa_family_t fam) 2833 { 2834 int cur_addr_num = 0, num_preferred = 0; 2835 void *ifn; 2836 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn; 2837 struct sctp_ifa *sctp_ifa, *sifa; 2838 uint32_t ifn_index; 2839 struct sctp_vrf *vrf; 2840 2841 /*- 2842 * For boundall we can use any address in the association. 2843 * If non_asoc_addr_ok is set we can use any address (at least in 2844 * theory). So we look for preferred addresses first. If we find one, 2845 * we use it. Otherwise we next try to get an address on the 2846 * interface, which we should be able to do (unless non_asoc_addr_ok 2847 * is false and we are routed out that way). In these cases where we 2848 * can't use the address of the interface we go through all the 2849 * ifn's looking for an address we can use and fill that in. Punting 2850 * means we send back address 0, which will probably cause problems 2851 * actually since then IP will fill in the address of the route ifn, 2852 * which means we probably already rejected it.. i.e. here comes an 2853 * abort :-<. 2854 */ 2855 vrf = sctp_find_vrf(vrf_id); 2856 if (vrf == NULL) 2857 return (NULL); 2858 2859 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2860 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2861 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2862 if (sctp_ifn == NULL) { 2863 /* ?? We don't have this guy ?? */ 2864 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No ifn emit interface?\n"); 2865 goto bound_all_plan_b; 2866 } 2867 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn_index:%d name:%s is emit interface\n", 2868 ifn_index, sctp_ifn->ifn_name); 2869 2870 if (net) { 2871 cur_addr_num = net->indx_of_eligible_next_to_use; 2872 } 2873 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, 2874 stcb, 2875 non_asoc_addr_ok, 2876 dest_is_loop, 2877 dest_is_priv, fam); 2878 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n", 2879 num_preferred, sctp_ifn->ifn_name); 2880 if (num_preferred == 0) { 2881 /* 2882 * no eligible addresses, we must use some other interface 2883 * address if we can find one. 2884 */ 2885 goto bound_all_plan_b; 2886 } 2887 /* 2888 * Ok we have num_eligible_addr set with how many we can use, this 2889 * may vary from call to call due to addresses being deprecated 2890 * etc.. 2891 */ 2892 if (cur_addr_num >= num_preferred) { 2893 cur_addr_num = 0; 2894 } 2895 /* 2896 * select the nth address from the list (where cur_addr_num is the 2897 * nth) and 0 is the first one, 1 is the second one etc... 2898 */ 2899 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num); 2900 2901 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2902 dest_is_priv, cur_addr_num, fam, ro); 2903 2904 /* if sctp_ifa is NULL something changed??, fall to plan b. */ 2905 if (sctp_ifa) { 2906 atomic_add_int(&sctp_ifa->refcount, 1); 2907 if (net) { 2908 /* save off where the next one we will want */ 2909 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2910 } 2911 return (sctp_ifa); 2912 } 2913 /* 2914 * plan_b: Look at all interfaces and find a preferred address. If 2915 * no preferred fall through to plan_c. 2916 */ 2917 bound_all_plan_b: 2918 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n"); 2919 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2920 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n", 2921 sctp_ifn->ifn_name); 2922 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2923 /* wrong base scope */ 2924 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n"); 2925 continue; 2926 } 2927 if ((sctp_ifn == looked_at) && looked_at) { 2928 /* already looked at this guy */ 2929 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n"); 2930 continue; 2931 } 2932 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, stcb, non_asoc_addr_ok, 2933 dest_is_loop, dest_is_priv, fam); 2934 SCTPDBG(SCTP_DEBUG_OUTPUT2, 2935 "Found ifn:%p %d preferred source addresses\n", 2936 ifn, num_preferred); 2937 if (num_preferred == 0) { 2938 /* None on this interface. */ 2939 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n"); 2940 continue; 2941 } 2942 SCTPDBG(SCTP_DEBUG_OUTPUT2, 2943 "num preferred:%d on interface:%p cur_addr_num:%d\n", 2944 num_preferred, sctp_ifn, cur_addr_num); 2945 2946 /* 2947 * Ok we have num_eligible_addr set with how many we can 2948 * use, this may vary from call to call due to addresses 2949 * being deprecated etc.. 2950 */ 2951 if (cur_addr_num >= num_preferred) { 2952 cur_addr_num = 0; 2953 } 2954 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2955 dest_is_priv, cur_addr_num, fam, ro); 2956 if (sifa == NULL) 2957 continue; 2958 if (net) { 2959 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2960 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n", 2961 cur_addr_num); 2962 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:"); 2963 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 2964 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:"); 2965 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa); 2966 } 2967 atomic_add_int(&sifa->refcount, 1); 2968 return (sifa); 2969 2970 } 2971 2972 /* plan_c: do we have an acceptable address on the emit interface */ 2973 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan C: find acceptable on interface\n"); 2974 if (emit_ifn == NULL) { 2975 goto plan_d; 2976 } 2977 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { 2978 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2979 (non_asoc_addr_ok == 0)) 2980 continue; 2981 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, 2982 dest_is_priv, fam); 2983 if (sifa == NULL) 2984 continue; 2985 if (stcb) { 2986 if (sctp_is_address_in_scope(sifa, 2987 stcb->asoc.ipv4_addr_legal, 2988 stcb->asoc.ipv6_addr_legal, 2989 stcb->asoc.loopback_scope, 2990 stcb->asoc.ipv4_local_scope, 2991 stcb->asoc.local_scope, 2992 stcb->asoc.site_scope, 0) == 0) { 2993 continue; 2994 } 2995 if (((non_asoc_addr_ok == 0) && 2996 (sctp_is_addr_restricted(stcb, sifa))) || 2997 (non_asoc_addr_ok && 2998 (sctp_is_addr_restricted(stcb, sifa)) && 2999 (!sctp_is_addr_pending(stcb, sifa)))) { 3000 /* 3001 * It is restricted for some reason.. 3002 * probably not yet added. 3003 */ 3004 continue; 3005 } 3006 } 3007 atomic_add_int(&sifa->refcount, 1); 3008 return (sifa); 3009 } 3010 plan_d: 3011 /* 3012 * plan_d: We are in trouble. No preferred address on the emit 3013 * interface. And not even a preferred address on all interfaces. Go 3014 * out and see if we can find an acceptable address somewhere 3015 * amongst all interfaces. 3016 */ 3017 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D\n"); 3018 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3019 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3020 /* wrong base scope */ 3021 continue; 3022 } 3023 if ((sctp_ifn == looked_at) && looked_at) 3024 /* already looked at this guy */ 3025 continue; 3026 3027 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3028 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3029 (non_asoc_addr_ok == 0)) 3030 continue; 3031 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 3032 dest_is_loop, 3033 dest_is_priv, fam); 3034 if (sifa == NULL) 3035 continue; 3036 if (stcb) { 3037 if (sctp_is_address_in_scope(sifa, 3038 stcb->asoc.ipv4_addr_legal, 3039 stcb->asoc.ipv6_addr_legal, 3040 stcb->asoc.loopback_scope, 3041 stcb->asoc.ipv4_local_scope, 3042 stcb->asoc.local_scope, 3043 stcb->asoc.site_scope, 0) == 0) { 3044 continue; 3045 } 3046 if (((non_asoc_addr_ok == 0) && 3047 (sctp_is_addr_restricted(stcb, sifa))) || 3048 (non_asoc_addr_ok && 3049 (sctp_is_addr_restricted(stcb, sifa)) && 3050 (!sctp_is_addr_pending(stcb, sifa)))) { 3051 /* 3052 * It is restricted for some 3053 * reason.. probably not yet added. 3054 */ 3055 continue; 3056 } 3057 } 3058 atomic_add_int(&sifa->refcount, 1); 3059 return (sifa); 3060 } 3061 } 3062 /* 3063 * Ok we can find NO address to source from that is not on our 3064 * restricted list and non_asoc_address is NOT ok, or it is on our 3065 * restricted list. We can't source to it :-( 3066 */ 3067 return (NULL); 3068 } 3069 3070 3071 3072 /* tcb may be NULL */ 3073 struct sctp_ifa * 3074 sctp_source_address_selection(struct sctp_inpcb *inp, 3075 struct sctp_tcb *stcb, 3076 sctp_route_t * ro, 3077 struct sctp_nets *net, 3078 int non_asoc_addr_ok, uint32_t vrf_id) 3079 { 3080 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 3081 3082 #ifdef INET6 3083 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst; 3084 3085 #endif 3086 struct sctp_ifa *answer; 3087 uint8_t dest_is_priv, dest_is_loop; 3088 sa_family_t fam; 3089 3090 /*- 3091 * Rules: - Find the route if needed, cache if I can. - Look at 3092 * interface address in route, Is it in the bound list. If so we 3093 * have the best source. - If not we must rotate amongst the 3094 * addresses. 3095 * 3096 * Cavets and issues 3097 * 3098 * Do we need to pay attention to scope. We can have a private address 3099 * or a global address we are sourcing or sending to. So if we draw 3100 * it out 3101 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3102 * For V4 3103 * ------------------------------------------ 3104 * source * dest * result 3105 * ----------------------------------------- 3106 * <a> Private * Global * NAT 3107 * ----------------------------------------- 3108 * <b> Private * Private * No problem 3109 * ----------------------------------------- 3110 * <c> Global * Private * Huh, How will this work? 3111 * ----------------------------------------- 3112 * <d> Global * Global * No Problem 3113 *------------------------------------------ 3114 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3115 * For V6 3116 *------------------------------------------ 3117 * source * dest * result 3118 * ----------------------------------------- 3119 * <a> Linklocal * Global * 3120 * ----------------------------------------- 3121 * <b> Linklocal * Linklocal * No problem 3122 * ----------------------------------------- 3123 * <c> Global * Linklocal * Huh, How will this work? 3124 * ----------------------------------------- 3125 * <d> Global * Global * No Problem 3126 *------------------------------------------ 3127 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3128 * 3129 * And then we add to that what happens if there are multiple addresses 3130 * assigned to an interface. Remember the ifa on a ifn is a linked 3131 * list of addresses. So one interface can have more than one IP 3132 * address. What happens if we have both a private and a global 3133 * address? Do we then use context of destination to sort out which 3134 * one is best? And what about NAT's sending P->G may get you a NAT 3135 * translation, or should you select the G thats on the interface in 3136 * preference. 3137 * 3138 * Decisions: 3139 * 3140 * - count the number of addresses on the interface. 3141 * - if it is one, no problem except case <c>. 3142 * For <a> we will assume a NAT out there. 3143 * - if there are more than one, then we need to worry about scope P 3144 * or G. We should prefer G -> G and P -> P if possible. 3145 * Then as a secondary fall back to mixed types G->P being a last 3146 * ditch one. 3147 * - The above all works for bound all, but bound specific we need to 3148 * use the same concept but instead only consider the bound 3149 * addresses. If the bound set is NOT assigned to the interface then 3150 * we must use rotation amongst the bound addresses.. 3151 */ 3152 if (ro->ro_rt == NULL) { 3153 /* 3154 * Need a route to cache. 3155 */ 3156 SCTP_RTALLOC(ro, vrf_id); 3157 } 3158 if (ro->ro_rt == NULL) { 3159 return (NULL); 3160 } 3161 fam = to->sin_family; 3162 dest_is_priv = dest_is_loop = 0; 3163 /* Setup our scopes for the destination */ 3164 switch (fam) { 3165 case AF_INET: 3166 /* Scope based on outbound address */ 3167 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3168 dest_is_loop = 1; 3169 if (net != NULL) { 3170 /* mark it as local */ 3171 net->addr_is_local = 1; 3172 } 3173 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 3174 dest_is_priv = 1; 3175 } 3176 break; 3177 #ifdef INET6 3178 case AF_INET6: 3179 /* Scope based on outbound address */ 3180 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) || 3181 SCTP_ROUTE_IS_REAL_LOOP(ro)) { 3182 /* 3183 * If the address is a loopback address, which 3184 * consists of "::1" OR "fe80::1%lo0", we are 3185 * loopback scope. But we don't use dest_is_priv 3186 * (link local addresses). 3187 */ 3188 dest_is_loop = 1; 3189 if (net != NULL) { 3190 /* mark it as local */ 3191 net->addr_is_local = 1; 3192 } 3193 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3194 dest_is_priv = 1; 3195 } 3196 break; 3197 #endif 3198 } 3199 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:"); 3200 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)to); 3201 SCTP_IPI_ADDR_RLOCK(); 3202 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3203 /* 3204 * Bound all case 3205 */ 3206 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, 3207 dest_is_priv, dest_is_loop, 3208 non_asoc_addr_ok, fam); 3209 SCTP_IPI_ADDR_RUNLOCK(); 3210 return (answer); 3211 } 3212 /* 3213 * Subset bound case 3214 */ 3215 if (stcb) { 3216 answer = sctp_choose_boundspecific_stcb(inp, stcb, net, ro, 3217 vrf_id, dest_is_priv, 3218 dest_is_loop, 3219 non_asoc_addr_ok, fam); 3220 } else { 3221 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id, 3222 non_asoc_addr_ok, 3223 dest_is_priv, 3224 dest_is_loop, fam); 3225 } 3226 SCTP_IPI_ADDR_RUNLOCK(); 3227 return (answer); 3228 } 3229 3230 static int 3231 sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize) 3232 { 3233 struct cmsghdr cmh; 3234 int tlen, at; 3235 3236 tlen = SCTP_BUF_LEN(control); 3237 at = 0; 3238 /* 3239 * Independent of how many mbufs, find the c_type inside the control 3240 * structure and copy out the data. 3241 */ 3242 while (at < tlen) { 3243 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3244 /* not enough room for one more we are done. */ 3245 return (0); 3246 } 3247 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3248 if (((int)cmh.cmsg_len + at) > tlen) { 3249 /* 3250 * this is real messed up since there is not enough 3251 * data here to cover the cmsg header. We are done. 3252 */ 3253 return (0); 3254 } 3255 if ((cmh.cmsg_level == IPPROTO_SCTP) && 3256 (c_type == cmh.cmsg_type)) { 3257 /* found the one we want, copy it out */ 3258 at += CMSG_ALIGN(sizeof(struct cmsghdr)); 3259 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) { 3260 /* 3261 * space of cmsg_len after header not big 3262 * enough 3263 */ 3264 return (0); 3265 } 3266 m_copydata(control, at, cpsize, data); 3267 return (1); 3268 } else { 3269 at += CMSG_ALIGN(cmh.cmsg_len); 3270 if (cmh.cmsg_len == 0) { 3271 break; 3272 } 3273 } 3274 } 3275 /* not found */ 3276 return (0); 3277 } 3278 3279 static struct mbuf * 3280 sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset, 3281 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t ** signature) 3282 { 3283 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 3284 struct sctp_state_cookie *stc; 3285 struct sctp_paramhdr *ph; 3286 uint8_t *foo; 3287 int sig_offset; 3288 uint16_t cookie_sz; 3289 3290 mret = NULL; 3291 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) + 3292 sizeof(struct sctp_paramhdr)), 0, 3293 M_DONTWAIT, 1, MT_DATA); 3294 if (mret == NULL) { 3295 return (NULL); 3296 } 3297 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_DONTWAIT); 3298 if (copy_init == NULL) { 3299 sctp_m_freem(mret); 3300 return (NULL); 3301 } 3302 #ifdef SCTP_MBUF_LOGGING 3303 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3304 struct mbuf *mat; 3305 3306 mat = copy_init; 3307 while (mat) { 3308 if (SCTP_BUF_IS_EXTENDED(mat)) { 3309 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3310 } 3311 mat = SCTP_BUF_NEXT(mat); 3312 } 3313 } 3314 #endif 3315 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL, 3316 M_DONTWAIT); 3317 if (copy_initack == NULL) { 3318 sctp_m_freem(mret); 3319 sctp_m_freem(copy_init); 3320 return (NULL); 3321 } 3322 #ifdef SCTP_MBUF_LOGGING 3323 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3324 struct mbuf *mat; 3325 3326 mat = copy_initack; 3327 while (mat) { 3328 if (SCTP_BUF_IS_EXTENDED(mat)) { 3329 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3330 } 3331 mat = SCTP_BUF_NEXT(mat); 3332 } 3333 } 3334 #endif 3335 /* easy side we just drop it on the end */ 3336 ph = mtod(mret, struct sctp_paramhdr *); 3337 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) + 3338 sizeof(struct sctp_paramhdr); 3339 stc = (struct sctp_state_cookie *)((caddr_t)ph + 3340 sizeof(struct sctp_paramhdr)); 3341 ph->param_type = htons(SCTP_STATE_COOKIE); 3342 ph->param_length = 0; /* fill in at the end */ 3343 /* Fill in the stc cookie data */ 3344 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie)); 3345 3346 /* tack the INIT and then the INIT-ACK onto the chain */ 3347 cookie_sz = 0; 3348 m_at = mret; 3349 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3350 cookie_sz += SCTP_BUF_LEN(m_at); 3351 if (SCTP_BUF_NEXT(m_at) == NULL) { 3352 SCTP_BUF_NEXT(m_at) = copy_init; 3353 break; 3354 } 3355 } 3356 3357 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3358 cookie_sz += SCTP_BUF_LEN(m_at); 3359 if (SCTP_BUF_NEXT(m_at) == NULL) { 3360 SCTP_BUF_NEXT(m_at) = copy_initack; 3361 break; 3362 } 3363 } 3364 3365 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3366 cookie_sz += SCTP_BUF_LEN(m_at); 3367 if (SCTP_BUF_NEXT(m_at) == NULL) { 3368 break; 3369 } 3370 } 3371 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_DONTWAIT, 1, MT_DATA); 3372 if (sig == NULL) { 3373 /* no space, so free the entire chain */ 3374 sctp_m_freem(mret); 3375 return (NULL); 3376 } 3377 SCTP_BUF_LEN(sig) = 0; 3378 SCTP_BUF_NEXT(m_at) = sig; 3379 sig_offset = 0; 3380 foo = (uint8_t *) (mtod(sig, caddr_t)+sig_offset); 3381 memset(foo, 0, SCTP_SIGNATURE_SIZE); 3382 *signature = foo; 3383 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE; 3384 cookie_sz += SCTP_SIGNATURE_SIZE; 3385 ph->param_length = htons(cookie_sz); 3386 return (mret); 3387 } 3388 3389 3390 static uint8_t 3391 sctp_get_ect(struct sctp_tcb *stcb, 3392 struct sctp_tmit_chunk *chk) 3393 { 3394 if ((stcb != NULL) && (stcb->asoc.ecn_allowed == 1)) { 3395 return (SCTP_ECT0_BIT); 3396 } else { 3397 return (0); 3398 } 3399 } 3400 3401 static int 3402 sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 3403 struct sctp_tcb *stcb, /* may be NULL */ 3404 struct sctp_nets *net, 3405 struct sockaddr *to, 3406 struct mbuf *m, 3407 uint32_t auth_offset, 3408 struct sctp_auth_chunk *auth, 3409 uint16_t auth_keyid, 3410 int nofragment_flag, 3411 int ecn_ok, 3412 struct sctp_tmit_chunk *chk, 3413 int out_of_asoc_ok, 3414 uint16_t src_port, 3415 uint16_t dest_port, 3416 uint32_t v_tag, 3417 uint16_t port, 3418 int so_locked, 3419 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3420 SCTP_UNUSED 3421 #endif 3422 union sctp_sockstore *over_addr, 3423 struct mbuf *init 3424 ) 3425 /* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 3426 { 3427 /* 3428 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet 3429 * header WITH an SCTPHDR but no IP header, endpoint inp and sa 3430 * structure: - fill in the HMAC digest of any AUTH chunk in the 3431 * packet. - calculate and fill in the SCTP checksum. - prepend an 3432 * IP address header. - if boundall use INADDR_ANY. - if 3433 * boundspecific do source address selection. - set fragmentation 3434 * option for ipV4. - On return from IP output, check/adjust mtu 3435 * size of output interface and smallest_mtu size as well. 3436 */ 3437 /* Will need ifdefs around this */ 3438 struct mbuf *o_pak; 3439 struct mbuf *newm; 3440 struct sctphdr *sctphdr; 3441 int packet_length; 3442 int ret; 3443 uint32_t vrf_id; 3444 sctp_route_t *ro = NULL; 3445 struct udphdr *udp = NULL; 3446 3447 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3448 struct socket *so = NULL; 3449 3450 #endif 3451 3452 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 3453 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 3454 sctp_m_freem(m); 3455 return (EFAULT); 3456 } 3457 if (stcb) { 3458 vrf_id = stcb->asoc.vrf_id; 3459 } else { 3460 vrf_id = inp->def_vrf_id; 3461 } 3462 3463 /* fill in the HMAC digest for any AUTH chunk in the packet */ 3464 if ((auth != NULL) && (stcb != NULL)) { 3465 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid); 3466 } 3467 if (to->sa_family == AF_INET) { 3468 struct ip *ip = NULL; 3469 sctp_route_t iproute; 3470 uint8_t tos_value; 3471 int len; 3472 3473 len = sizeof(struct ip) + sizeof(struct sctphdr); 3474 if (port) { 3475 len += sizeof(struct udphdr); 3476 } 3477 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA); 3478 if (newm == NULL) { 3479 sctp_m_freem(m); 3480 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3481 return (ENOMEM); 3482 } 3483 SCTP_ALIGN_TO_END(newm, len); 3484 SCTP_BUF_LEN(newm) = len; 3485 SCTP_BUF_NEXT(newm) = m; 3486 m = newm; 3487 if (net != NULL) { 3488 #ifdef INVARIANTS 3489 if (net->flowidset == 0) { 3490 panic("Flow ID not set"); 3491 } 3492 #endif 3493 m->m_pkthdr.flowid = net->flowid; 3494 m->m_flags |= M_FLOWID; 3495 } else { 3496 if ((init != NULL) && (init->m_flags & M_FLOWID)) { 3497 m->m_pkthdr.flowid = init->m_pkthdr.flowid; 3498 m->m_flags |= M_FLOWID; 3499 } 3500 } 3501 packet_length = sctp_calculate_len(m); 3502 ip = mtod(m, struct ip *); 3503 ip->ip_v = IPVERSION; 3504 ip->ip_hl = (sizeof(struct ip) >> 2); 3505 if (net) { 3506 tos_value = net->tos_flowlabel & 0x000000ff; 3507 } else { 3508 tos_value = inp->ip_inp.inp.inp_ip_tos; 3509 } 3510 if ((nofragment_flag) && (port == 0)) { 3511 ip->ip_off = IP_DF; 3512 } else 3513 ip->ip_off = 0; 3514 3515 /* FreeBSD has a function for ip_id's */ 3516 ip->ip_id = ip_newid(); 3517 3518 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; 3519 ip->ip_len = packet_length; 3520 ip->ip_tos = tos_value & 0xfc; 3521 if (ecn_ok) { 3522 ip->ip_tos |= sctp_get_ect(stcb, chk); 3523 } 3524 if (port) { 3525 ip->ip_p = IPPROTO_UDP; 3526 } else { 3527 ip->ip_p = IPPROTO_SCTP; 3528 } 3529 ip->ip_sum = 0; 3530 if (net == NULL) { 3531 ro = &iproute; 3532 memset(&iproute, 0, sizeof(iproute)); 3533 memcpy(&ro->ro_dst, to, to->sa_len); 3534 } else { 3535 ro = (sctp_route_t *) & net->ro; 3536 } 3537 /* Now the address selection part */ 3538 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr; 3539 3540 /* call the routine to select the src address */ 3541 if (net && out_of_asoc_ok == 0) { 3542 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 3543 sctp_free_ifa(net->ro._s_addr); 3544 net->ro._s_addr = NULL; 3545 net->src_addr_selected = 0; 3546 if (ro->ro_rt) { 3547 RTFREE(ro->ro_rt); 3548 ro->ro_rt = NULL; 3549 } 3550 } 3551 if (net->src_addr_selected == 0) { 3552 /* Cache the source address */ 3553 net->ro._s_addr = sctp_source_address_selection(inp, stcb, 3554 ro, net, 0, 3555 vrf_id); 3556 net->src_addr_selected = 1; 3557 } 3558 if (net->ro._s_addr == NULL) { 3559 /* No route to host */ 3560 net->src_addr_selected = 0; 3561 goto no_route; 3562 } 3563 ip->ip_src = net->ro._s_addr->address.sin.sin_addr; 3564 } else { 3565 if (over_addr == NULL) { 3566 struct sctp_ifa *_lsrc; 3567 3568 _lsrc = sctp_source_address_selection(inp, stcb, ro, 3569 net, 3570 out_of_asoc_ok, 3571 vrf_id); 3572 if (_lsrc == NULL) { 3573 goto no_route; 3574 } 3575 ip->ip_src = _lsrc->address.sin.sin_addr; 3576 sctp_free_ifa(_lsrc); 3577 } else { 3578 ip->ip_src = over_addr->sin.sin_addr; 3579 SCTP_RTALLOC(ro, vrf_id); 3580 } 3581 } 3582 if (port) { 3583 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip)); 3584 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 3585 udp->uh_dport = port; 3586 udp->uh_ulen = htons(packet_length - sizeof(struct ip)); 3587 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 3588 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 3589 } else { 3590 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip)); 3591 } 3592 3593 sctphdr->src_port = src_port; 3594 sctphdr->dest_port = dest_port; 3595 sctphdr->v_tag = v_tag; 3596 sctphdr->checksum = 0; 3597 3598 /* 3599 * If source address selection fails and we find no route 3600 * then the ip_output should fail as well with a 3601 * NO_ROUTE_TO_HOST type error. We probably should catch 3602 * that somewhere and abort the association right away 3603 * (assuming this is an INIT being sent). 3604 */ 3605 if ((ro->ro_rt == NULL)) { 3606 /* 3607 * src addr selection failed to find a route (or 3608 * valid source addr), so we can't get there from 3609 * here (yet)! 3610 */ 3611 no_route: 3612 SCTPDBG(SCTP_DEBUG_OUTPUT1, 3613 "%s: dropped packet - no valid source addr\n", 3614 __FUNCTION__); 3615 if (net) { 3616 SCTPDBG(SCTP_DEBUG_OUTPUT1, 3617 "Destination was "); 3618 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, 3619 &net->ro._l_addr.sa); 3620 if (net->dest_state & SCTP_ADDR_CONFIRMED) { 3621 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) { 3622 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", net); 3623 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 3624 stcb, 3625 SCTP_FAILED_THRESHOLD, 3626 (void *)net, 3627 so_locked); 3628 net->dest_state &= ~SCTP_ADDR_REACHABLE; 3629 net->dest_state |= SCTP_ADDR_NOT_REACHABLE; 3630 /* 3631 * JRS 5/14/07 - If a 3632 * destination is 3633 * unreachable, the PF bit 3634 * is turned off. This 3635 * allows an unambiguous use 3636 * of the PF bit for 3637 * destinations that are 3638 * reachable but potentially 3639 * failed. If the 3640 * destination is set to the 3641 * unreachable state, also 3642 * set the destination to 3643 * the PF state. 3644 */ 3645 /* 3646 * Add debug message here if 3647 * destination is not in PF 3648 * state. 3649 */ 3650 /* 3651 * Stop any running T3 3652 * timers here? 3653 */ 3654 if ((stcb->asoc.sctp_cmt_on_off > 0) && 3655 (stcb->asoc.sctp_cmt_pf > 0)) { 3656 net->dest_state &= ~SCTP_ADDR_PF; 3657 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination %p moved from PF to unreachable.\n", 3658 net); 3659 } 3660 } 3661 } 3662 if (stcb) { 3663 if (net == stcb->asoc.primary_destination) { 3664 /* need a new primary */ 3665 struct sctp_nets *alt; 3666 3667 alt = sctp_find_alternate_net(stcb, net, 0); 3668 if (alt != net) { 3669 if (sctp_set_primary_addr(stcb, 3670 (struct sockaddr *)NULL, 3671 alt) == 0) { 3672 net->dest_state |= SCTP_ADDR_WAS_PRIMARY; 3673 if (net->ro._s_addr) { 3674 sctp_free_ifa(net->ro._s_addr); 3675 net->ro._s_addr = NULL; 3676 } 3677 net->src_addr_selected = 0; 3678 } 3679 } 3680 } 3681 } 3682 } 3683 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 3684 sctp_m_freem(m); 3685 return (EHOSTUNREACH); 3686 } 3687 if (ro != &iproute) { 3688 memcpy(&iproute, ro, sizeof(*ro)); 3689 } 3690 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n", 3691 (uint32_t) (ntohl(ip->ip_src.s_addr))); 3692 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n", 3693 (uint32_t) (ntohl(ip->ip_dst.s_addr))); 3694 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n", 3695 ro->ro_rt); 3696 3697 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 3698 /* failed to prepend data, give up */ 3699 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3700 sctp_m_freem(m); 3701 return (ENOMEM); 3702 } 3703 #ifdef SCTP_PACKET_LOGGING 3704 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 3705 sctp_packet_log(m, packet_length); 3706 #endif 3707 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 3708 if (port) { 3709 #if defined(SCTP_WITH_NO_CSUM) 3710 SCTP_STAT_INCR(sctps_sendnocrc); 3711 #else 3712 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 3713 (stcb) && 3714 (stcb->asoc.loopback_scope))) { 3715 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr)); 3716 SCTP_STAT_INCR(sctps_sendswcrc); 3717 } else { 3718 SCTP_STAT_INCR(sctps_sendnocrc); 3719 } 3720 #endif 3721 SCTP_ENABLE_UDP_CSUM(o_pak); 3722 } else { 3723 #if defined(SCTP_WITH_NO_CSUM) 3724 SCTP_STAT_INCR(sctps_sendnocrc); 3725 #else 3726 m->m_pkthdr.csum_flags = CSUM_SCTP; 3727 m->m_pkthdr.csum_data = 0; 3728 SCTP_STAT_INCR(sctps_sendhwcrc); 3729 #endif 3730 } 3731 /* send it out. table id is taken from stcb */ 3732 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3733 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 3734 so = SCTP_INP_SO(inp); 3735 SCTP_SOCKET_UNLOCK(so, 0); 3736 } 3737 #endif 3738 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id); 3739 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3740 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 3741 atomic_add_int(&stcb->asoc.refcnt, 1); 3742 SCTP_TCB_UNLOCK(stcb); 3743 SCTP_SOCKET_LOCK(so, 0); 3744 SCTP_TCB_LOCK(stcb); 3745 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3746 } 3747 #endif 3748 SCTP_STAT_INCR(sctps_sendpackets); 3749 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 3750 if (ret) 3751 SCTP_STAT_INCR(sctps_senderrors); 3752 3753 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret); 3754 if (net == NULL) { 3755 /* free tempy routes */ 3756 if (ro->ro_rt) { 3757 RTFREE(ro->ro_rt); 3758 ro->ro_rt = NULL; 3759 } 3760 } else { 3761 /* PMTU check versus smallest asoc MTU goes here */ 3762 if ((ro->ro_rt != NULL) && 3763 (net->ro._s_addr)) { 3764 uint32_t mtu; 3765 3766 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 3767 if (net->port) { 3768 mtu -= sizeof(struct udphdr); 3769 } 3770 if (mtu && (stcb->asoc.smallest_mtu > mtu)) { 3771 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 3772 net->mtu = mtu; 3773 } 3774 } else if (ro->ro_rt == NULL) { 3775 /* route was freed */ 3776 if (net->ro._s_addr && 3777 net->src_addr_selected) { 3778 sctp_free_ifa(net->ro._s_addr); 3779 net->ro._s_addr = NULL; 3780 } 3781 net->src_addr_selected = 0; 3782 } 3783 } 3784 return (ret); 3785 } 3786 #ifdef INET6 3787 else if (to->sa_family == AF_INET6) { 3788 uint32_t flowlabel; 3789 struct ip6_hdr *ip6h; 3790 struct route_in6 ip6route; 3791 struct ifnet *ifp; 3792 u_char flowTop; 3793 uint16_t flowBottom; 3794 u_char tosBottom, tosTop; 3795 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 3796 int prev_scope = 0; 3797 struct sockaddr_in6 lsa6_storage; 3798 int error; 3799 u_short prev_port = 0; 3800 int len; 3801 3802 if (net != NULL) { 3803 flowlabel = net->tos_flowlabel; 3804 } else { 3805 flowlabel = ((struct in6pcb *)inp)->in6p_flowinfo; 3806 } 3807 3808 len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr); 3809 if (port) { 3810 len += sizeof(struct udphdr); 3811 } 3812 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA); 3813 if (newm == NULL) { 3814 sctp_m_freem(m); 3815 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3816 return (ENOMEM); 3817 } 3818 SCTP_ALIGN_TO_END(newm, len); 3819 SCTP_BUF_LEN(newm) = len; 3820 SCTP_BUF_NEXT(newm) = m; 3821 m = newm; 3822 if (net != NULL) { 3823 #ifdef INVARIANTS 3824 if (net->flowidset == 0) { 3825 panic("Flow ID not set"); 3826 } 3827 #endif 3828 m->m_pkthdr.flowid = net->flowid; 3829 m->m_flags |= M_FLOWID; 3830 } else { 3831 if ((init != NULL) && (init->m_flags & M_FLOWID)) { 3832 m->m_pkthdr.flowid = init->m_pkthdr.flowid; 3833 m->m_flags |= M_FLOWID; 3834 } 3835 } 3836 packet_length = sctp_calculate_len(m); 3837 3838 ip6h = mtod(m, struct ip6_hdr *); 3839 /* 3840 * We assume here that inp_flow is in host byte order within 3841 * the TCB! 3842 */ 3843 flowBottom = flowlabel & 0x0000ffff; 3844 flowTop = ((flowlabel & 0x000f0000) >> 16); 3845 tosTop = (((flowlabel & 0xf0) >> 4) | IPV6_VERSION); 3846 /* protect *sin6 from overwrite */ 3847 sin6 = (struct sockaddr_in6 *)to; 3848 tmp = *sin6; 3849 sin6 = &tmp; 3850 3851 /* KAME hack: embed scopeid */ 3852 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3853 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3854 return (EINVAL); 3855 } 3856 if (net == NULL) { 3857 memset(&ip6route, 0, sizeof(ip6route)); 3858 ro = (sctp_route_t *) & ip6route; 3859 memcpy(&ro->ro_dst, sin6, sin6->sin6_len); 3860 } else { 3861 ro = (sctp_route_t *) & net->ro; 3862 } 3863 tosBottom = (((struct in6pcb *)inp)->in6p_flowinfo & 0x0c); 3864 if (ecn_ok) { 3865 tosBottom |= sctp_get_ect(stcb, chk); 3866 } 3867 tosBottom <<= 4; 3868 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom | flowTop) << 16) | flowBottom)); 3869 if (port) { 3870 ip6h->ip6_nxt = IPPROTO_UDP; 3871 } else { 3872 ip6h->ip6_nxt = IPPROTO_SCTP; 3873 } 3874 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr)); 3875 ip6h->ip6_dst = sin6->sin6_addr; 3876 3877 /* 3878 * Add SRC address selection here: we can only reuse to a 3879 * limited degree the kame src-addr-sel, since we can try 3880 * their selection but it may not be bound. 3881 */ 3882 bzero(&lsa6_tmp, sizeof(lsa6_tmp)); 3883 lsa6_tmp.sin6_family = AF_INET6; 3884 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 3885 lsa6 = &lsa6_tmp; 3886 if (net && out_of_asoc_ok == 0) { 3887 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 3888 sctp_free_ifa(net->ro._s_addr); 3889 net->ro._s_addr = NULL; 3890 net->src_addr_selected = 0; 3891 if (ro->ro_rt) { 3892 RTFREE(ro->ro_rt); 3893 ro->ro_rt = NULL; 3894 } 3895 } 3896 if (net->src_addr_selected == 0) { 3897 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3898 /* KAME hack: embed scopeid */ 3899 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3900 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3901 return (EINVAL); 3902 } 3903 /* Cache the source address */ 3904 net->ro._s_addr = sctp_source_address_selection(inp, 3905 stcb, 3906 ro, 3907 net, 3908 0, 3909 vrf_id); 3910 (void)sa6_recoverscope(sin6); 3911 net->src_addr_selected = 1; 3912 } 3913 if (net->ro._s_addr == NULL) { 3914 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n"); 3915 net->src_addr_selected = 0; 3916 goto no_route; 3917 } 3918 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr; 3919 } else { 3920 sin6 = (struct sockaddr_in6 *)&ro->ro_dst; 3921 /* KAME hack: embed scopeid */ 3922 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3923 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3924 return (EINVAL); 3925 } 3926 if (over_addr == NULL) { 3927 struct sctp_ifa *_lsrc; 3928 3929 _lsrc = sctp_source_address_selection(inp, stcb, ro, 3930 net, 3931 out_of_asoc_ok, 3932 vrf_id); 3933 if (_lsrc == NULL) { 3934 goto no_route; 3935 } 3936 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr; 3937 sctp_free_ifa(_lsrc); 3938 } else { 3939 lsa6->sin6_addr = over_addr->sin6.sin6_addr; 3940 SCTP_RTALLOC(ro, vrf_id); 3941 } 3942 (void)sa6_recoverscope(sin6); 3943 } 3944 lsa6->sin6_port = inp->sctp_lport; 3945 3946 if (ro->ro_rt == NULL) { 3947 /* 3948 * src addr selection failed to find a route (or 3949 * valid source addr), so we can't get there from 3950 * here! 3951 */ 3952 goto no_route; 3953 } 3954 /* 3955 * XXX: sa6 may not have a valid sin6_scope_id in the 3956 * non-SCOPEDROUTING case. 3957 */ 3958 bzero(&lsa6_storage, sizeof(lsa6_storage)); 3959 lsa6_storage.sin6_family = AF_INET6; 3960 lsa6_storage.sin6_len = sizeof(lsa6_storage); 3961 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3962 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) { 3963 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error); 3964 sctp_m_freem(m); 3965 return (error); 3966 } 3967 /* XXX */ 3968 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3969 lsa6_storage.sin6_port = inp->sctp_lport; 3970 lsa6 = &lsa6_storage; 3971 ip6h->ip6_src = lsa6->sin6_addr; 3972 3973 if (port) { 3974 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 3975 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 3976 udp->uh_dport = port; 3977 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr)); 3978 udp->uh_sum = 0; 3979 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 3980 } else { 3981 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 3982 } 3983 3984 sctphdr->src_port = src_port; 3985 sctphdr->dest_port = dest_port; 3986 sctphdr->v_tag = v_tag; 3987 sctphdr->checksum = 0; 3988 3989 /* 3990 * We set the hop limit now since there is a good chance 3991 * that our ro pointer is now filled 3992 */ 3993 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro); 3994 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 3995 3996 #ifdef SCTP_DEBUG 3997 /* Copy to be sure something bad is not happening */ 3998 sin6->sin6_addr = ip6h->ip6_dst; 3999 lsa6->sin6_addr = ip6h->ip6_src; 4000 #endif 4001 4002 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n"); 4003 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: "); 4004 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6); 4005 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: "); 4006 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6); 4007 if (net) { 4008 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4009 /* preserve the port and scope for link local send */ 4010 prev_scope = sin6->sin6_scope_id; 4011 prev_port = sin6->sin6_port; 4012 } 4013 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 4014 /* failed to prepend data, give up */ 4015 sctp_m_freem(m); 4016 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4017 return (ENOMEM); 4018 } 4019 #ifdef SCTP_PACKET_LOGGING 4020 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4021 sctp_packet_log(m, packet_length); 4022 #endif 4023 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4024 if (port) { 4025 #if defined(SCTP_WITH_NO_CSUM) 4026 SCTP_STAT_INCR(sctps_sendnocrc); 4027 #else 4028 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4029 (stcb) && 4030 (stcb->asoc.loopback_scope))) { 4031 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 4032 SCTP_STAT_INCR(sctps_sendswcrc); 4033 } else { 4034 SCTP_STAT_INCR(sctps_sendnocrc); 4035 } 4036 #endif 4037 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) { 4038 udp->uh_sum = 0xffff; 4039 } 4040 } else { 4041 #if defined(SCTP_WITH_NO_CSUM) 4042 SCTP_STAT_INCR(sctps_sendnocrc); 4043 #else 4044 m->m_pkthdr.csum_flags = CSUM_SCTP; 4045 m->m_pkthdr.csum_data = 0; 4046 SCTP_STAT_INCR(sctps_sendhwcrc); 4047 #endif 4048 } 4049 /* send it out. table id is taken from stcb */ 4050 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4051 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4052 so = SCTP_INP_SO(inp); 4053 SCTP_SOCKET_UNLOCK(so, 0); 4054 } 4055 #endif 4056 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id); 4057 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4058 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4059 atomic_add_int(&stcb->asoc.refcnt, 1); 4060 SCTP_TCB_UNLOCK(stcb); 4061 SCTP_SOCKET_LOCK(so, 0); 4062 SCTP_TCB_LOCK(stcb); 4063 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4064 } 4065 #endif 4066 if (net) { 4067 /* for link local this must be done */ 4068 sin6->sin6_scope_id = prev_scope; 4069 sin6->sin6_port = prev_port; 4070 } 4071 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret); 4072 SCTP_STAT_INCR(sctps_sendpackets); 4073 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4074 if (ret) { 4075 SCTP_STAT_INCR(sctps_senderrors); 4076 } 4077 if (net == NULL) { 4078 /* Now if we had a temp route free it */ 4079 if (ro->ro_rt) { 4080 RTFREE(ro->ro_rt); 4081 } 4082 } else { 4083 /* PMTU check versus smallest asoc MTU goes here */ 4084 if (ro->ro_rt == NULL) { 4085 /* Route was freed */ 4086 if (net->ro._s_addr && 4087 net->src_addr_selected) { 4088 sctp_free_ifa(net->ro._s_addr); 4089 net->ro._s_addr = NULL; 4090 } 4091 net->src_addr_selected = 0; 4092 } 4093 if ((ro->ro_rt != NULL) && 4094 (net->ro._s_addr)) { 4095 uint32_t mtu; 4096 4097 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4098 if (mtu && 4099 (stcb->asoc.smallest_mtu > mtu)) { 4100 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4101 net->mtu = mtu; 4102 if (net->port) { 4103 net->mtu -= sizeof(struct udphdr); 4104 } 4105 } 4106 } else if (ifp) { 4107 if (ND_IFINFO(ifp)->linkmtu && 4108 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 4109 sctp_mtu_size_reset(inp, 4110 &stcb->asoc, 4111 ND_IFINFO(ifp)->linkmtu); 4112 } 4113 } 4114 } 4115 return (ret); 4116 } 4117 #endif 4118 else { 4119 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 4120 ((struct sockaddr *)to)->sa_family); 4121 sctp_m_freem(m); 4122 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 4123 return (EFAULT); 4124 } 4125 } 4126 4127 4128 void 4129 sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked 4130 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4131 SCTP_UNUSED 4132 #endif 4133 ) 4134 { 4135 struct mbuf *m, *m_at, *mp_last; 4136 struct sctp_nets *net; 4137 struct sctp_init_chunk *init; 4138 struct sctp_supported_addr_param *sup_addr; 4139 struct sctp_adaptation_layer_indication *ali; 4140 struct sctp_ecn_supported_param *ecn; 4141 struct sctp_prsctp_supported_param *prsctp; 4142 struct sctp_supported_chunk_types_param *pr_supported; 4143 int cnt_inits_to = 0; 4144 int padval, ret; 4145 int num_ext; 4146 int p_len; 4147 4148 /* INIT's always go to the primary (and usually ONLY address) */ 4149 mp_last = NULL; 4150 net = stcb->asoc.primary_destination; 4151 if (net == NULL) { 4152 net = TAILQ_FIRST(&stcb->asoc.nets); 4153 if (net == NULL) { 4154 /* TSNH */ 4155 return; 4156 } 4157 /* we confirm any address we send an INIT to */ 4158 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4159 (void)sctp_set_primary_addr(stcb, NULL, net); 4160 } else { 4161 /* we confirm any address we send an INIT to */ 4162 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4163 } 4164 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n"); 4165 #ifdef INET6 4166 if (((struct sockaddr *)&(net->ro._l_addr))->sa_family == AF_INET6) { 4167 /* 4168 * special hook, if we are sending to link local it will not 4169 * show up in our private address count. 4170 */ 4171 struct sockaddr_in6 *sin6l; 4172 4173 sin6l = &net->ro._l_addr.sin6; 4174 if (IN6_IS_ADDR_LINKLOCAL(&sin6l->sin6_addr)) 4175 cnt_inits_to = 1; 4176 } 4177 #endif 4178 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 4179 /* This case should not happen */ 4180 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n"); 4181 return; 4182 } 4183 /* start the INIT timer */ 4184 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 4185 4186 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA); 4187 if (m == NULL) { 4188 /* No memory, INIT timer will re-attempt. */ 4189 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n"); 4190 return; 4191 } 4192 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); 4193 /* 4194 * assume peer supports asconf in order to be able to queue local 4195 * address changes while an INIT is in flight and before the assoc 4196 * is established. 4197 */ 4198 stcb->asoc.peer_supports_asconf = 1; 4199 /* Now lets put the SCTP header in place */ 4200 init = mtod(m, struct sctp_init_chunk *); 4201 /* now the chunk header */ 4202 init->ch.chunk_type = SCTP_INITIATION; 4203 init->ch.chunk_flags = 0; 4204 /* fill in later from mbuf we build */ 4205 init->ch.chunk_length = 0; 4206 /* place in my tag */ 4207 init->init.initiate_tag = htonl(stcb->asoc.my_vtag); 4208 /* set up some of the credits. */ 4209 init->init.a_rwnd = htonl(max(inp->sctp_socket ? SCTP_SB_LIMIT_RCV(inp->sctp_socket) : 0, 4210 SCTP_MINIMAL_RWND)); 4211 4212 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 4213 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 4214 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number); 4215 /* now the address restriction */ 4216 sup_addr = (struct sctp_supported_addr_param *)((caddr_t)init + 4217 sizeof(*init)); 4218 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 4219 #ifdef INET6 4220 /* we support 2 types: IPv6/IPv4 */ 4221 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint16_t)); 4222 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 4223 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS); 4224 #else 4225 /* we support 1 type: IPv4 */ 4226 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint8_t)); 4227 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 4228 sup_addr->addr_type[1] = htons(0); /* this is the padding */ 4229 #endif 4230 SCTP_BUF_LEN(m) += sizeof(*sup_addr) + sizeof(uint16_t); 4231 /* adaptation layer indication parameter */ 4232 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t)); 4233 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 4234 ali->ph.param_length = htons(sizeof(*ali)); 4235 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 4236 SCTP_BUF_LEN(m) += sizeof(*ali); 4237 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali)); 4238 4239 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) { 4240 /* Add NAT friendly parameter */ 4241 struct sctp_paramhdr *ph; 4242 4243 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4244 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 4245 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 4246 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr); 4247 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ph + sizeof(*ph)); 4248 } 4249 /* now any cookie time extensions */ 4250 if (stcb->asoc.cookie_preserve_req) { 4251 struct sctp_cookie_perserve_param *cookie_preserve; 4252 4253 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn); 4254 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 4255 cookie_preserve->ph.param_length = htons( 4256 sizeof(*cookie_preserve)); 4257 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 4258 SCTP_BUF_LEN(m) += sizeof(*cookie_preserve); 4259 ecn = (struct sctp_ecn_supported_param *)( 4260 (caddr_t)cookie_preserve + sizeof(*cookie_preserve)); 4261 stcb->asoc.cookie_preserve_req = 0; 4262 } 4263 /* ECN parameter */ 4264 if (stcb->asoc.ecn_allowed == 1) { 4265 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 4266 ecn->ph.param_length = htons(sizeof(*ecn)); 4267 SCTP_BUF_LEN(m) += sizeof(*ecn); 4268 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 4269 sizeof(*ecn)); 4270 } else { 4271 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 4272 } 4273 /* And now tell the peer we do pr-sctp */ 4274 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 4275 prsctp->ph.param_length = htons(sizeof(*prsctp)); 4276 SCTP_BUF_LEN(m) += sizeof(*prsctp); 4277 4278 /* And now tell the peer we do all the extensions */ 4279 pr_supported = (struct sctp_supported_chunk_types_param *) 4280 ((caddr_t)prsctp + sizeof(*prsctp)); 4281 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 4282 num_ext = 0; 4283 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 4284 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 4285 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 4286 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 4287 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 4288 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 4289 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 4290 } 4291 if (stcb->asoc.sctp_nr_sack_on_off == 1) { 4292 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 4293 } 4294 p_len = sizeof(*pr_supported) + num_ext; 4295 pr_supported->ph.param_length = htons(p_len); 4296 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 4297 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4298 4299 4300 /* add authentication parameters */ 4301 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 4302 struct sctp_auth_random *randp; 4303 struct sctp_auth_hmac_algo *hmacs; 4304 struct sctp_auth_chunk_list *chunks; 4305 4306 /* attach RANDOM parameter, if available */ 4307 if (stcb->asoc.authinfo.random != NULL) { 4308 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4309 p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len; 4310 /* random key already contains the header */ 4311 bcopy(stcb->asoc.authinfo.random->key, randp, p_len); 4312 /* zero out any padding required */ 4313 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); 4314 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4315 } 4316 /* add HMAC_ALGO parameter */ 4317 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4318 p_len = sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 4319 (uint8_t *) hmacs->hmac_ids); 4320 if (p_len > 0) { 4321 p_len += sizeof(*hmacs); 4322 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 4323 hmacs->ph.param_length = htons(p_len); 4324 /* zero out any padding required */ 4325 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 4326 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4327 } 4328 /* add CHUNKS parameter */ 4329 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4330 p_len = sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, 4331 chunks->chunk_types); 4332 if (p_len > 0) { 4333 p_len += sizeof(*chunks); 4334 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 4335 chunks->ph.param_length = htons(p_len); 4336 /* zero out any padding required */ 4337 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 4338 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4339 } 4340 } 4341 m_at = m; 4342 /* now the addresses */ 4343 { 4344 struct sctp_scoping scp; 4345 4346 /* 4347 * To optimize this we could put the scoping stuff into a 4348 * structure and remove the individual uint8's from the 4349 * assoc structure. Then we could just sifa in the address 4350 * within the stcb.. but for now this is a quick hack to get 4351 * the address stuff teased apart. 4352 */ 4353 scp.ipv4_addr_legal = stcb->asoc.ipv4_addr_legal; 4354 scp.ipv6_addr_legal = stcb->asoc.ipv6_addr_legal; 4355 scp.loopback_scope = stcb->asoc.loopback_scope; 4356 scp.ipv4_local_scope = stcb->asoc.ipv4_local_scope; 4357 scp.local_scope = stcb->asoc.local_scope; 4358 scp.site_scope = stcb->asoc.site_scope; 4359 4360 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 4361 } 4362 4363 /* calulate the size and update pkt header and chunk header */ 4364 p_len = 0; 4365 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 4366 if (SCTP_BUF_NEXT(m_at) == NULL) 4367 mp_last = m_at; 4368 p_len += SCTP_BUF_LEN(m_at); 4369 } 4370 init->ch.chunk_length = htons(p_len); 4371 /* 4372 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 4373 * here since the timer will drive a retranmission. 4374 */ 4375 4376 /* I don't expect this to execute but we will be safe here */ 4377 padval = p_len % 4; 4378 if ((padval) && (mp_last)) { 4379 /* 4380 * The compiler worries that mp_last may not be set even 4381 * though I think it is impossible :-> however we add 4382 * mp_last here just in case. 4383 */ 4384 ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); 4385 if (ret) { 4386 /* Houston we have a problem, no space */ 4387 sctp_m_freem(m); 4388 return; 4389 } 4390 p_len += padval; 4391 } 4392 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n"); 4393 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 4394 (struct sockaddr *)&net->ro._l_addr, 4395 m, 0, NULL, 0, 0, 0, NULL, 0, 4396 inp->sctp_lport, stcb->rport, htonl(0), 4397 net->port, so_locked, NULL, NULL); 4398 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret); 4399 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 4400 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 4401 } 4402 4403 struct mbuf * 4404 sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 4405 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly) 4406 { 4407 /* 4408 * Given a mbuf containing an INIT or INIT-ACK with the param_offset 4409 * being equal to the beginning of the params i.e. (iphlen + 4410 * sizeof(struct sctp_init_msg) parse through the parameters to the 4411 * end of the mbuf verifying that all parameters are known. 4412 * 4413 * For unknown parameters build and return a mbuf with 4414 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop 4415 * processing this chunk stop, and set *abort_processing to 1. 4416 * 4417 * By having param_offset be pre-set to where parameters begin it is 4418 * hoped that this routine may be reused in the future by new 4419 * features. 4420 */ 4421 struct sctp_paramhdr *phdr, params; 4422 4423 struct mbuf *mat, *op_err; 4424 char tempbuf[SCTP_PARAM_BUFFER_SIZE]; 4425 int at, limit, pad_needed; 4426 uint16_t ptype, plen, padded_size; 4427 int err_at; 4428 4429 *abort_processing = 0; 4430 mat = in_initpkt; 4431 err_at = 0; 4432 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 4433 at = param_offset; 4434 op_err = NULL; 4435 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n"); 4436 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4437 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 4438 ptype = ntohs(phdr->param_type); 4439 plen = ntohs(phdr->param_length); 4440 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) { 4441 /* wacked parameter */ 4442 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen); 4443 goto invalid_size; 4444 } 4445 limit -= SCTP_SIZE32(plen); 4446 /*- 4447 * All parameters for all chunks that we know/understand are 4448 * listed here. We process them other places and make 4449 * appropriate stop actions per the upper bits. However this 4450 * is the generic routine processor's can call to get back 4451 * an operr.. to either incorporate (init-ack) or send. 4452 */ 4453 padded_size = SCTP_SIZE32(plen); 4454 switch (ptype) { 4455 /* Param's with variable size */ 4456 case SCTP_HEARTBEAT_INFO: 4457 case SCTP_STATE_COOKIE: 4458 case SCTP_UNRECOG_PARAM: 4459 case SCTP_ERROR_CAUSE_IND: 4460 /* ok skip fwd */ 4461 at += padded_size; 4462 break; 4463 /* Param's with variable size within a range */ 4464 case SCTP_CHUNK_LIST: 4465 case SCTP_SUPPORTED_CHUNK_EXT: 4466 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) { 4467 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen); 4468 goto invalid_size; 4469 } 4470 at += padded_size; 4471 break; 4472 case SCTP_SUPPORTED_ADDRTYPE: 4473 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) { 4474 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen); 4475 goto invalid_size; 4476 } 4477 at += padded_size; 4478 break; 4479 case SCTP_RANDOM: 4480 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) { 4481 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen); 4482 goto invalid_size; 4483 } 4484 at += padded_size; 4485 break; 4486 case SCTP_SET_PRIM_ADDR: 4487 case SCTP_DEL_IP_ADDRESS: 4488 case SCTP_ADD_IP_ADDRESS: 4489 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) && 4490 (padded_size != sizeof(struct sctp_asconf_addr_param))) { 4491 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen); 4492 goto invalid_size; 4493 } 4494 at += padded_size; 4495 break; 4496 /* Param's with a fixed size */ 4497 case SCTP_IPV4_ADDRESS: 4498 if (padded_size != sizeof(struct sctp_ipv4addr_param)) { 4499 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen); 4500 goto invalid_size; 4501 } 4502 at += padded_size; 4503 break; 4504 case SCTP_IPV6_ADDRESS: 4505 if (padded_size != sizeof(struct sctp_ipv6addr_param)) { 4506 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen); 4507 goto invalid_size; 4508 } 4509 at += padded_size; 4510 break; 4511 case SCTP_COOKIE_PRESERVE: 4512 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) { 4513 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen); 4514 goto invalid_size; 4515 } 4516 at += padded_size; 4517 break; 4518 case SCTP_HAS_NAT_SUPPORT: 4519 *nat_friendly = 1; 4520 /* fall through */ 4521 case SCTP_PRSCTP_SUPPORTED: 4522 4523 if (padded_size != sizeof(struct sctp_paramhdr)) { 4524 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error prsctp/nat support %d\n", plen); 4525 goto invalid_size; 4526 } 4527 at += padded_size; 4528 break; 4529 case SCTP_ECN_CAPABLE: 4530 if (padded_size != sizeof(struct sctp_ecn_supported_param)) { 4531 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen); 4532 goto invalid_size; 4533 } 4534 at += padded_size; 4535 break; 4536 case SCTP_ULP_ADAPTATION: 4537 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) { 4538 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen); 4539 goto invalid_size; 4540 } 4541 at += padded_size; 4542 break; 4543 case SCTP_SUCCESS_REPORT: 4544 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) { 4545 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen); 4546 goto invalid_size; 4547 } 4548 at += padded_size; 4549 break; 4550 case SCTP_HOSTNAME_ADDRESS: 4551 { 4552 /* We can NOT handle HOST NAME addresses!! */ 4553 int l_len; 4554 4555 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n"); 4556 *abort_processing = 1; 4557 if (op_err == NULL) { 4558 /* Ok need to try to get a mbuf */ 4559 #ifdef INET6 4560 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4561 #else 4562 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4563 #endif 4564 l_len += plen; 4565 l_len += sizeof(struct sctp_paramhdr); 4566 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4567 if (op_err) { 4568 SCTP_BUF_LEN(op_err) = 0; 4569 /* 4570 * pre-reserve space for ip 4571 * and sctp header and 4572 * chunk hdr 4573 */ 4574 #ifdef INET6 4575 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4576 #else 4577 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4578 #endif 4579 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4580 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4581 } 4582 } 4583 if (op_err) { 4584 /* If we have space */ 4585 struct sctp_paramhdr s; 4586 4587 if (err_at % 4) { 4588 uint32_t cpthis = 0; 4589 4590 pad_needed = 4 - (err_at % 4); 4591 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4592 err_at += pad_needed; 4593 } 4594 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); 4595 s.param_length = htons(sizeof(s) + plen); 4596 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4597 err_at += sizeof(s); 4598 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 4599 if (phdr == NULL) { 4600 sctp_m_freem(op_err); 4601 /* 4602 * we are out of memory but 4603 * we still need to have a 4604 * look at what to do (the 4605 * system is in trouble 4606 * though). 4607 */ 4608 return (NULL); 4609 } 4610 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4611 err_at += plen; 4612 } 4613 return (op_err); 4614 break; 4615 } 4616 default: 4617 /* 4618 * we do not recognize the parameter figure out what 4619 * we do. 4620 */ 4621 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype); 4622 if ((ptype & 0x4000) == 0x4000) { 4623 /* Report bit is set?? */ 4624 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n"); 4625 if (op_err == NULL) { 4626 int l_len; 4627 4628 /* Ok need to try to get an mbuf */ 4629 #ifdef INET6 4630 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4631 #else 4632 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4633 #endif 4634 l_len += plen; 4635 l_len += sizeof(struct sctp_paramhdr); 4636 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4637 if (op_err) { 4638 SCTP_BUF_LEN(op_err) = 0; 4639 #ifdef INET6 4640 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4641 #else 4642 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4643 #endif 4644 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4645 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4646 } 4647 } 4648 if (op_err) { 4649 /* If we have space */ 4650 struct sctp_paramhdr s; 4651 4652 if (err_at % 4) { 4653 uint32_t cpthis = 0; 4654 4655 pad_needed = 4 - (err_at % 4); 4656 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4657 err_at += pad_needed; 4658 } 4659 s.param_type = htons(SCTP_UNRECOG_PARAM); 4660 s.param_length = htons(sizeof(s) + plen); 4661 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4662 err_at += sizeof(s); 4663 if (plen > sizeof(tempbuf)) { 4664 plen = sizeof(tempbuf); 4665 } 4666 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 4667 if (phdr == NULL) { 4668 sctp_m_freem(op_err); 4669 /* 4670 * we are out of memory but 4671 * we still need to have a 4672 * look at what to do (the 4673 * system is in trouble 4674 * though). 4675 */ 4676 op_err = NULL; 4677 goto more_processing; 4678 } 4679 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4680 err_at += plen; 4681 } 4682 } 4683 more_processing: 4684 if ((ptype & 0x8000) == 0x0000) { 4685 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n"); 4686 return (op_err); 4687 } else { 4688 /* skip this chunk and continue processing */ 4689 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n"); 4690 at += SCTP_SIZE32(plen); 4691 } 4692 break; 4693 4694 } 4695 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4696 } 4697 return (op_err); 4698 invalid_size: 4699 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n"); 4700 *abort_processing = 1; 4701 if ((op_err == NULL) && phdr) { 4702 int l_len; 4703 4704 #ifdef INET6 4705 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4706 #else 4707 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4708 #endif 4709 l_len += (2 * sizeof(struct sctp_paramhdr)); 4710 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4711 if (op_err) { 4712 SCTP_BUF_LEN(op_err) = 0; 4713 #ifdef INET6 4714 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4715 #else 4716 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4717 #endif 4718 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4719 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4720 } 4721 } 4722 if ((op_err) && phdr) { 4723 struct sctp_paramhdr s; 4724 4725 if (err_at % 4) { 4726 uint32_t cpthis = 0; 4727 4728 pad_needed = 4 - (err_at % 4); 4729 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4730 err_at += pad_needed; 4731 } 4732 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION); 4733 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr)); 4734 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4735 err_at += sizeof(s); 4736 /* Only copy back the p-hdr that caused the issue */ 4737 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr); 4738 } 4739 return (op_err); 4740 } 4741 4742 static int 4743 sctp_are_there_new_addresses(struct sctp_association *asoc, 4744 struct mbuf *in_initpkt, int iphlen, int offset) 4745 { 4746 /* 4747 * Given a INIT packet, look through the packet to verify that there 4748 * are NO new addresses. As we go through the parameters add reports 4749 * of any un-understood parameters that require an error. Also we 4750 * must return (1) to drop the packet if we see a un-understood 4751 * parameter that tells us to drop the chunk. 4752 */ 4753 struct sockaddr_in sin4, *sa4; 4754 4755 #ifdef INET6 4756 struct sockaddr_in6 sin6, *sa6; 4757 4758 #endif 4759 struct sockaddr *sa_touse; 4760 struct sockaddr *sa; 4761 struct sctp_paramhdr *phdr, params; 4762 struct ip *iph; 4763 4764 #ifdef INET6 4765 struct ip6_hdr *ip6h; 4766 4767 #endif 4768 struct mbuf *mat; 4769 uint16_t ptype, plen; 4770 int err_at; 4771 uint8_t fnd; 4772 struct sctp_nets *net; 4773 4774 memset(&sin4, 0, sizeof(sin4)); 4775 #ifdef INET6 4776 memset(&sin6, 0, sizeof(sin6)); 4777 #endif 4778 sin4.sin_family = AF_INET; 4779 sin4.sin_len = sizeof(sin4); 4780 #ifdef INET6 4781 sin6.sin6_family = AF_INET6; 4782 sin6.sin6_len = sizeof(sin6); 4783 #endif 4784 sa_touse = NULL; 4785 /* First what about the src address of the pkt ? */ 4786 iph = mtod(in_initpkt, struct ip *); 4787 switch (iph->ip_v) { 4788 case IPVERSION: 4789 /* source addr is IPv4 */ 4790 sin4.sin_addr = iph->ip_src; 4791 sa_touse = (struct sockaddr *)&sin4; 4792 break; 4793 #ifdef INET6 4794 case IPV6_VERSION >> 4: 4795 /* source addr is IPv6 */ 4796 ip6h = mtod(in_initpkt, struct ip6_hdr *); 4797 sin6.sin6_addr = ip6h->ip6_src; 4798 sa_touse = (struct sockaddr *)&sin6; 4799 break; 4800 #endif 4801 default: 4802 return (1); 4803 } 4804 4805 fnd = 0; 4806 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4807 sa = (struct sockaddr *)&net->ro._l_addr; 4808 if (sa->sa_family == sa_touse->sa_family) { 4809 if (sa->sa_family == AF_INET) { 4810 sa4 = (struct sockaddr_in *)sa; 4811 if (sa4->sin_addr.s_addr == 4812 sin4.sin_addr.s_addr) { 4813 fnd = 1; 4814 break; 4815 } 4816 } 4817 #ifdef INET6 4818 if (sa->sa_family == AF_INET6) { 4819 sa6 = (struct sockaddr_in6 *)sa; 4820 if (SCTP6_ARE_ADDR_EQUAL(sa6, 4821 &sin6)) { 4822 fnd = 1; 4823 break; 4824 } 4825 } 4826 #endif 4827 } 4828 } 4829 if (fnd == 0) { 4830 /* New address added! no need to look futher. */ 4831 return (1); 4832 } 4833 /* Ok so far lets munge through the rest of the packet */ 4834 mat = in_initpkt; 4835 err_at = 0; 4836 sa_touse = NULL; 4837 offset += sizeof(struct sctp_init_chunk); 4838 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4839 while (phdr) { 4840 ptype = ntohs(phdr->param_type); 4841 plen = ntohs(phdr->param_length); 4842 if (ptype == SCTP_IPV4_ADDRESS) { 4843 struct sctp_ipv4addr_param *p4, p4_buf; 4844 4845 phdr = sctp_get_next_param(mat, offset, 4846 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 4847 if (plen != sizeof(struct sctp_ipv4addr_param) || 4848 phdr == NULL) { 4849 return (1); 4850 } 4851 p4 = (struct sctp_ipv4addr_param *)phdr; 4852 sin4.sin_addr.s_addr = p4->addr; 4853 sa_touse = (struct sockaddr *)&sin4; 4854 } else if (ptype == SCTP_IPV6_ADDRESS) { 4855 struct sctp_ipv6addr_param *p6, p6_buf; 4856 4857 phdr = sctp_get_next_param(mat, offset, 4858 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 4859 if (plen != sizeof(struct sctp_ipv6addr_param) || 4860 phdr == NULL) { 4861 return (1); 4862 } 4863 p6 = (struct sctp_ipv6addr_param *)phdr; 4864 #ifdef INET6 4865 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 4866 sizeof(p6->addr)); 4867 #endif 4868 sa_touse = (struct sockaddr *)&sin4; 4869 } 4870 if (sa_touse) { 4871 /* ok, sa_touse points to one to check */ 4872 fnd = 0; 4873 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4874 sa = (struct sockaddr *)&net->ro._l_addr; 4875 if (sa->sa_family != sa_touse->sa_family) { 4876 continue; 4877 } 4878 if (sa->sa_family == AF_INET) { 4879 sa4 = (struct sockaddr_in *)sa; 4880 if (sa4->sin_addr.s_addr == 4881 sin4.sin_addr.s_addr) { 4882 fnd = 1; 4883 break; 4884 } 4885 } 4886 #ifdef INET6 4887 if (sa->sa_family == AF_INET6) { 4888 sa6 = (struct sockaddr_in6 *)sa; 4889 if (SCTP6_ARE_ADDR_EQUAL( 4890 sa6, &sin6)) { 4891 fnd = 1; 4892 break; 4893 } 4894 } 4895 #endif 4896 } 4897 if (!fnd) { 4898 /* New addr added! no need to look further */ 4899 return (1); 4900 } 4901 } 4902 offset += SCTP_SIZE32(plen); 4903 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4904 } 4905 return (0); 4906 } 4907 4908 /* 4909 * Given a MBUF chain that was sent into us containing an INIT. Build a 4910 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done 4911 * a pullup to include IPv6/4header, SCTP header and initial part of INIT 4912 * message (i.e. the struct sctp_init_msg). 4913 */ 4914 void 4915 sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4916 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh, 4917 struct sctp_init_chunk *init_chk, uint32_t vrf_id, uint16_t port, int hold_inp_lock) 4918 { 4919 struct sctp_association *asoc; 4920 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *mp_last; 4921 struct sctp_init_ack_chunk *initack; 4922 struct sctp_adaptation_layer_indication *ali; 4923 struct sctp_ecn_supported_param *ecn; 4924 struct sctp_prsctp_supported_param *prsctp; 4925 struct sctp_supported_chunk_types_param *pr_supported; 4926 union sctp_sockstore store, store1, *over_addr; 4927 struct sockaddr_in *sin, *to_sin; 4928 4929 #ifdef INET6 4930 struct sockaddr_in6 *sin6, *to_sin6; 4931 4932 #endif 4933 struct ip *iph; 4934 4935 #ifdef INET6 4936 struct ip6_hdr *ip6; 4937 4938 #endif 4939 struct sockaddr *to; 4940 struct sctp_state_cookie stc; 4941 struct sctp_nets *net = NULL; 4942 uint8_t *signature = NULL; 4943 int cnt_inits_to = 0; 4944 uint16_t his_limit, i_want; 4945 int abort_flag, padval; 4946 int num_ext; 4947 int p_len; 4948 int nat_friendly = 0; 4949 struct socket *so; 4950 4951 if (stcb) 4952 asoc = &stcb->asoc; 4953 else 4954 asoc = NULL; 4955 mp_last = NULL; 4956 if ((asoc != NULL) && 4957 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 4958 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) { 4959 /* new addresses, out of here in non-cookie-wait states */ 4960 /* 4961 * Send a ABORT, we don't add the new address error clause 4962 * though we even set the T bit and copy in the 0 tag.. this 4963 * looks no different than if no listener was present. 4964 */ 4965 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL, vrf_id, port); 4966 return; 4967 } 4968 abort_flag = 0; 4969 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 4970 (offset + sizeof(struct sctp_init_chunk)), 4971 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly); 4972 if (abort_flag) { 4973 do_a_abort: 4974 sctp_send_abort(init_pkt, iphlen, sh, 4975 init_chk->init.initiate_tag, op_err, vrf_id, port); 4976 return; 4977 } 4978 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 4979 if (m == NULL) { 4980 /* No memory, INIT timer will re-attempt. */ 4981 if (op_err) 4982 sctp_m_freem(op_err); 4983 return; 4984 } 4985 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); 4986 4987 /* the time I built cookie */ 4988 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); 4989 4990 /* populate any tie tags */ 4991 if (asoc != NULL) { 4992 /* unlock before tag selections */ 4993 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 4994 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 4995 stc.cookie_life = asoc->cookie_life; 4996 net = asoc->primary_destination; 4997 } else { 4998 stc.tie_tag_my_vtag = 0; 4999 stc.tie_tag_peer_vtag = 0; 5000 /* life I will award this cookie */ 5001 stc.cookie_life = inp->sctp_ep.def_cookie_life; 5002 } 5003 5004 /* copy in the ports for later check */ 5005 stc.myport = sh->dest_port; 5006 stc.peerport = sh->src_port; 5007 5008 /* 5009 * If we wanted to honor cookie life extentions, we would add to 5010 * stc.cookie_life. For now we should NOT honor any extension 5011 */ 5012 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 5013 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5014 struct inpcb *in_inp; 5015 5016 /* Its a V6 socket */ 5017 in_inp = (struct inpcb *)inp; 5018 stc.ipv6_addr_legal = 1; 5019 /* Now look at the binding flag to see if V4 will be legal */ 5020 if (SCTP_IPV6_V6ONLY(in_inp) == 0) { 5021 stc.ipv4_addr_legal = 1; 5022 } else { 5023 /* V4 addresses are NOT legal on the association */ 5024 stc.ipv4_addr_legal = 0; 5025 } 5026 } else { 5027 /* Its a V4 socket, no - V6 */ 5028 stc.ipv4_addr_legal = 1; 5029 stc.ipv6_addr_legal = 0; 5030 } 5031 5032 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 5033 stc.ipv4_scope = 1; 5034 #else 5035 stc.ipv4_scope = 0; 5036 #endif 5037 /* now for scope setup */ 5038 memset((caddr_t)&store, 0, sizeof(store)); 5039 memset((caddr_t)&store1, 0, sizeof(store1)); 5040 sin = &store.sin; 5041 to_sin = &store1.sin; 5042 #ifdef INET6 5043 sin6 = &store.sin6; 5044 to_sin6 = &store1.sin6; 5045 #endif 5046 iph = mtod(init_pkt, struct ip *); 5047 /* establish the to_addr's */ 5048 switch (iph->ip_v) { 5049 case IPVERSION: 5050 to_sin->sin_port = sh->dest_port; 5051 to_sin->sin_family = AF_INET; 5052 to_sin->sin_len = sizeof(struct sockaddr_in); 5053 to_sin->sin_addr = iph->ip_dst; 5054 break; 5055 #ifdef INET6 5056 case IPV6_VERSION >> 4: 5057 ip6 = mtod(init_pkt, struct ip6_hdr *); 5058 to_sin6->sin6_addr = ip6->ip6_dst; 5059 to_sin6->sin6_scope_id = 0; 5060 to_sin6->sin6_port = sh->dest_port; 5061 to_sin6->sin6_family = AF_INET6; 5062 to_sin6->sin6_len = sizeof(struct sockaddr_in6); 5063 break; 5064 #endif 5065 default: 5066 goto do_a_abort; 5067 break; 5068 }; 5069 5070 if (net == NULL) { 5071 to = (struct sockaddr *)&store; 5072 switch (iph->ip_v) { 5073 case IPVERSION: 5074 { 5075 sin->sin_family = AF_INET; 5076 sin->sin_len = sizeof(struct sockaddr_in); 5077 sin->sin_port = sh->src_port; 5078 sin->sin_addr = iph->ip_src; 5079 /* lookup address */ 5080 stc.address[0] = sin->sin_addr.s_addr; 5081 stc.address[1] = 0; 5082 stc.address[2] = 0; 5083 stc.address[3] = 0; 5084 stc.addr_type = SCTP_IPV4_ADDRESS; 5085 /* local from address */ 5086 stc.laddress[0] = to_sin->sin_addr.s_addr; 5087 stc.laddress[1] = 0; 5088 stc.laddress[2] = 0; 5089 stc.laddress[3] = 0; 5090 stc.laddr_type = SCTP_IPV4_ADDRESS; 5091 /* scope_id is only for v6 */ 5092 stc.scope_id = 0; 5093 #ifndef SCTP_DONT_DO_PRIVADDR_SCOPE 5094 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 5095 stc.ipv4_scope = 1; 5096 } 5097 #else 5098 stc.ipv4_scope = 1; 5099 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 5100 /* Must use the address in this case */ 5101 if (sctp_is_address_on_local_host((struct sockaddr *)sin, vrf_id)) { 5102 stc.loopback_scope = 1; 5103 stc.ipv4_scope = 1; 5104 stc.site_scope = 1; 5105 stc.local_scope = 0; 5106 } 5107 break; 5108 } 5109 #ifdef INET6 5110 case IPV6_VERSION >> 4: 5111 { 5112 ip6 = mtod(init_pkt, struct ip6_hdr *); 5113 sin6->sin6_family = AF_INET6; 5114 sin6->sin6_len = sizeof(struct sockaddr_in6); 5115 sin6->sin6_port = sh->src_port; 5116 sin6->sin6_addr = ip6->ip6_src; 5117 /* lookup address */ 5118 memcpy(&stc.address, &sin6->sin6_addr, 5119 sizeof(struct in6_addr)); 5120 sin6->sin6_scope_id = 0; 5121 stc.addr_type = SCTP_IPV6_ADDRESS; 5122 stc.scope_id = 0; 5123 if (sctp_is_address_on_local_host((struct sockaddr *)sin6, vrf_id)) { 5124 /* 5125 * FIX ME: does this have scope from 5126 * rcvif? 5127 */ 5128 (void)sa6_recoverscope(sin6); 5129 stc.scope_id = sin6->sin6_scope_id; 5130 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 5131 stc.loopback_scope = 1; 5132 stc.local_scope = 0; 5133 stc.site_scope = 1; 5134 stc.ipv4_scope = 1; 5135 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5136 /* 5137 * If the new destination is a 5138 * LINK_LOCAL we must have common 5139 * both site and local scope. Don't 5140 * set local scope though since we 5141 * must depend on the source to be 5142 * added implicitly. We cannot 5143 * assure just because we share one 5144 * link that all links are common. 5145 */ 5146 stc.local_scope = 0; 5147 stc.site_scope = 1; 5148 stc.ipv4_scope = 1; 5149 /* 5150 * we start counting for the private 5151 * address stuff at 1. since the 5152 * link local we source from won't 5153 * show up in our scoped count. 5154 */ 5155 cnt_inits_to = 1; 5156 /* 5157 * pull out the scope_id from 5158 * incoming pkt 5159 */ 5160 /* 5161 * FIX ME: does this have scope from 5162 * rcvif? 5163 */ 5164 (void)sa6_recoverscope(sin6); 5165 stc.scope_id = sin6->sin6_scope_id; 5166 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 5167 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 5168 /* 5169 * If the new destination is 5170 * SITE_LOCAL then we must have site 5171 * scope in common. 5172 */ 5173 stc.site_scope = 1; 5174 } 5175 memcpy(&stc.laddress, &to_sin6->sin6_addr, sizeof(struct in6_addr)); 5176 stc.laddr_type = SCTP_IPV6_ADDRESS; 5177 break; 5178 } 5179 #endif 5180 default: 5181 /* TSNH */ 5182 goto do_a_abort; 5183 break; 5184 } 5185 } else { 5186 /* set the scope per the existing tcb */ 5187 5188 #ifdef INET6 5189 struct sctp_nets *lnet; 5190 5191 #endif 5192 5193 stc.loopback_scope = asoc->loopback_scope; 5194 stc.ipv4_scope = asoc->ipv4_local_scope; 5195 stc.site_scope = asoc->site_scope; 5196 stc.local_scope = asoc->local_scope; 5197 #ifdef INET6 5198 /* Why do we not consider IPv4 LL addresses? */ 5199 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 5200 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) { 5201 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) { 5202 /* 5203 * if we have a LL address, start 5204 * counting at 1. 5205 */ 5206 cnt_inits_to = 1; 5207 } 5208 } 5209 } 5210 #endif 5211 /* use the net pointer */ 5212 to = (struct sockaddr *)&net->ro._l_addr; 5213 switch (to->sa_family) { 5214 case AF_INET: 5215 sin = (struct sockaddr_in *)to; 5216 stc.address[0] = sin->sin_addr.s_addr; 5217 stc.address[1] = 0; 5218 stc.address[2] = 0; 5219 stc.address[3] = 0; 5220 stc.addr_type = SCTP_IPV4_ADDRESS; 5221 if (net->src_addr_selected == 0) { 5222 /* 5223 * strange case here, the INIT should have 5224 * did the selection. 5225 */ 5226 net->ro._s_addr = sctp_source_address_selection(inp, 5227 stcb, (sctp_route_t *) & net->ro, 5228 net, 0, vrf_id); 5229 if (net->ro._s_addr == NULL) 5230 return; 5231 5232 net->src_addr_selected = 1; 5233 5234 } 5235 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr; 5236 stc.laddress[1] = 0; 5237 stc.laddress[2] = 0; 5238 stc.laddress[3] = 0; 5239 stc.laddr_type = SCTP_IPV4_ADDRESS; 5240 break; 5241 #ifdef INET6 5242 case AF_INET6: 5243 sin6 = (struct sockaddr_in6 *)to; 5244 memcpy(&stc.address, &sin6->sin6_addr, 5245 sizeof(struct in6_addr)); 5246 stc.addr_type = SCTP_IPV6_ADDRESS; 5247 if (net->src_addr_selected == 0) { 5248 /* 5249 * strange case here, the INIT should have 5250 * did the selection. 5251 */ 5252 net->ro._s_addr = sctp_source_address_selection(inp, 5253 stcb, (sctp_route_t *) & net->ro, 5254 net, 0, vrf_id); 5255 if (net->ro._s_addr == NULL) 5256 return; 5257 5258 net->src_addr_selected = 1; 5259 } 5260 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr, 5261 sizeof(struct in6_addr)); 5262 stc.laddr_type = SCTP_IPV6_ADDRESS; 5263 break; 5264 #endif 5265 } 5266 } 5267 /* Now lets put the SCTP header in place */ 5268 initack = mtod(m, struct sctp_init_ack_chunk *); 5269 /* Save it off for quick ref */ 5270 stc.peers_vtag = init_chk->init.initiate_tag; 5271 /* who are we */ 5272 memcpy(stc.identification, SCTP_VERSION_STRING, 5273 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 5274 /* now the chunk header */ 5275 initack->ch.chunk_type = SCTP_INITIATION_ACK; 5276 initack->ch.chunk_flags = 0; 5277 /* fill in later from mbuf we build */ 5278 initack->ch.chunk_length = 0; 5279 /* place in my tag */ 5280 if ((asoc != NULL) && 5281 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 5282 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) || 5283 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 5284 /* re-use the v-tags and init-seq here */ 5285 initack->init.initiate_tag = htonl(asoc->my_vtag); 5286 initack->init.initial_tsn = htonl(asoc->init_seq_number); 5287 } else { 5288 uint32_t vtag, itsn; 5289 5290 if (hold_inp_lock) { 5291 SCTP_INP_INCR_REF(inp); 5292 SCTP_INP_RUNLOCK(inp); 5293 } 5294 if (asoc) { 5295 atomic_add_int(&asoc->refcnt, 1); 5296 SCTP_TCB_UNLOCK(stcb); 5297 new_tag: 5298 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5299 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) { 5300 /* 5301 * Got a duplicate vtag on some guy behind a 5302 * nat make sure we don't use it. 5303 */ 5304 goto new_tag; 5305 } 5306 initack->init.initiate_tag = htonl(vtag); 5307 /* get a TSN to use too */ 5308 itsn = sctp_select_initial_TSN(&inp->sctp_ep); 5309 initack->init.initial_tsn = htonl(itsn); 5310 SCTP_TCB_LOCK(stcb); 5311 atomic_add_int(&asoc->refcnt, -1); 5312 } else { 5313 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5314 initack->init.initiate_tag = htonl(vtag); 5315 /* get a TSN to use too */ 5316 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 5317 } 5318 if (hold_inp_lock) { 5319 SCTP_INP_RLOCK(inp); 5320 SCTP_INP_DECR_REF(inp); 5321 } 5322 } 5323 /* save away my tag to */ 5324 stc.my_vtag = initack->init.initiate_tag; 5325 5326 /* set up some of the credits. */ 5327 so = inp->sctp_socket; 5328 if (so == NULL) { 5329 /* memory problem */ 5330 sctp_m_freem(m); 5331 return; 5332 } else { 5333 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND)); 5334 } 5335 /* set what I want */ 5336 his_limit = ntohs(init_chk->init.num_inbound_streams); 5337 /* choose what I want */ 5338 if (asoc != NULL) { 5339 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) { 5340 i_want = asoc->streamoutcnt; 5341 } else { 5342 i_want = inp->sctp_ep.pre_open_stream_count; 5343 } 5344 } else { 5345 i_want = inp->sctp_ep.pre_open_stream_count; 5346 } 5347 if (his_limit < i_want) { 5348 /* I Want more :< */ 5349 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams; 5350 } else { 5351 /* I can have what I want :> */ 5352 initack->init.num_outbound_streams = htons(i_want); 5353 } 5354 /* tell him his limt. */ 5355 initack->init.num_inbound_streams = 5356 htons(inp->sctp_ep.max_open_streams_intome); 5357 5358 /* adaptation layer indication parameter */ 5359 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)initack + sizeof(*initack)); 5360 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 5361 ali->ph.param_length = htons(sizeof(*ali)); 5362 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 5363 SCTP_BUF_LEN(m) += sizeof(*ali); 5364 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali)); 5365 5366 /* ECN parameter */ 5367 if (((asoc != NULL) && (asoc->ecn_allowed == 1)) || 5368 (inp->sctp_ecn_enable == 1)) { 5369 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 5370 ecn->ph.param_length = htons(sizeof(*ecn)); 5371 SCTP_BUF_LEN(m) += sizeof(*ecn); 5372 5373 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 5374 sizeof(*ecn)); 5375 } else { 5376 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 5377 } 5378 /* And now tell the peer we do pr-sctp */ 5379 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 5380 prsctp->ph.param_length = htons(sizeof(*prsctp)); 5381 SCTP_BUF_LEN(m) += sizeof(*prsctp); 5382 if (nat_friendly) { 5383 /* Add NAT friendly parameter */ 5384 struct sctp_paramhdr *ph; 5385 5386 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5387 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 5388 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 5389 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr); 5390 } 5391 /* And now tell the peer we do all the extensions */ 5392 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5393 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 5394 num_ext = 0; 5395 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 5396 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 5397 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 5398 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 5399 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 5400 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) 5401 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 5402 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) 5403 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 5404 p_len = sizeof(*pr_supported) + num_ext; 5405 pr_supported->ph.param_length = htons(p_len); 5406 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 5407 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5408 5409 /* add authentication parameters */ 5410 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 5411 struct sctp_auth_random *randp; 5412 struct sctp_auth_hmac_algo *hmacs; 5413 struct sctp_auth_chunk_list *chunks; 5414 uint16_t random_len; 5415 5416 /* generate and add RANDOM parameter */ 5417 random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 5418 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5419 randp->ph.param_type = htons(SCTP_RANDOM); 5420 p_len = sizeof(*randp) + random_len; 5421 randp->ph.param_length = htons(p_len); 5422 SCTP_READ_RANDOM(randp->random_data, random_len); 5423 /* zero out any padding required */ 5424 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); 5425 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5426 5427 /* add HMAC_ALGO parameter */ 5428 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5429 p_len = sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs, 5430 (uint8_t *) hmacs->hmac_ids); 5431 if (p_len > 0) { 5432 p_len += sizeof(*hmacs); 5433 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 5434 hmacs->ph.param_length = htons(p_len); 5435 /* zero out any padding required */ 5436 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 5437 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5438 } 5439 /* add CHUNKS parameter */ 5440 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5441 p_len = sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks, 5442 chunks->chunk_types); 5443 if (p_len > 0) { 5444 p_len += sizeof(*chunks); 5445 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 5446 chunks->ph.param_length = htons(p_len); 5447 /* zero out any padding required */ 5448 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 5449 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5450 } 5451 } 5452 m_at = m; 5453 /* now the addresses */ 5454 { 5455 struct sctp_scoping scp; 5456 5457 /* 5458 * To optimize this we could put the scoping stuff into a 5459 * structure and remove the individual uint8's from the stc 5460 * structure. Then we could just sifa in the address within 5461 * the stc.. but for now this is a quick hack to get the 5462 * address stuff teased apart. 5463 */ 5464 scp.ipv4_addr_legal = stc.ipv4_addr_legal; 5465 scp.ipv6_addr_legal = stc.ipv6_addr_legal; 5466 scp.loopback_scope = stc.loopback_scope; 5467 scp.ipv4_local_scope = stc.ipv4_scope; 5468 scp.local_scope = stc.local_scope; 5469 scp.site_scope = stc.site_scope; 5470 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 5471 } 5472 5473 /* tack on the operational error if present */ 5474 if (op_err) { 5475 struct mbuf *ol; 5476 int llen; 5477 5478 llen = 0; 5479 ol = op_err; 5480 while (ol) { 5481 llen += SCTP_BUF_LEN(ol); 5482 ol = SCTP_BUF_NEXT(ol); 5483 } 5484 if (llen % 4) { 5485 /* must add a pad to the param */ 5486 uint32_t cpthis = 0; 5487 int padlen; 5488 5489 padlen = 4 - (llen % 4); 5490 m_copyback(op_err, llen, padlen, (caddr_t)&cpthis); 5491 } 5492 while (SCTP_BUF_NEXT(m_at) != NULL) { 5493 m_at = SCTP_BUF_NEXT(m_at); 5494 } 5495 SCTP_BUF_NEXT(m_at) = op_err; 5496 while (SCTP_BUF_NEXT(m_at) != NULL) { 5497 m_at = SCTP_BUF_NEXT(m_at); 5498 } 5499 } 5500 /* pre-calulate the size and update pkt header and chunk header */ 5501 p_len = 0; 5502 for (m_tmp = m; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5503 p_len += SCTP_BUF_LEN(m_tmp); 5504 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5505 /* m_tmp should now point to last one */ 5506 break; 5507 } 5508 } 5509 5510 /* Now we must build a cookie */ 5511 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 0, &stc, &signature); 5512 if (m_cookie == NULL) { 5513 /* memory problem */ 5514 sctp_m_freem(m); 5515 return; 5516 } 5517 /* Now append the cookie to the end and update the space/size */ 5518 SCTP_BUF_NEXT(m_tmp) = m_cookie; 5519 5520 for (m_tmp = m_cookie; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5521 p_len += SCTP_BUF_LEN(m_tmp); 5522 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5523 /* m_tmp should now point to last one */ 5524 mp_last = m_tmp; 5525 break; 5526 } 5527 } 5528 /* 5529 * Place in the size, but we don't include the last pad (if any) in 5530 * the INIT-ACK. 5531 */ 5532 initack->ch.chunk_length = htons(p_len); 5533 5534 /* 5535 * Time to sign the cookie, we don't sign over the cookie signature 5536 * though thus we set trailer. 5537 */ 5538 (void)sctp_hmac_m(SCTP_HMAC, 5539 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], 5540 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), 5541 (uint8_t *) signature, SCTP_SIGNATURE_SIZE); 5542 /* 5543 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 5544 * here since the timer will drive a retranmission. 5545 */ 5546 padval = p_len % 4; 5547 if ((padval) && (mp_last)) { 5548 /* see my previous comments on mp_last */ 5549 int ret; 5550 5551 ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); 5552 if (ret) { 5553 /* Houston we have a problem, no space */ 5554 sctp_m_freem(m); 5555 return; 5556 } 5557 p_len += padval; 5558 } 5559 if (stc.loopback_scope) { 5560 over_addr = &store1; 5561 } else { 5562 over_addr = NULL; 5563 } 5564 5565 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0, 5566 0, NULL, 0, 5567 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag, 5568 port, SCTP_SO_NOT_LOCKED, over_addr, init_pkt); 5569 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 5570 } 5571 5572 5573 static void 5574 sctp_prune_prsctp(struct sctp_tcb *stcb, 5575 struct sctp_association *asoc, 5576 struct sctp_sndrcvinfo *srcv, 5577 int dataout) 5578 { 5579 int freed_spc = 0; 5580 struct sctp_tmit_chunk *chk, *nchk; 5581 5582 SCTP_TCB_LOCK_ASSERT(stcb); 5583 if ((asoc->peer_supports_prsctp) && 5584 (asoc->sent_queue_cnt_removeable > 0)) { 5585 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 5586 /* 5587 * Look for chunks marked with the PR_SCTP flag AND 5588 * the buffer space flag. If the one being sent is 5589 * equal or greater priority then purge the old one 5590 * and free some space. 5591 */ 5592 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 5593 /* 5594 * This one is PR-SCTP AND buffer space 5595 * limited type 5596 */ 5597 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5598 /* 5599 * Lower numbers equates to higher 5600 * priority so if the one we are 5601 * looking at has a larger or equal 5602 * priority we want to drop the data 5603 * and NOT retransmit it. 5604 */ 5605 if (chk->data) { 5606 /* 5607 * We release the book_size 5608 * if the mbuf is here 5609 */ 5610 int ret_spc; 5611 int cause; 5612 5613 if (chk->sent > SCTP_DATAGRAM_UNSENT) 5614 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT; 5615 else 5616 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT; 5617 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5618 cause, 5619 SCTP_SO_LOCKED); 5620 freed_spc += ret_spc; 5621 if (freed_spc >= dataout) { 5622 return; 5623 } 5624 } /* if chunk was present */ 5625 } /* if of sufficent priority */ 5626 } /* if chunk has enabled */ 5627 } /* tailqforeach */ 5628 5629 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 5630 /* Here we must move to the sent queue and mark */ 5631 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 5632 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5633 if (chk->data) { 5634 /* 5635 * We release the book_size 5636 * if the mbuf is here 5637 */ 5638 int ret_spc; 5639 5640 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5641 SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT, 5642 SCTP_SO_LOCKED); 5643 5644 freed_spc += ret_spc; 5645 if (freed_spc >= dataout) { 5646 return; 5647 } 5648 } /* end if chk->data */ 5649 } /* end if right class */ 5650 } /* end if chk pr-sctp */ 5651 } /* tailqforeachsafe (chk) */ 5652 } /* if enabled in asoc */ 5653 } 5654 5655 int 5656 sctp_get_frag_point(struct sctp_tcb *stcb, 5657 struct sctp_association *asoc) 5658 { 5659 int siz, ovh; 5660 5661 /* 5662 * For endpoints that have both v6 and v4 addresses we must reserve 5663 * room for the ipv6 header, for those that are only dealing with V4 5664 * we use a larger frag point. 5665 */ 5666 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5667 ovh = SCTP_MED_OVERHEAD; 5668 } else { 5669 ovh = SCTP_MED_V4_OVERHEAD; 5670 } 5671 5672 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu) 5673 siz = asoc->smallest_mtu - ovh; 5674 else 5675 siz = (stcb->asoc.sctp_frag_point - ovh); 5676 /* 5677 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { 5678 */ 5679 /* A data chunk MUST fit in a cluster */ 5680 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */ 5681 /* } */ 5682 5683 /* adjust for an AUTH chunk if DATA requires auth */ 5684 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) 5685 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 5686 5687 if (siz % 4) { 5688 /* make it an even word boundary please */ 5689 siz -= (siz % 4); 5690 } 5691 return (siz); 5692 } 5693 5694 static void 5695 sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp) 5696 { 5697 sp->pr_sctp_on = 0; 5698 /* 5699 * We assume that the user wants PR_SCTP_TTL if the user provides a 5700 * positive lifetime but does not specify any PR_SCTP policy. This 5701 * is a BAD assumption and causes problems at least with the 5702 * U-Vancovers MPI folks. I will change this to be no policy means 5703 * NO PR-SCTP. 5704 */ 5705 if (PR_SCTP_ENABLED(sp->sinfo_flags)) { 5706 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 5707 sp->pr_sctp_on = 1; 5708 } else { 5709 return; 5710 } 5711 switch (PR_SCTP_POLICY(sp->sinfo_flags)) { 5712 case CHUNK_FLAGS_PR_SCTP_BUF: 5713 /* 5714 * Time to live is a priority stored in tv_sec when doing 5715 * the buffer drop thing. 5716 */ 5717 sp->ts.tv_sec = sp->timetolive; 5718 sp->ts.tv_usec = 0; 5719 break; 5720 case CHUNK_FLAGS_PR_SCTP_TTL: 5721 { 5722 struct timeval tv; 5723 5724 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 5725 tv.tv_sec = sp->timetolive / 1000; 5726 tv.tv_usec = (sp->timetolive * 1000) % 1000000; 5727 /* 5728 * TODO sctp_constants.h needs alternative time 5729 * macros when _KERNEL is undefined. 5730 */ 5731 timevaladd(&sp->ts, &tv); 5732 } 5733 break; 5734 case CHUNK_FLAGS_PR_SCTP_RTX: 5735 /* 5736 * Time to live is a the number or retransmissions stored in 5737 * tv_sec. 5738 */ 5739 sp->ts.tv_sec = sp->timetolive; 5740 sp->ts.tv_usec = 0; 5741 break; 5742 default: 5743 SCTPDBG(SCTP_DEBUG_USRREQ1, 5744 "Unknown PR_SCTP policy %u.\n", 5745 PR_SCTP_POLICY(sp->sinfo_flags)); 5746 break; 5747 } 5748 } 5749 5750 static int 5751 sctp_msg_append(struct sctp_tcb *stcb, 5752 struct sctp_nets *net, 5753 struct mbuf *m, 5754 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock) 5755 { 5756 int error = 0, holds_lock; 5757 struct mbuf *at; 5758 struct sctp_stream_queue_pending *sp = NULL; 5759 struct sctp_stream_out *strm; 5760 5761 /* 5762 * Given an mbuf chain, put it into the association send queue and 5763 * place it on the wheel 5764 */ 5765 holds_lock = hold_stcb_lock; 5766 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) { 5767 /* Invalid stream number */ 5768 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 5769 error = EINVAL; 5770 goto out_now; 5771 } 5772 if ((stcb->asoc.stream_locked) && 5773 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { 5774 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 5775 error = EINVAL; 5776 goto out_now; 5777 } 5778 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 5779 /* Now can we send this? */ 5780 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) || 5781 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5782 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 5783 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { 5784 /* got data while shutting down */ 5785 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 5786 error = ECONNRESET; 5787 goto out_now; 5788 } 5789 sctp_alloc_a_strmoq(stcb, sp); 5790 if (sp == NULL) { 5791 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 5792 error = ENOMEM; 5793 goto out_now; 5794 } 5795 sp->sinfo_flags = srcv->sinfo_flags; 5796 sp->timetolive = srcv->sinfo_timetolive; 5797 sp->ppid = srcv->sinfo_ppid; 5798 sp->context = srcv->sinfo_context; 5799 sp->strseq = 0; 5800 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 5801 sp->net = net; 5802 atomic_add_int(&sp->net->ref_count, 1); 5803 } else { 5804 sp->net = NULL; 5805 } 5806 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 5807 sp->stream = srcv->sinfo_stream; 5808 sp->msg_is_complete = 1; 5809 sp->sender_all_done = 1; 5810 sp->some_taken = 0; 5811 sp->data = m; 5812 sp->tail_mbuf = NULL; 5813 sp->length = 0; 5814 at = m; 5815 sctp_set_prsctp_policy(sp); 5816 /* 5817 * We could in theory (for sendall) sifa the length in, but we would 5818 * still have to hunt through the chain since we need to setup the 5819 * tail_mbuf 5820 */ 5821 while (at) { 5822 if (SCTP_BUF_NEXT(at) == NULL) 5823 sp->tail_mbuf = at; 5824 sp->length += SCTP_BUF_LEN(at); 5825 at = SCTP_BUF_NEXT(at); 5826 } 5827 SCTP_TCB_SEND_LOCK(stcb); 5828 sctp_snd_sb_alloc(stcb, sp->length); 5829 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1); 5830 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 5831 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 5832 sp->strseq = strm->next_sequence_sent; 5833 strm->next_sequence_sent++; 5834 } 5835 stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, &stcb->asoc, strm, sp, 1); 5836 m = NULL; 5837 SCTP_TCB_SEND_UNLOCK(stcb); 5838 out_now: 5839 if (m) { 5840 sctp_m_freem(m); 5841 } 5842 return (error); 5843 } 5844 5845 5846 static struct mbuf * 5847 sctp_copy_mbufchain(struct mbuf *clonechain, 5848 struct mbuf *outchain, 5849 struct mbuf **endofchain, 5850 int can_take_mbuf, 5851 int sizeofcpy, 5852 uint8_t copy_by_ref) 5853 { 5854 struct mbuf *m; 5855 struct mbuf *appendchain; 5856 caddr_t cp; 5857 int len; 5858 5859 if (endofchain == NULL) { 5860 /* error */ 5861 error_out: 5862 if (outchain) 5863 sctp_m_freem(outchain); 5864 return (NULL); 5865 } 5866 if (can_take_mbuf) { 5867 appendchain = clonechain; 5868 } else { 5869 if (!copy_by_ref && 5870 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN))) 5871 ) { 5872 /* Its not in a cluster */ 5873 if (*endofchain == NULL) { 5874 /* lets get a mbuf cluster */ 5875 if (outchain == NULL) { 5876 /* This is the general case */ 5877 new_mbuf: 5878 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 5879 if (outchain == NULL) { 5880 goto error_out; 5881 } 5882 SCTP_BUF_LEN(outchain) = 0; 5883 *endofchain = outchain; 5884 /* get the prepend space */ 5885 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4)); 5886 } else { 5887 /* 5888 * We really should not get a NULL 5889 * in endofchain 5890 */ 5891 /* find end */ 5892 m = outchain; 5893 while (m) { 5894 if (SCTP_BUF_NEXT(m) == NULL) { 5895 *endofchain = m; 5896 break; 5897 } 5898 m = SCTP_BUF_NEXT(m); 5899 } 5900 /* sanity */ 5901 if (*endofchain == NULL) { 5902 /* 5903 * huh, TSNH XXX maybe we 5904 * should panic 5905 */ 5906 sctp_m_freem(outchain); 5907 goto new_mbuf; 5908 } 5909 } 5910 /* get the new end of length */ 5911 len = M_TRAILINGSPACE(*endofchain); 5912 } else { 5913 /* how much is left at the end? */ 5914 len = M_TRAILINGSPACE(*endofchain); 5915 } 5916 /* Find the end of the data, for appending */ 5917 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain))); 5918 5919 /* Now lets copy it out */ 5920 if (len >= sizeofcpy) { 5921 /* It all fits, copy it in */ 5922 m_copydata(clonechain, 0, sizeofcpy, cp); 5923 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 5924 } else { 5925 /* fill up the end of the chain */ 5926 if (len > 0) { 5927 m_copydata(clonechain, 0, len, cp); 5928 SCTP_BUF_LEN((*endofchain)) += len; 5929 /* now we need another one */ 5930 sizeofcpy -= len; 5931 } 5932 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 5933 if (m == NULL) { 5934 /* We failed */ 5935 goto error_out; 5936 } 5937 SCTP_BUF_NEXT((*endofchain)) = m; 5938 *endofchain = m; 5939 cp = mtod((*endofchain), caddr_t); 5940 m_copydata(clonechain, len, sizeofcpy, cp); 5941 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 5942 } 5943 return (outchain); 5944 } else { 5945 /* copy the old fashion way */ 5946 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_DONTWAIT); 5947 #ifdef SCTP_MBUF_LOGGING 5948 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 5949 struct mbuf *mat; 5950 5951 mat = appendchain; 5952 while (mat) { 5953 if (SCTP_BUF_IS_EXTENDED(mat)) { 5954 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 5955 } 5956 mat = SCTP_BUF_NEXT(mat); 5957 } 5958 } 5959 #endif 5960 } 5961 } 5962 if (appendchain == NULL) { 5963 /* error */ 5964 if (outchain) 5965 sctp_m_freem(outchain); 5966 return (NULL); 5967 } 5968 if (outchain) { 5969 /* tack on to the end */ 5970 if (*endofchain != NULL) { 5971 SCTP_BUF_NEXT(((*endofchain))) = appendchain; 5972 } else { 5973 m = outchain; 5974 while (m) { 5975 if (SCTP_BUF_NEXT(m) == NULL) { 5976 SCTP_BUF_NEXT(m) = appendchain; 5977 break; 5978 } 5979 m = SCTP_BUF_NEXT(m); 5980 } 5981 } 5982 /* 5983 * save off the end and update the end-chain postion 5984 */ 5985 m = appendchain; 5986 while (m) { 5987 if (SCTP_BUF_NEXT(m) == NULL) { 5988 *endofchain = m; 5989 break; 5990 } 5991 m = SCTP_BUF_NEXT(m); 5992 } 5993 return (outchain); 5994 } else { 5995 /* save off the end and update the end-chain postion */ 5996 m = appendchain; 5997 while (m) { 5998 if (SCTP_BUF_NEXT(m) == NULL) { 5999 *endofchain = m; 6000 break; 6001 } 6002 m = SCTP_BUF_NEXT(m); 6003 } 6004 return (appendchain); 6005 } 6006 } 6007 6008 int 6009 sctp_med_chunk_output(struct sctp_inpcb *inp, 6010 struct sctp_tcb *stcb, 6011 struct sctp_association *asoc, 6012 int *num_out, 6013 int *reason_code, 6014 int control_only, int from_where, 6015 struct timeval *now, int *now_filled, int frag_point, int so_locked 6016 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 6017 SCTP_UNUSED 6018 #endif 6019 ); 6020 6021 static void 6022 sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, 6023 uint32_t val) 6024 { 6025 struct sctp_copy_all *ca; 6026 struct mbuf *m; 6027 int ret = 0; 6028 int added_control = 0; 6029 int un_sent, do_chunk_output = 1; 6030 struct sctp_association *asoc; 6031 6032 ca = (struct sctp_copy_all *)ptr; 6033 if (ca->m == NULL) { 6034 return; 6035 } 6036 if (ca->inp != inp) { 6037 /* TSNH */ 6038 return; 6039 } 6040 if ((ca->m) && ca->sndlen) { 6041 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_DONTWAIT); 6042 if (m == NULL) { 6043 /* can't copy so we are done */ 6044 ca->cnt_failed++; 6045 return; 6046 } 6047 #ifdef SCTP_MBUF_LOGGING 6048 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6049 struct mbuf *mat; 6050 6051 mat = m; 6052 while (mat) { 6053 if (SCTP_BUF_IS_EXTENDED(mat)) { 6054 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6055 } 6056 mat = SCTP_BUF_NEXT(mat); 6057 } 6058 } 6059 #endif 6060 } else { 6061 m = NULL; 6062 } 6063 SCTP_TCB_LOCK_ASSERT(stcb); 6064 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) { 6065 /* Abort this assoc with m as the user defined reason */ 6066 if (m) { 6067 struct sctp_paramhdr *ph; 6068 6069 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT); 6070 if (m) { 6071 ph = mtod(m, struct sctp_paramhdr *); 6072 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 6073 ph->param_length = htons(ca->sndlen); 6074 } 6075 /* 6076 * We add one here to keep the assoc from 6077 * dis-appearing on us. 6078 */ 6079 atomic_add_int(&stcb->asoc.refcnt, 1); 6080 sctp_abort_an_association(inp, stcb, 6081 SCTP_RESPONSE_TO_USER_REQ, 6082 m, SCTP_SO_NOT_LOCKED); 6083 /* 6084 * sctp_abort_an_association calls sctp_free_asoc() 6085 * free association will NOT free it since we 6086 * incremented the refcnt .. we do this to prevent 6087 * it being freed and things getting tricky since we 6088 * could end up (from free_asoc) calling inpcb_free 6089 * which would get a recursive lock call to the 6090 * iterator lock.. But as a consequence of that the 6091 * stcb will return to us un-locked.. since 6092 * free_asoc returns with either no TCB or the TCB 6093 * unlocked, we must relock.. to unlock in the 6094 * iterator timer :-0 6095 */ 6096 SCTP_TCB_LOCK(stcb); 6097 atomic_add_int(&stcb->asoc.refcnt, -1); 6098 goto no_chunk_output; 6099 } 6100 } else { 6101 if (m) { 6102 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m, 6103 &ca->sndrcv, 1); 6104 } 6105 asoc = &stcb->asoc; 6106 if (ca->sndrcv.sinfo_flags & SCTP_EOF) { 6107 /* shutdown this assoc */ 6108 int cnt; 6109 6110 cnt = sctp_is_there_unsent_data(stcb); 6111 6112 if (TAILQ_EMPTY(&asoc->send_queue) && 6113 TAILQ_EMPTY(&asoc->sent_queue) && 6114 (cnt == 0)) { 6115 if (asoc->locked_on_sending) { 6116 goto abort_anyway; 6117 } 6118 /* 6119 * there is nothing queued to send, so I'm 6120 * done... 6121 */ 6122 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6123 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6124 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6125 /* 6126 * only send SHUTDOWN the first time 6127 * through 6128 */ 6129 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 6130 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 6131 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 6132 } 6133 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 6134 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 6135 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 6136 asoc->primary_destination); 6137 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6138 asoc->primary_destination); 6139 added_control = 1; 6140 do_chunk_output = 0; 6141 } 6142 } else { 6143 /* 6144 * we still got (or just got) data to send, 6145 * so set SHUTDOWN_PENDING 6146 */ 6147 /* 6148 * XXX sockets draft says that SCTP_EOF 6149 * should be sent with no data. currently, 6150 * we will allow user data to be sent first 6151 * and move to SHUTDOWN-PENDING 6152 */ 6153 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6154 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6155 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6156 if (asoc->locked_on_sending) { 6157 /* 6158 * Locked to send out the 6159 * data 6160 */ 6161 struct sctp_stream_queue_pending *sp; 6162 6163 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 6164 if (sp) { 6165 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 6166 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 6167 } 6168 } 6169 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 6170 if (TAILQ_EMPTY(&asoc->send_queue) && 6171 TAILQ_EMPTY(&asoc->sent_queue) && 6172 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 6173 abort_anyway: 6174 atomic_add_int(&stcb->asoc.refcnt, 1); 6175 sctp_abort_an_association(stcb->sctp_ep, stcb, 6176 SCTP_RESPONSE_TO_USER_REQ, 6177 NULL, SCTP_SO_NOT_LOCKED); 6178 atomic_add_int(&stcb->asoc.refcnt, -1); 6179 goto no_chunk_output; 6180 } 6181 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6182 asoc->primary_destination); 6183 } 6184 } 6185 6186 } 6187 } 6188 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 6189 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 6190 6191 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 6192 (stcb->asoc.total_flight > 0) && 6193 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) 6194 ) { 6195 do_chunk_output = 0; 6196 } 6197 if (do_chunk_output) 6198 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED); 6199 else if (added_control) { 6200 int num_out = 0, reason = 0, now_filled = 0; 6201 struct timeval now; 6202 int frag_point; 6203 6204 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 6205 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 6206 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED); 6207 } 6208 no_chunk_output: 6209 if (ret) { 6210 ca->cnt_failed++; 6211 } else { 6212 ca->cnt_sent++; 6213 } 6214 } 6215 6216 static void 6217 sctp_sendall_completes(void *ptr, uint32_t val) 6218 { 6219 struct sctp_copy_all *ca; 6220 6221 ca = (struct sctp_copy_all *)ptr; 6222 /* 6223 * Do a notify here? Kacheong suggests that the notify be done at 6224 * the send time.. so you would push up a notification if any send 6225 * failed. Don't know if this is feasable since the only failures we 6226 * have is "memory" related and if you cannot get an mbuf to send 6227 * the data you surely can't get an mbuf to send up to notify the 6228 * user you can't send the data :-> 6229 */ 6230 6231 /* now free everything */ 6232 sctp_m_freem(ca->m); 6233 SCTP_FREE(ca, SCTP_M_COPYAL); 6234 } 6235 6236 6237 #define MC_ALIGN(m, len) do { \ 6238 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \ 6239 } while (0) 6240 6241 6242 6243 static struct mbuf * 6244 sctp_copy_out_all(struct uio *uio, int len) 6245 { 6246 struct mbuf *ret, *at; 6247 int left, willcpy, cancpy, error; 6248 6249 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAIT, 1, MT_DATA); 6250 if (ret == NULL) { 6251 /* TSNH */ 6252 return (NULL); 6253 } 6254 left = len; 6255 SCTP_BUF_LEN(ret) = 0; 6256 /* save space for the data chunk header */ 6257 cancpy = M_TRAILINGSPACE(ret); 6258 willcpy = min(cancpy, left); 6259 at = ret; 6260 while (left > 0) { 6261 /* Align data to the end */ 6262 error = uiomove(mtod(at, caddr_t), willcpy, uio); 6263 if (error) { 6264 err_out_now: 6265 sctp_m_freem(at); 6266 return (NULL); 6267 } 6268 SCTP_BUF_LEN(at) = willcpy; 6269 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0; 6270 left -= willcpy; 6271 if (left > 0) { 6272 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 1, MT_DATA); 6273 if (SCTP_BUF_NEXT(at) == NULL) { 6274 goto err_out_now; 6275 } 6276 at = SCTP_BUF_NEXT(at); 6277 SCTP_BUF_LEN(at) = 0; 6278 cancpy = M_TRAILINGSPACE(at); 6279 willcpy = min(cancpy, left); 6280 } 6281 } 6282 return (ret); 6283 } 6284 6285 static int 6286 sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, 6287 struct sctp_sndrcvinfo *srcv) 6288 { 6289 int ret; 6290 struct sctp_copy_all *ca; 6291 6292 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all), 6293 SCTP_M_COPYAL); 6294 if (ca == NULL) { 6295 sctp_m_freem(m); 6296 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6297 return (ENOMEM); 6298 } 6299 memset(ca, 0, sizeof(struct sctp_copy_all)); 6300 6301 ca->inp = inp; 6302 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo)); 6303 /* 6304 * take off the sendall flag, it would be bad if we failed to do 6305 * this :-0 6306 */ 6307 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; 6308 /* get length and mbuf chain */ 6309 if (uio) { 6310 ca->sndlen = uio->uio_resid; 6311 ca->m = sctp_copy_out_all(uio, ca->sndlen); 6312 if (ca->m == NULL) { 6313 SCTP_FREE(ca, SCTP_M_COPYAL); 6314 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6315 return (ENOMEM); 6316 } 6317 } else { 6318 /* Gather the length of the send */ 6319 struct mbuf *mat; 6320 6321 mat = m; 6322 ca->sndlen = 0; 6323 while (m) { 6324 ca->sndlen += SCTP_BUF_LEN(m); 6325 m = SCTP_BUF_NEXT(m); 6326 } 6327 ca->m = mat; 6328 } 6329 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, 6330 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, 6331 SCTP_ASOC_ANY_STATE, 6332 (void *)ca, 0, 6333 sctp_sendall_completes, inp, 1); 6334 if (ret) { 6335 SCTP_PRINTF("Failed to initiate iterator for sendall\n"); 6336 SCTP_FREE(ca, SCTP_M_COPYAL); 6337 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 6338 return (EFAULT); 6339 } 6340 return (0); 6341 } 6342 6343 6344 void 6345 sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc) 6346 { 6347 struct sctp_tmit_chunk *chk, *nchk; 6348 6349 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 6350 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 6351 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6352 if (chk->data) { 6353 sctp_m_freem(chk->data); 6354 chk->data = NULL; 6355 } 6356 asoc->ctrl_queue_cnt--; 6357 sctp_free_a_chunk(stcb, chk); 6358 } 6359 } 6360 } 6361 6362 void 6363 sctp_toss_old_asconf(struct sctp_tcb *stcb) 6364 { 6365 struct sctp_association *asoc; 6366 struct sctp_tmit_chunk *chk, *nchk; 6367 struct sctp_asconf_chunk *acp; 6368 6369 asoc = &stcb->asoc; 6370 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 6371 /* find SCTP_ASCONF chunk in queue */ 6372 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 6373 if (chk->data) { 6374 acp = mtod(chk->data, struct sctp_asconf_chunk *); 6375 if (SCTP_TSN_GT(ntohl(acp->serial_number), asoc->asconf_seq_out_acked)) { 6376 /* Not Acked yet */ 6377 break; 6378 } 6379 } 6380 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 6381 if (chk->data) { 6382 sctp_m_freem(chk->data); 6383 chk->data = NULL; 6384 } 6385 asoc->ctrl_queue_cnt--; 6386 sctp_free_a_chunk(stcb, chk); 6387 } 6388 } 6389 } 6390 6391 6392 static void 6393 sctp_clean_up_datalist(struct sctp_tcb *stcb, 6394 struct sctp_association *asoc, 6395 struct sctp_tmit_chunk **data_list, 6396 int bundle_at, 6397 struct sctp_nets *net) 6398 { 6399 int i; 6400 struct sctp_tmit_chunk *tp1; 6401 6402 for (i = 0; i < bundle_at; i++) { 6403 /* off of the send queue */ 6404 TAILQ_REMOVE(&asoc->send_queue, data_list[i], sctp_next); 6405 asoc->send_queue_cnt--; 6406 if (i > 0) { 6407 /* 6408 * Any chunk NOT 0 you zap the time chunk 0 gets 6409 * zapped or set based on if a RTO measurment is 6410 * needed. 6411 */ 6412 data_list[i]->do_rtt = 0; 6413 } 6414 /* record time */ 6415 data_list[i]->sent_rcv_time = net->last_sent_time; 6416 data_list[i]->rec.data.cwnd_at_send = net->cwnd; 6417 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq; 6418 if (data_list[i]->whoTo == NULL) { 6419 data_list[i]->whoTo = net; 6420 atomic_add_int(&net->ref_count, 1); 6421 } 6422 /* on to the sent queue */ 6423 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead); 6424 if ((tp1) && SCTP_TSN_GT(tp1->rec.data.TSN_seq, data_list[i]->rec.data.TSN_seq)) { 6425 struct sctp_tmit_chunk *tpp; 6426 6427 /* need to move back */ 6428 back_up_more: 6429 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next); 6430 if (tpp == NULL) { 6431 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next); 6432 goto all_done; 6433 } 6434 tp1 = tpp; 6435 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, data_list[i]->rec.data.TSN_seq)) { 6436 goto back_up_more; 6437 } 6438 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next); 6439 } else { 6440 TAILQ_INSERT_TAIL(&asoc->sent_queue, 6441 data_list[i], 6442 sctp_next); 6443 } 6444 all_done: 6445 /* This does not lower until the cum-ack passes it */ 6446 asoc->sent_queue_cnt++; 6447 if ((asoc->peers_rwnd <= 0) && 6448 (asoc->total_flight == 0) && 6449 (bundle_at == 1)) { 6450 /* Mark the chunk as being a window probe */ 6451 SCTP_STAT_INCR(sctps_windowprobed); 6452 } 6453 #ifdef SCTP_AUDITING_ENABLED 6454 sctp_audit_log(0xC2, 3); 6455 #endif 6456 data_list[i]->sent = SCTP_DATAGRAM_SENT; 6457 data_list[i]->snd_count = 1; 6458 data_list[i]->rec.data.chunk_was_revoked = 0; 6459 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 6460 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 6461 data_list[i]->whoTo->flight_size, 6462 data_list[i]->book_size, 6463 (uintptr_t) data_list[i]->whoTo, 6464 data_list[i]->rec.data.TSN_seq); 6465 } 6466 sctp_flight_size_increase(data_list[i]); 6467 sctp_total_flight_increase(stcb, data_list[i]); 6468 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 6469 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 6470 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 6471 } 6472 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 6473 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 6474 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 6475 /* SWS sender side engages */ 6476 asoc->peers_rwnd = 0; 6477 } 6478 } 6479 if (asoc->cc_functions.sctp_cwnd_update_packet_transmitted) { 6480 (*asoc->cc_functions.sctp_cwnd_update_packet_transmitted) (stcb, net); 6481 } 6482 } 6483 6484 static void 6485 sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc) 6486 { 6487 struct sctp_tmit_chunk *chk, *nchk; 6488 6489 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 6490 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 6491 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 6492 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 6493 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 6494 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) || 6495 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 6496 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 6497 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 6498 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 6499 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 6500 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 6501 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 6502 /* Stray chunks must be cleaned up */ 6503 clean_up_anyway: 6504 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6505 if (chk->data) { 6506 sctp_m_freem(chk->data); 6507 chk->data = NULL; 6508 } 6509 asoc->ctrl_queue_cnt--; 6510 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) 6511 asoc->fwd_tsn_cnt--; 6512 sctp_free_a_chunk(stcb, chk); 6513 } else if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 6514 /* special handling, we must look into the param */ 6515 if (chk != asoc->str_reset) { 6516 goto clean_up_anyway; 6517 } 6518 } 6519 } 6520 } 6521 6522 6523 static int 6524 sctp_can_we_split_this(struct sctp_tcb *stcb, 6525 uint32_t length, 6526 uint32_t goal_mtu, uint32_t frag_point, int eeor_on) 6527 { 6528 /* 6529 * Make a decision on if I should split a msg into multiple parts. 6530 * This is only asked of incomplete messages. 6531 */ 6532 if (eeor_on) { 6533 /* 6534 * If we are doing EEOR we need to always send it if its the 6535 * entire thing, since it might be all the guy is putting in 6536 * the hopper. 6537 */ 6538 if (goal_mtu >= length) { 6539 /*- 6540 * If we have data outstanding, 6541 * we get another chance when the sack 6542 * arrives to transmit - wait for more data 6543 */ 6544 if (stcb->asoc.total_flight == 0) { 6545 /* 6546 * If nothing is in flight, we zero the 6547 * packet counter. 6548 */ 6549 return (length); 6550 } 6551 return (0); 6552 6553 } else { 6554 /* You can fill the rest */ 6555 return (goal_mtu); 6556 } 6557 } 6558 /*- 6559 * For those strange folk that make the send buffer 6560 * smaller than our fragmentation point, we can't 6561 * get a full msg in so we have to allow splitting. 6562 */ 6563 if (SCTP_SB_LIMIT_SND(stcb->sctp_socket) < frag_point) { 6564 return (length); 6565 } 6566 if ((length <= goal_mtu) || 6567 ((length - goal_mtu) < SCTP_BASE_SYSCTL(sctp_min_residual))) { 6568 /* Sub-optimial residual don't split in non-eeor mode. */ 6569 return (0); 6570 } 6571 /* 6572 * If we reach here length is larger than the goal_mtu. Do we wish 6573 * to split it for the sake of packet putting together? 6574 */ 6575 if (goal_mtu >= min(SCTP_BASE_SYSCTL(sctp_min_split_point), frag_point)) { 6576 /* Its ok to split it */ 6577 return (min(goal_mtu, frag_point)); 6578 } 6579 /* Nope, can't split */ 6580 return (0); 6581 6582 } 6583 6584 static uint32_t 6585 sctp_move_to_outqueue(struct sctp_tcb *stcb, 6586 struct sctp_stream_out *strq, 6587 uint32_t goal_mtu, 6588 uint32_t frag_point, 6589 int *locked, 6590 int *giveup, 6591 int eeor_mode, 6592 int *bail) 6593 { 6594 /* Move from the stream to the send_queue keeping track of the total */ 6595 struct sctp_association *asoc; 6596 struct sctp_stream_queue_pending *sp; 6597 struct sctp_tmit_chunk *chk; 6598 struct sctp_data_chunk *dchkh; 6599 uint32_t to_move, length; 6600 uint8_t rcv_flags = 0; 6601 uint8_t some_taken; 6602 uint8_t send_lock_up = 0; 6603 6604 SCTP_TCB_LOCK_ASSERT(stcb); 6605 asoc = &stcb->asoc; 6606 one_more_time: 6607 /* sa_ignore FREED_MEMORY */ 6608 sp = TAILQ_FIRST(&strq->outqueue); 6609 if (sp == NULL) { 6610 *locked = 0; 6611 if (send_lock_up == 0) { 6612 SCTP_TCB_SEND_LOCK(stcb); 6613 send_lock_up = 1; 6614 } 6615 sp = TAILQ_FIRST(&strq->outqueue); 6616 if (sp) { 6617 goto one_more_time; 6618 } 6619 if (strq->last_msg_incomplete) { 6620 SCTP_PRINTF("Huh? Stream:%d lm_in_c=%d but queue is NULL\n", 6621 strq->stream_no, 6622 strq->last_msg_incomplete); 6623 strq->last_msg_incomplete = 0; 6624 } 6625 to_move = 0; 6626 if (send_lock_up) { 6627 SCTP_TCB_SEND_UNLOCK(stcb); 6628 send_lock_up = 0; 6629 } 6630 goto out_of; 6631 } 6632 if ((sp->msg_is_complete) && (sp->length == 0)) { 6633 if (sp->sender_all_done) { 6634 /* 6635 * We are doing differed cleanup. Last time through 6636 * when we took all the data the sender_all_done was 6637 * not set. 6638 */ 6639 if ((sp->put_last_out == 0) && (sp->discard_rest == 0)) { 6640 SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n"); 6641 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d send_lock:%d\n", 6642 sp->sender_all_done, 6643 sp->length, 6644 sp->msg_is_complete, 6645 sp->put_last_out, 6646 send_lock_up); 6647 } 6648 if ((TAILQ_NEXT(sp, next) == NULL) && (send_lock_up == 0)) { 6649 SCTP_TCB_SEND_LOCK(stcb); 6650 send_lock_up = 1; 6651 } 6652 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 6653 TAILQ_REMOVE(&strq->outqueue, sp, next); 6654 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp, send_lock_up); 6655 if (sp->net) { 6656 sctp_free_remote_addr(sp->net); 6657 sp->net = NULL; 6658 } 6659 if (sp->data) { 6660 sctp_m_freem(sp->data); 6661 sp->data = NULL; 6662 } 6663 sctp_free_a_strmoq(stcb, sp); 6664 /* we can't be locked to it */ 6665 *locked = 0; 6666 stcb->asoc.locked_on_sending = NULL; 6667 if (send_lock_up) { 6668 SCTP_TCB_SEND_UNLOCK(stcb); 6669 send_lock_up = 0; 6670 } 6671 /* back to get the next msg */ 6672 goto one_more_time; 6673 } else { 6674 /* 6675 * sender just finished this but still holds a 6676 * reference 6677 */ 6678 *locked = 1; 6679 *giveup = 1; 6680 to_move = 0; 6681 goto out_of; 6682 } 6683 } else { 6684 /* is there some to get */ 6685 if (sp->length == 0) { 6686 /* no */ 6687 *locked = 1; 6688 *giveup = 1; 6689 to_move = 0; 6690 goto out_of; 6691 } else if (sp->discard_rest) { 6692 if (send_lock_up == 0) { 6693 SCTP_TCB_SEND_LOCK(stcb); 6694 send_lock_up = 1; 6695 } 6696 /* Whack down the size */ 6697 atomic_subtract_int(&stcb->asoc.total_output_queue_size, sp->length); 6698 if ((stcb->sctp_socket != NULL) && \ 6699 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 6700 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 6701 atomic_subtract_int(&stcb->sctp_socket->so_snd.sb_cc, sp->length); 6702 } 6703 if (sp->data) { 6704 sctp_m_freem(sp->data); 6705 sp->data = NULL; 6706 sp->tail_mbuf = NULL; 6707 } 6708 sp->length = 0; 6709 sp->some_taken = 1; 6710 *locked = 1; 6711 *giveup = 1; 6712 to_move = 0; 6713 goto out_of; 6714 } 6715 } 6716 some_taken = sp->some_taken; 6717 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 6718 sp->msg_is_complete = 1; 6719 } 6720 re_look: 6721 length = sp->length; 6722 if (sp->msg_is_complete) { 6723 /* The message is complete */ 6724 to_move = min(length, frag_point); 6725 if (to_move == length) { 6726 /* All of it fits in the MTU */ 6727 if (sp->some_taken) { 6728 rcv_flags |= SCTP_DATA_LAST_FRAG; 6729 sp->put_last_out = 1; 6730 } else { 6731 rcv_flags |= SCTP_DATA_NOT_FRAG; 6732 sp->put_last_out = 1; 6733 } 6734 } else { 6735 /* Not all of it fits, we fragment */ 6736 if (sp->some_taken == 0) { 6737 rcv_flags |= SCTP_DATA_FIRST_FRAG; 6738 } 6739 sp->some_taken = 1; 6740 } 6741 } else { 6742 to_move = sctp_can_we_split_this(stcb, length, goal_mtu, frag_point, eeor_mode); 6743 if (to_move) { 6744 /*- 6745 * We use a snapshot of length in case it 6746 * is expanding during the compare. 6747 */ 6748 uint32_t llen; 6749 6750 llen = length; 6751 if (to_move >= llen) { 6752 to_move = llen; 6753 if (send_lock_up == 0) { 6754 /*- 6755 * We are taking all of an incomplete msg 6756 * thus we need a send lock. 6757 */ 6758 SCTP_TCB_SEND_LOCK(stcb); 6759 send_lock_up = 1; 6760 if (sp->msg_is_complete) { 6761 /* 6762 * the sender finished the 6763 * msg 6764 */ 6765 goto re_look; 6766 } 6767 } 6768 } 6769 if (sp->some_taken == 0) { 6770 rcv_flags |= SCTP_DATA_FIRST_FRAG; 6771 sp->some_taken = 1; 6772 } 6773 } else { 6774 /* Nothing to take. */ 6775 if (sp->some_taken) { 6776 *locked = 1; 6777 } 6778 *giveup = 1; 6779 to_move = 0; 6780 goto out_of; 6781 } 6782 } 6783 6784 /* If we reach here, we can copy out a chunk */ 6785 sctp_alloc_a_chunk(stcb, chk); 6786 if (chk == NULL) { 6787 /* No chunk memory */ 6788 *giveup = 1; 6789 to_move = 0; 6790 goto out_of; 6791 } 6792 /* 6793 * Setup for unordered if needed by looking at the user sent info 6794 * flags. 6795 */ 6796 if (sp->sinfo_flags & SCTP_UNORDERED) { 6797 rcv_flags |= SCTP_DATA_UNORDERED; 6798 } 6799 if ((SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) && ((sp->sinfo_flags & SCTP_EOF) == SCTP_EOF)) || 6800 ((sp->sinfo_flags & SCTP_SACK_IMMEDIATELY) == SCTP_SACK_IMMEDIATELY)) { 6801 rcv_flags |= SCTP_DATA_SACK_IMMEDIATELY; 6802 } 6803 /* clear out the chunk before setting up */ 6804 memset(chk, 0, sizeof(*chk)); 6805 chk->rec.data.rcv_flags = rcv_flags; 6806 6807 if (to_move >= length) { 6808 /* we think we can steal the whole thing */ 6809 if ((sp->sender_all_done == 0) && (send_lock_up == 0)) { 6810 SCTP_TCB_SEND_LOCK(stcb); 6811 send_lock_up = 1; 6812 } 6813 if (to_move < sp->length) { 6814 /* bail, it changed */ 6815 goto dont_do_it; 6816 } 6817 chk->data = sp->data; 6818 chk->last_mbuf = sp->tail_mbuf; 6819 /* register the stealing */ 6820 sp->data = sp->tail_mbuf = NULL; 6821 } else { 6822 struct mbuf *m; 6823 6824 dont_do_it: 6825 chk->data = SCTP_M_COPYM(sp->data, 0, to_move, M_DONTWAIT); 6826 chk->last_mbuf = NULL; 6827 if (chk->data == NULL) { 6828 sp->some_taken = some_taken; 6829 sctp_free_a_chunk(stcb, chk); 6830 *bail = 1; 6831 to_move = 0; 6832 goto out_of; 6833 } 6834 #ifdef SCTP_MBUF_LOGGING 6835 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6836 struct mbuf *mat; 6837 6838 mat = chk->data; 6839 while (mat) { 6840 if (SCTP_BUF_IS_EXTENDED(mat)) { 6841 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6842 } 6843 mat = SCTP_BUF_NEXT(mat); 6844 } 6845 } 6846 #endif 6847 /* Pull off the data */ 6848 m_adj(sp->data, to_move); 6849 /* Now lets work our way down and compact it */ 6850 m = sp->data; 6851 while (m && (SCTP_BUF_LEN(m) == 0)) { 6852 sp->data = SCTP_BUF_NEXT(m); 6853 SCTP_BUF_NEXT(m) = NULL; 6854 if (sp->tail_mbuf == m) { 6855 /*- 6856 * Freeing tail? TSNH since 6857 * we supposedly were taking less 6858 * than the sp->length. 6859 */ 6860 #ifdef INVARIANTS 6861 panic("Huh, freing tail? - TSNH"); 6862 #else 6863 SCTP_PRINTF("Huh, freeing tail? - TSNH\n"); 6864 sp->tail_mbuf = sp->data = NULL; 6865 sp->length = 0; 6866 #endif 6867 6868 } 6869 sctp_m_free(m); 6870 m = sp->data; 6871 } 6872 } 6873 if (SCTP_BUF_IS_EXTENDED(chk->data)) { 6874 chk->copy_by_ref = 1; 6875 } else { 6876 chk->copy_by_ref = 0; 6877 } 6878 /* 6879 * get last_mbuf and counts of mb useage This is ugly but hopefully 6880 * its only one mbuf. 6881 */ 6882 if (chk->last_mbuf == NULL) { 6883 chk->last_mbuf = chk->data; 6884 while (SCTP_BUF_NEXT(chk->last_mbuf) != NULL) { 6885 chk->last_mbuf = SCTP_BUF_NEXT(chk->last_mbuf); 6886 } 6887 } 6888 if (to_move > length) { 6889 /*- This should not happen either 6890 * since we always lower to_move to the size 6891 * of sp->length if its larger. 6892 */ 6893 #ifdef INVARIANTS 6894 panic("Huh, how can to_move be larger?"); 6895 #else 6896 SCTP_PRINTF("Huh, how can to_move be larger?\n"); 6897 sp->length = 0; 6898 #endif 6899 } else { 6900 atomic_subtract_int(&sp->length, to_move); 6901 } 6902 if (M_LEADINGSPACE(chk->data) < (int)sizeof(struct sctp_data_chunk)) { 6903 /* Not enough room for a chunk header, get some */ 6904 struct mbuf *m; 6905 6906 m = sctp_get_mbuf_for_msg(1, 0, M_DONTWAIT, 0, MT_DATA); 6907 if (m == NULL) { 6908 /* 6909 * we're in trouble here. _PREPEND below will free 6910 * all the data if there is no leading space, so we 6911 * must put the data back and restore. 6912 */ 6913 if (send_lock_up == 0) { 6914 SCTP_TCB_SEND_LOCK(stcb); 6915 send_lock_up = 1; 6916 } 6917 if (chk->data == NULL) { 6918 /* unsteal the data */ 6919 sp->data = chk->data; 6920 sp->tail_mbuf = chk->last_mbuf; 6921 } else { 6922 struct mbuf *m_tmp; 6923 6924 /* reassemble the data */ 6925 m_tmp = sp->data; 6926 sp->data = chk->data; 6927 SCTP_BUF_NEXT(chk->last_mbuf) = m_tmp; 6928 } 6929 sp->some_taken = some_taken; 6930 atomic_add_int(&sp->length, to_move); 6931 chk->data = NULL; 6932 *bail = 1; 6933 sctp_free_a_chunk(stcb, chk); 6934 to_move = 0; 6935 goto out_of; 6936 } else { 6937 SCTP_BUF_LEN(m) = 0; 6938 SCTP_BUF_NEXT(m) = chk->data; 6939 chk->data = m; 6940 M_ALIGN(chk->data, 4); 6941 } 6942 } 6943 SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_DONTWAIT); 6944 if (chk->data == NULL) { 6945 /* HELP, TSNH since we assured it would not above? */ 6946 #ifdef INVARIANTS 6947 panic("prepend failes HELP?"); 6948 #else 6949 SCTP_PRINTF("prepend fails HELP?\n"); 6950 sctp_free_a_chunk(stcb, chk); 6951 #endif 6952 *bail = 1; 6953 to_move = 0; 6954 goto out_of; 6955 } 6956 sctp_snd_sb_alloc(stcb, sizeof(struct sctp_data_chunk)); 6957 chk->book_size = chk->send_size = (to_move + sizeof(struct sctp_data_chunk)); 6958 chk->book_size_scale = 0; 6959 chk->sent = SCTP_DATAGRAM_UNSENT; 6960 6961 chk->flags = 0; 6962 chk->asoc = &stcb->asoc; 6963 chk->pad_inplace = 0; 6964 chk->no_fr_allowed = 0; 6965 chk->rec.data.stream_seq = sp->strseq; 6966 chk->rec.data.stream_number = sp->stream; 6967 chk->rec.data.payloadtype = sp->ppid; 6968 chk->rec.data.context = sp->context; 6969 chk->rec.data.doing_fast_retransmit = 0; 6970 6971 chk->rec.data.timetodrop = sp->ts; 6972 chk->flags = sp->act_flags; 6973 6974 if (sp->net) { 6975 chk->whoTo = sp->net; 6976 atomic_add_int(&chk->whoTo->ref_count, 1); 6977 } else 6978 chk->whoTo = NULL; 6979 6980 if (sp->holds_key_ref) { 6981 chk->auth_keyid = sp->auth_keyid; 6982 sctp_auth_key_acquire(stcb, chk->auth_keyid); 6983 chk->holds_key_ref = 1; 6984 } 6985 chk->rec.data.TSN_seq = atomic_fetchadd_int(&asoc->sending_seq, 1); 6986 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_OUTQ) { 6987 sctp_misc_ints(SCTP_STRMOUT_LOG_SEND, 6988 (uintptr_t) stcb, sp->length, 6989 (uint32_t) ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq), 6990 chk->rec.data.TSN_seq); 6991 } 6992 dchkh = mtod(chk->data, struct sctp_data_chunk *); 6993 /* 6994 * Put the rest of the things in place now. Size was done earlier in 6995 * previous loop prior to padding. 6996 */ 6997 6998 #ifdef SCTP_ASOCLOG_OF_TSNS 6999 SCTP_TCB_LOCK_ASSERT(stcb); 7000 if (asoc->tsn_out_at >= SCTP_TSN_LOG_SIZE) { 7001 asoc->tsn_out_at = 0; 7002 asoc->tsn_out_wrapped = 1; 7003 } 7004 asoc->out_tsnlog[asoc->tsn_out_at].tsn = chk->rec.data.TSN_seq; 7005 asoc->out_tsnlog[asoc->tsn_out_at].strm = chk->rec.data.stream_number; 7006 asoc->out_tsnlog[asoc->tsn_out_at].seq = chk->rec.data.stream_seq; 7007 asoc->out_tsnlog[asoc->tsn_out_at].sz = chk->send_size; 7008 asoc->out_tsnlog[asoc->tsn_out_at].flgs = chk->rec.data.rcv_flags; 7009 asoc->out_tsnlog[asoc->tsn_out_at].stcb = (void *)stcb; 7010 asoc->out_tsnlog[asoc->tsn_out_at].in_pos = asoc->tsn_out_at; 7011 asoc->out_tsnlog[asoc->tsn_out_at].in_out = 2; 7012 asoc->tsn_out_at++; 7013 #endif 7014 7015 dchkh->ch.chunk_type = SCTP_DATA; 7016 dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; 7017 dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); 7018 dchkh->dp.stream_id = htons(strq->stream_no); 7019 dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); 7020 dchkh->dp.protocol_id = chk->rec.data.payloadtype; 7021 dchkh->ch.chunk_length = htons(chk->send_size); 7022 /* Now advance the chk->send_size by the actual pad needed. */ 7023 if (chk->send_size < SCTP_SIZE32(chk->book_size)) { 7024 /* need a pad */ 7025 struct mbuf *lm; 7026 int pads; 7027 7028 pads = SCTP_SIZE32(chk->book_size) - chk->send_size; 7029 if (sctp_pad_lastmbuf(chk->data, pads, chk->last_mbuf) == 0) { 7030 chk->pad_inplace = 1; 7031 } 7032 if ((lm = SCTP_BUF_NEXT(chk->last_mbuf)) != NULL) { 7033 /* pad added an mbuf */ 7034 chk->last_mbuf = lm; 7035 } 7036 chk->send_size += pads; 7037 } 7038 /* We only re-set the policy if it is on */ 7039 if (sp->pr_sctp_on) { 7040 sctp_set_prsctp_policy(sp); 7041 asoc->pr_sctp_cnt++; 7042 chk->pr_sctp_on = 1; 7043 } else { 7044 chk->pr_sctp_on = 0; 7045 } 7046 if (sp->msg_is_complete && (sp->length == 0) && (sp->sender_all_done)) { 7047 /* All done pull and kill the message */ 7048 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 7049 if (sp->put_last_out == 0) { 7050 SCTP_PRINTF("Gak, put out entire msg with NO end!-2\n"); 7051 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d send_lock:%d\n", 7052 sp->sender_all_done, 7053 sp->length, 7054 sp->msg_is_complete, 7055 sp->put_last_out, 7056 send_lock_up); 7057 } 7058 if ((send_lock_up == 0) && (TAILQ_NEXT(sp, next) == NULL)) { 7059 SCTP_TCB_SEND_LOCK(stcb); 7060 send_lock_up = 1; 7061 } 7062 TAILQ_REMOVE(&strq->outqueue, sp, next); 7063 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp, send_lock_up); 7064 if (sp->net) { 7065 sctp_free_remote_addr(sp->net); 7066 sp->net = NULL; 7067 } 7068 if (sp->data) { 7069 sctp_m_freem(sp->data); 7070 sp->data = NULL; 7071 } 7072 sctp_free_a_strmoq(stcb, sp); 7073 7074 /* we can't be locked to it */ 7075 *locked = 0; 7076 stcb->asoc.locked_on_sending = NULL; 7077 } else { 7078 /* more to go, we are locked */ 7079 *locked = 1; 7080 } 7081 asoc->chunks_on_out_queue++; 7082 TAILQ_INSERT_TAIL(&asoc->send_queue, chk, sctp_next); 7083 asoc->send_queue_cnt++; 7084 out_of: 7085 if (send_lock_up) { 7086 SCTP_TCB_SEND_UNLOCK(stcb); 7087 send_lock_up = 0; 7088 } 7089 return (to_move); 7090 } 7091 7092 7093 static void 7094 sctp_fill_outqueue(struct sctp_tcb *stcb, 7095 struct sctp_nets *net, int frag_point, int eeor_mode, int *quit_now) 7096 { 7097 struct sctp_association *asoc; 7098 struct sctp_stream_out *strq, *strqn; 7099 int goal_mtu, moved_how_much, total_moved = 0, bail = 0; 7100 int locked, giveup; 7101 7102 SCTP_TCB_LOCK_ASSERT(stcb); 7103 asoc = &stcb->asoc; 7104 #ifdef INET6 7105 if (net->ro._l_addr.sin6.sin6_family == AF_INET6) { 7106 goal_mtu = net->mtu - SCTP_MIN_OVERHEAD; 7107 } else { 7108 /* ?? not sure what else to do */ 7109 goal_mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 7110 } 7111 #else 7112 goal_mtu = net->mtu - SCTP_MIN_OVERHEAD; 7113 #endif 7114 /* Need an allowance for the data chunk header too */ 7115 goal_mtu -= sizeof(struct sctp_data_chunk); 7116 7117 /* must make even word boundary */ 7118 goal_mtu &= 0xfffffffc; 7119 if (asoc->locked_on_sending) { 7120 /* We are stuck on one stream until the message completes. */ 7121 strq = asoc->locked_on_sending; 7122 locked = 1; 7123 } else { 7124 strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); 7125 locked = 0; 7126 } 7127 strqn = strq; 7128 while ((goal_mtu > 0) && strq) { 7129 giveup = 0; 7130 bail = 0; 7131 moved_how_much = sctp_move_to_outqueue(stcb, strq, goal_mtu, frag_point, &locked, 7132 &giveup, eeor_mode, &bail); 7133 if (moved_how_much) 7134 stcb->asoc.ss_functions.sctp_ss_scheduled(stcb, net, asoc, strq, moved_how_much); 7135 7136 if (locked) { 7137 asoc->locked_on_sending = strq; 7138 if ((moved_how_much == 0) || (giveup) || bail) 7139 /* no more to move for now */ 7140 break; 7141 } else { 7142 asoc->locked_on_sending = NULL; 7143 if ((giveup) || bail) { 7144 break; 7145 } 7146 strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); 7147 if (strq == NULL) { 7148 break; 7149 } 7150 } 7151 total_moved += moved_how_much; 7152 goal_mtu -= (moved_how_much + sizeof(struct sctp_data_chunk)); 7153 goal_mtu &= 0xfffffffc; 7154 } 7155 if (bail) 7156 *quit_now = 1; 7157 7158 stcb->asoc.ss_functions.sctp_ss_packet_done(stcb, net, asoc); 7159 7160 if (total_moved == 0) { 7161 if ((stcb->asoc.sctp_cmt_on_off == 0) && 7162 (net == stcb->asoc.primary_destination)) { 7163 /* ran dry for primary network net */ 7164 SCTP_STAT_INCR(sctps_primary_randry); 7165 } else if (stcb->asoc.sctp_cmt_on_off > 0) { 7166 /* ran dry with CMT on */ 7167 SCTP_STAT_INCR(sctps_cmt_randry); 7168 } 7169 } 7170 } 7171 7172 void 7173 sctp_fix_ecn_echo(struct sctp_association *asoc) 7174 { 7175 struct sctp_tmit_chunk *chk; 7176 7177 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7178 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 7179 chk->sent = SCTP_DATAGRAM_UNSENT; 7180 } 7181 } 7182 } 7183 7184 void 7185 sctp_move_chunks_from_net(struct sctp_tcb *stcb, struct sctp_nets *net) 7186 { 7187 struct sctp_association *asoc; 7188 struct sctp_tmit_chunk *chk; 7189 struct sctp_stream_queue_pending *sp; 7190 unsigned int i; 7191 7192 if (net == NULL) { 7193 return; 7194 } 7195 asoc = &stcb->asoc; 7196 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 7197 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) { 7198 if (sp->net == net) { 7199 sctp_free_remote_addr(sp->net); 7200 sp->net = NULL; 7201 } 7202 } 7203 } 7204 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 7205 if (chk->whoTo == net) { 7206 sctp_free_remote_addr(chk->whoTo); 7207 chk->whoTo = NULL; 7208 } 7209 } 7210 } 7211 7212 int 7213 sctp_med_chunk_output(struct sctp_inpcb *inp, 7214 struct sctp_tcb *stcb, 7215 struct sctp_association *asoc, 7216 int *num_out, 7217 int *reason_code, 7218 int control_only, int from_where, 7219 struct timeval *now, int *now_filled, int frag_point, int so_locked 7220 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 7221 SCTP_UNUSED 7222 #endif 7223 ) 7224 { 7225 /* 7226 * Ok this is the generic chunk service queue. we must do the 7227 * following: - Service the stream queue that is next, moving any 7228 * message (note I must get a complete message i.e. FIRST/MIDDLE and 7229 * LAST to the out queue in one pass) and assigning TSN's - Check to 7230 * see if the cwnd/rwnd allows any output, if so we go ahead and 7231 * fomulate and send the low level chunks. Making sure to combine 7232 * any control in the control chunk queue also. 7233 */ 7234 struct sctp_nets *net, *start_at, *sack_goes_to = NULL, *old_start_at = NULL; 7235 struct mbuf *outchain, *endoutchain; 7236 struct sctp_tmit_chunk *chk, *nchk; 7237 7238 /* temp arrays for unlinking */ 7239 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 7240 int no_fragmentflg, error; 7241 unsigned int max_rwnd_per_dest, max_send_per_dest; 7242 int one_chunk, hbflag, skip_data_for_this_net; 7243 int asconf, cookie, no_out_cnt; 7244 int bundle_at, ctl_cnt, no_data_chunks, eeor_mode; 7245 unsigned int mtu, r_mtu, omtu, mx_mtu, to_out; 7246 int tsns_sent = 0; 7247 uint32_t auth_offset = 0; 7248 struct sctp_auth_chunk *auth = NULL; 7249 uint16_t auth_keyid; 7250 int override_ok = 1; 7251 int data_auth_reqd = 0; 7252 7253 /* 7254 * JRS 5/14/07 - Add flag for whether a heartbeat is sent to the 7255 * destination. 7256 */ 7257 int pf_hbflag = 0; 7258 int quit_now = 0; 7259 7260 *num_out = 0; 7261 auth_keyid = stcb->asoc.authinfo.active_keyid; 7262 7263 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) || 7264 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED) || 7265 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) { 7266 eeor_mode = 1; 7267 } else { 7268 eeor_mode = 0; 7269 } 7270 ctl_cnt = no_out_cnt = asconf = cookie = 0; 7271 /* 7272 * First lets prime the pump. For each destination, if there is room 7273 * in the flight size, attempt to pull an MTU's worth out of the 7274 * stream queues into the general send_queue 7275 */ 7276 #ifdef SCTP_AUDITING_ENABLED 7277 sctp_audit_log(0xC2, 2); 7278 #endif 7279 SCTP_TCB_LOCK_ASSERT(stcb); 7280 hbflag = 0; 7281 if ((control_only) || (asoc->stream_reset_outstanding)) 7282 no_data_chunks = 1; 7283 else 7284 no_data_chunks = 0; 7285 7286 /* Nothing to possible to send? */ 7287 if ((TAILQ_EMPTY(&asoc->control_send_queue) || 7288 (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) && 7289 TAILQ_EMPTY(&asoc->asconf_send_queue) && 7290 TAILQ_EMPTY(&asoc->send_queue) && 7291 stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { 7292 nothing_to_send: 7293 *reason_code = 9; 7294 return (0); 7295 } 7296 if (asoc->peers_rwnd == 0) { 7297 /* No room in peers rwnd */ 7298 *reason_code = 1; 7299 if (asoc->total_flight > 0) { 7300 /* we are allowed one chunk in flight */ 7301 no_data_chunks = 1; 7302 } 7303 } 7304 if (stcb->asoc.ecn_echo_cnt_onq) { 7305 /* Record where a sack goes, if any */ 7306 if (no_data_chunks && 7307 (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) { 7308 /* Nothing but ECNe to send - we don't do that */ 7309 goto nothing_to_send; 7310 } 7311 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7312 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 7313 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) { 7314 sack_goes_to = chk->whoTo; 7315 break; 7316 } 7317 } 7318 } 7319 max_rwnd_per_dest = ((asoc->peers_rwnd + asoc->total_flight) / asoc->numnets); 7320 if (stcb->sctp_socket) 7321 max_send_per_dest = SCTP_SB_LIMIT_SND(stcb->sctp_socket) / asoc->numnets; 7322 else 7323 max_send_per_dest = 0; 7324 if ((no_data_chunks == 0) && 7325 (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc))) { 7326 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 7327 /* 7328 * This for loop we are in takes in each net, if 7329 * its's got space in cwnd and has data sent to it 7330 * (when CMT is off) then it calls 7331 * sctp_fill_outqueue for the net. This gets data on 7332 * the send queue for that network. 7333 * 7334 * In sctp_fill_outqueue TSN's are assigned and data is 7335 * copied out of the stream buffers. Note mostly 7336 * copy by reference (we hope). 7337 */ 7338 net->window_probe = 0; 7339 if ((net->dest_state & SCTP_ADDR_NOT_REACHABLE) || 7340 (net->dest_state & SCTP_ADDR_UNCONFIRMED)) { 7341 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7342 sctp_log_cwnd(stcb, net, 1, 7343 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7344 } 7345 continue; 7346 } 7347 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) && 7348 (net->flight_size == 0)) { 7349 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net); 7350 } 7351 if ((asoc->sctp_cmt_on_off == 0) && 7352 (asoc->primary_destination != net) && 7353 (net->ref_count < 2)) { 7354 /* nothing can be in queue for this guy */ 7355 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7356 sctp_log_cwnd(stcb, net, 2, 7357 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7358 } 7359 continue; 7360 } 7361 if (net->flight_size >= net->cwnd) { 7362 /* skip this network, no room - can't fill */ 7363 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7364 sctp_log_cwnd(stcb, net, 3, 7365 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7366 } 7367 continue; 7368 } 7369 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7370 sctp_log_cwnd(stcb, net, 4, SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7371 } 7372 sctp_fill_outqueue(stcb, net, frag_point, eeor_mode, &quit_now); 7373 if (quit_now) { 7374 /* memory alloc failure */ 7375 no_data_chunks = 1; 7376 break; 7377 } 7378 } 7379 } 7380 /* now service each destination and send out what we can for it */ 7381 /* Nothing to send? */ 7382 if (TAILQ_EMPTY(&asoc->control_send_queue) && 7383 TAILQ_EMPTY(&asoc->asconf_send_queue) && 7384 TAILQ_EMPTY(&asoc->send_queue)) { 7385 *reason_code = 8; 7386 return (0); 7387 } 7388 if (asoc->sctp_cmt_on_off > 0) { 7389 /* get the last start point */ 7390 start_at = asoc->last_net_cmt_send_started; 7391 if (start_at == NULL) { 7392 /* null so to beginning */ 7393 start_at = TAILQ_FIRST(&asoc->nets); 7394 } else { 7395 start_at = TAILQ_NEXT(asoc->last_net_cmt_send_started, sctp_next); 7396 if (start_at == NULL) { 7397 start_at = TAILQ_FIRST(&asoc->nets); 7398 } 7399 } 7400 asoc->last_net_cmt_send_started = start_at; 7401 } else { 7402 start_at = TAILQ_FIRST(&asoc->nets); 7403 } 7404 old_start_at = NULL; 7405 again_one_more_time: 7406 for (net = start_at; net != NULL; net = TAILQ_NEXT(net, sctp_next)) { 7407 /* how much can we send? */ 7408 /* SCTPDBG("Examine for sending net:%x\n", (uint32_t)net); */ 7409 if (old_start_at && (old_start_at == net)) { 7410 /* through list ocmpletely. */ 7411 break; 7412 } 7413 tsns_sent = 0xa; 7414 if ((asoc->sctp_cmt_on_off == 0) && 7415 (asoc->primary_destination != net) && 7416 (net->ref_count < 2)) { 7417 /* 7418 * Ref-count of 1 so we cannot have data or control 7419 * queued to this address. Skip it (non-CMT). 7420 */ 7421 continue; 7422 } 7423 if (TAILQ_EMPTY(&asoc->control_send_queue) && 7424 TAILQ_EMPTY(&asoc->asconf_send_queue) && 7425 (net->flight_size >= net->cwnd)) { 7426 /* 7427 * Nothing on control or asconf and flight is full, 7428 * we can skip even in the CMT case. 7429 */ 7430 continue; 7431 } 7432 ctl_cnt = bundle_at = 0; 7433 endoutchain = outchain = NULL; 7434 no_fragmentflg = 1; 7435 one_chunk = 0; 7436 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 7437 skip_data_for_this_net = 1; 7438 } else { 7439 skip_data_for_this_net = 0; 7440 } 7441 if ((net->ro.ro_rt) && (net->ro.ro_rt->rt_ifp)) { 7442 /* 7443 * if we have a route and an ifp check to see if we 7444 * have room to send to this guy 7445 */ 7446 struct ifnet *ifp; 7447 7448 ifp = net->ro.ro_rt->rt_ifp; 7449 if ((ifp->if_snd.ifq_len + 2) >= ifp->if_snd.ifq_maxlen) { 7450 SCTP_STAT_INCR(sctps_ifnomemqueued); 7451 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 7452 sctp_log_maxburst(stcb, net, ifp->if_snd.ifq_len, ifp->if_snd.ifq_maxlen, SCTP_MAX_IFP_APPLIED); 7453 } 7454 continue; 7455 } 7456 } 7457 switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) { 7458 case AF_INET: 7459 mtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 7460 break; 7461 #ifdef INET6 7462 case AF_INET6: 7463 mtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 7464 break; 7465 #endif 7466 default: 7467 /* TSNH */ 7468 mtu = net->mtu; 7469 break; 7470 } 7471 mx_mtu = mtu; 7472 to_out = 0; 7473 if (mtu > asoc->peers_rwnd) { 7474 if (asoc->total_flight > 0) { 7475 /* We have a packet in flight somewhere */ 7476 r_mtu = asoc->peers_rwnd; 7477 } else { 7478 /* We are always allowed to send one MTU out */ 7479 one_chunk = 1; 7480 r_mtu = mtu; 7481 } 7482 } else { 7483 r_mtu = mtu; 7484 } 7485 /************************/ 7486 /* ASCONF transmission */ 7487 /************************/ 7488 /* Now first lets go through the asconf queue */ 7489 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 7490 if (chk->rec.chunk_id.id != SCTP_ASCONF) { 7491 continue; 7492 } 7493 if (chk->whoTo != net) { 7494 /* 7495 * No, not sent to the network we are 7496 * looking at 7497 */ 7498 break; 7499 } 7500 if (chk->data == NULL) { 7501 break; 7502 } 7503 if (chk->sent != SCTP_DATAGRAM_UNSENT && 7504 chk->sent != SCTP_DATAGRAM_RESEND) { 7505 break; 7506 } 7507 /* 7508 * if no AUTH is yet included and this chunk 7509 * requires it, make sure to account for it. We 7510 * don't apply the size until the AUTH chunk is 7511 * actually added below in case there is no room for 7512 * this chunk. NOTE: we overload the use of "omtu" 7513 * here 7514 */ 7515 if ((auth == NULL) && 7516 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 7517 stcb->asoc.peer_auth_chunks)) { 7518 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 7519 } else 7520 omtu = 0; 7521 /* Here we do NOT factor the r_mtu */ 7522 if ((chk->send_size < (int)(mtu - omtu)) || 7523 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 7524 /* 7525 * We probably should glom the mbuf chain 7526 * from the chk->data for control but the 7527 * problem is it becomes yet one more level 7528 * of tracking to do if for some reason 7529 * output fails. Then I have got to 7530 * reconstruct the merged control chain.. el 7531 * yucko.. for now we take the easy way and 7532 * do the copy 7533 */ 7534 /* 7535 * Add an AUTH chunk, if chunk requires it 7536 * save the offset into the chain for AUTH 7537 */ 7538 if ((auth == NULL) && 7539 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 7540 stcb->asoc.peer_auth_chunks))) { 7541 outchain = sctp_add_auth_chunk(outchain, 7542 &endoutchain, 7543 &auth, 7544 &auth_offset, 7545 stcb, 7546 chk->rec.chunk_id.id); 7547 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 7548 } 7549 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 7550 (int)chk->rec.chunk_id.can_take_data, 7551 chk->send_size, chk->copy_by_ref); 7552 if (outchain == NULL) { 7553 *reason_code = 8; 7554 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 7555 return (ENOMEM); 7556 } 7557 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 7558 /* update our MTU size */ 7559 if (mtu > (chk->send_size + omtu)) 7560 mtu -= (chk->send_size + omtu); 7561 else 7562 mtu = 0; 7563 to_out += (chk->send_size + omtu); 7564 /* Do clear IP_DF ? */ 7565 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 7566 no_fragmentflg = 0; 7567 } 7568 if (chk->rec.chunk_id.can_take_data) 7569 chk->data = NULL; 7570 /* 7571 * set hb flag since we can use these for 7572 * RTO 7573 */ 7574 hbflag = 1; 7575 asconf = 1; 7576 /* 7577 * should sysctl this: don't bundle data 7578 * with ASCONF since it requires AUTH 7579 */ 7580 no_data_chunks = 1; 7581 chk->sent = SCTP_DATAGRAM_SENT; 7582 chk->snd_count++; 7583 if (mtu == 0) { 7584 /* 7585 * Ok we are out of room but we can 7586 * output without effecting the 7587 * flight size since this little guy 7588 * is a control only packet. 7589 */ 7590 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 7591 /* 7592 * do NOT clear the asconf flag as 7593 * it is used to do appropriate 7594 * source address selection. 7595 */ 7596 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 7597 (struct sockaddr *)&net->ro._l_addr, 7598 outchain, auth_offset, auth, 7599 stcb->asoc.authinfo.active_keyid, 7600 no_fragmentflg, 0, NULL, asconf, 7601 inp->sctp_lport, stcb->rport, 7602 htonl(stcb->asoc.peer_vtag), 7603 net->port, so_locked, NULL, NULL))) { 7604 if (error == ENOBUFS) { 7605 asoc->ifp_had_enobuf = 1; 7606 SCTP_STAT_INCR(sctps_lowlevelerr); 7607 } 7608 if (from_where == 0) { 7609 SCTP_STAT_INCR(sctps_lowlevelerrusr); 7610 } 7611 if (*now_filled == 0) { 7612 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7613 *now_filled = 1; 7614 *now = net->last_sent_time; 7615 } else { 7616 net->last_sent_time = *now; 7617 } 7618 hbflag = 0; 7619 /* error, could not output */ 7620 if (error == EHOSTUNREACH) { 7621 /* 7622 * Destination went 7623 * unreachable 7624 * during this send 7625 */ 7626 sctp_move_chunks_from_net(stcb, net); 7627 } 7628 *reason_code = 7; 7629 continue; 7630 } else 7631 asoc->ifp_had_enobuf = 0; 7632 if (*now_filled == 0) { 7633 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7634 *now_filled = 1; 7635 *now = net->last_sent_time; 7636 } else { 7637 net->last_sent_time = *now; 7638 } 7639 hbflag = 0; 7640 /* 7641 * increase the number we sent, if a 7642 * cookie is sent we don't tell them 7643 * any was sent out. 7644 */ 7645 outchain = endoutchain = NULL; 7646 auth = NULL; 7647 auth_offset = 0; 7648 if (!no_out_cnt) 7649 *num_out += ctl_cnt; 7650 /* recalc a clean slate and setup */ 7651 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 7652 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 7653 } else { 7654 mtu = (net->mtu - SCTP_MIN_V4_OVERHEAD); 7655 } 7656 to_out = 0; 7657 no_fragmentflg = 1; 7658 } 7659 } 7660 } 7661 /************************/ 7662 /* Control transmission */ 7663 /************************/ 7664 /* Now first lets go through the control queue */ 7665 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 7666 if ((sack_goes_to) && 7667 (chk->rec.chunk_id.id == SCTP_ECN_ECHO) && 7668 (chk->whoTo != sack_goes_to)) { 7669 /* 7670 * if we have a sack in queue, and we are 7671 * looking at an ecn echo that is NOT queued 7672 * to where the sack is going.. 7673 */ 7674 if (chk->whoTo == net) { 7675 /* 7676 * Don't transmit it to where its 7677 * going (current net) 7678 */ 7679 continue; 7680 } else if (sack_goes_to == net) { 7681 /* 7682 * But do transmit it to this 7683 * address 7684 */ 7685 goto skip_net_check; 7686 } 7687 } 7688 if (chk->whoTo != net) { 7689 /* 7690 * No, not sent to the network we are 7691 * looking at 7692 */ 7693 continue; 7694 } 7695 skip_net_check: 7696 if (chk->data == NULL) { 7697 continue; 7698 } 7699 if (chk->sent != SCTP_DATAGRAM_UNSENT) { 7700 /* 7701 * It must be unsent. Cookies and ASCONF's 7702 * hang around but there timers will force 7703 * when marked for resend. 7704 */ 7705 continue; 7706 } 7707 /* 7708 * if no AUTH is yet included and this chunk 7709 * requires it, make sure to account for it. We 7710 * don't apply the size until the AUTH chunk is 7711 * actually added below in case there is no room for 7712 * this chunk. NOTE: we overload the use of "omtu" 7713 * here 7714 */ 7715 if ((auth == NULL) && 7716 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 7717 stcb->asoc.peer_auth_chunks)) { 7718 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 7719 } else 7720 omtu = 0; 7721 /* Here we do NOT factor the r_mtu */ 7722 if ((chk->send_size <= (int)(mtu - omtu)) || 7723 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 7724 /* 7725 * We probably should glom the mbuf chain 7726 * from the chk->data for control but the 7727 * problem is it becomes yet one more level 7728 * of tracking to do if for some reason 7729 * output fails. Then I have got to 7730 * reconstruct the merged control chain.. el 7731 * yucko.. for now we take the easy way and 7732 * do the copy 7733 */ 7734 /* 7735 * Add an AUTH chunk, if chunk requires it 7736 * save the offset into the chain for AUTH 7737 */ 7738 if ((auth == NULL) && 7739 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 7740 stcb->asoc.peer_auth_chunks))) { 7741 outchain = sctp_add_auth_chunk(outchain, 7742 &endoutchain, 7743 &auth, 7744 &auth_offset, 7745 stcb, 7746 chk->rec.chunk_id.id); 7747 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 7748 } 7749 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 7750 (int)chk->rec.chunk_id.can_take_data, 7751 chk->send_size, chk->copy_by_ref); 7752 if (outchain == NULL) { 7753 *reason_code = 8; 7754 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 7755 return (ENOMEM); 7756 } 7757 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 7758 /* update our MTU size */ 7759 if (mtu > (chk->send_size + omtu)) 7760 mtu -= (chk->send_size + omtu); 7761 else 7762 mtu = 0; 7763 to_out += (chk->send_size + omtu); 7764 /* Do clear IP_DF ? */ 7765 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 7766 no_fragmentflg = 0; 7767 } 7768 if (chk->rec.chunk_id.can_take_data) 7769 chk->data = NULL; 7770 /* Mark things to be removed, if needed */ 7771 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 7772 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 7773 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 7774 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 7775 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 7776 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 7777 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 7778 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 7779 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 7780 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 7781 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 7782 7783 if (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) { 7784 hbflag = 1; 7785 /* 7786 * JRS 5/14/07 - Set the 7787 * flag to say a heartbeat 7788 * is being sent. 7789 */ 7790 pf_hbflag = 1; 7791 } 7792 /* remove these chunks at the end */ 7793 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 7794 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) { 7795 /* turn off the timer */ 7796 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 7797 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 7798 inp, stcb, net, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_1); 7799 } 7800 } 7801 ctl_cnt++; 7802 } else { 7803 /* 7804 * Other chunks, since they have 7805 * timers running (i.e. COOKIE) we 7806 * just "trust" that it gets sent or 7807 * retransmitted. 7808 */ 7809 ctl_cnt++; 7810 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 7811 cookie = 1; 7812 no_out_cnt = 1; 7813 } else if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 7814 /* 7815 * Increment ecne send count 7816 * here this means we may be 7817 * over-zealous in our 7818 * counting if the send 7819 * fails, but its the best 7820 * place to do it (we used 7821 * to do it in the queue of 7822 * the chunk, but that did 7823 * not tell how many times 7824 * it was sent. 7825 */ 7826 SCTP_STAT_INCR(sctps_sendecne); 7827 } 7828 chk->sent = SCTP_DATAGRAM_SENT; 7829 chk->snd_count++; 7830 } 7831 if (mtu == 0) { 7832 /* 7833 * Ok we are out of room but we can 7834 * output without effecting the 7835 * flight size since this little guy 7836 * is a control only packet. 7837 */ 7838 if (asconf) { 7839 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 7840 /* 7841 * do NOT clear the asconf 7842 * flag as it is used to do 7843 * appropriate source 7844 * address selection. 7845 */ 7846 } 7847 if (cookie) { 7848 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 7849 cookie = 0; 7850 } 7851 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 7852 (struct sockaddr *)&net->ro._l_addr, 7853 outchain, 7854 auth_offset, auth, 7855 stcb->asoc.authinfo.active_keyid, 7856 no_fragmentflg, 0, NULL, asconf, 7857 inp->sctp_lport, stcb->rport, 7858 htonl(stcb->asoc.peer_vtag), 7859 net->port, so_locked, NULL, NULL))) { 7860 if (error == ENOBUFS) { 7861 asoc->ifp_had_enobuf = 1; 7862 SCTP_STAT_INCR(sctps_lowlevelerr); 7863 } 7864 if (from_where == 0) { 7865 SCTP_STAT_INCR(sctps_lowlevelerrusr); 7866 } 7867 /* error, could not output */ 7868 if (hbflag) { 7869 if (*now_filled == 0) { 7870 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7871 *now_filled = 1; 7872 *now = net->last_sent_time; 7873 } else { 7874 net->last_sent_time = *now; 7875 } 7876 hbflag = 0; 7877 } 7878 if (error == EHOSTUNREACH) { 7879 /* 7880 * Destination went 7881 * unreachable 7882 * during this send 7883 */ 7884 sctp_move_chunks_from_net(stcb, net); 7885 } 7886 *reason_code = 7; 7887 continue; 7888 } else 7889 asoc->ifp_had_enobuf = 0; 7890 /* Only HB or ASCONF advances time */ 7891 if (hbflag) { 7892 if (*now_filled == 0) { 7893 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7894 *now_filled = 1; 7895 *now = net->last_sent_time; 7896 } else { 7897 net->last_sent_time = *now; 7898 } 7899 hbflag = 0; 7900 } 7901 /* 7902 * increase the number we sent, if a 7903 * cookie is sent we don't tell them 7904 * any was sent out. 7905 */ 7906 outchain = endoutchain = NULL; 7907 auth = NULL; 7908 auth_offset = 0; 7909 if (!no_out_cnt) 7910 *num_out += ctl_cnt; 7911 /* recalc a clean slate and setup */ 7912 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 7913 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 7914 } else { 7915 mtu = (net->mtu - SCTP_MIN_V4_OVERHEAD); 7916 } 7917 to_out = 0; 7918 no_fragmentflg = 1; 7919 } 7920 } 7921 } 7922 /* JRI: if dest is in PF state, do not send data to it */ 7923 if ((asoc->sctp_cmt_on_off > 0) && 7924 (asoc->sctp_cmt_pf > 0) && 7925 (net->dest_state & SCTP_ADDR_PF)) { 7926 goto no_data_fill; 7927 } 7928 if (net->flight_size >= net->cwnd) { 7929 goto no_data_fill; 7930 } 7931 if ((asoc->sctp_cmt_on_off > 0) && 7932 (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_RECV_BUFFER_SPLITTING) && 7933 (net->flight_size > max_rwnd_per_dest)) { 7934 goto no_data_fill; 7935 } 7936 /* 7937 * We need a specific accounting for the usage of the send 7938 * buffer. We also need to check the number of messages per 7939 * net. For now, this is better than nothing and it disabled 7940 * by default... 7941 */ 7942 if ((asoc->sctp_cmt_on_off > 0) && 7943 (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_SEND_BUFFER_SPLITTING) && 7944 (max_send_per_dest > 0) && 7945 (net->flight_size > max_send_per_dest)) { 7946 goto no_data_fill; 7947 } 7948 /*********************/ 7949 /* Data transmission */ 7950 /*********************/ 7951 /* 7952 * if AUTH for DATA is required and no AUTH has been added 7953 * yet, account for this in the mtu now... if no data can be 7954 * bundled, this adjustment won't matter anyways since the 7955 * packet will be going out... 7956 */ 7957 data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, 7958 stcb->asoc.peer_auth_chunks); 7959 if (data_auth_reqd && (auth == NULL)) { 7960 mtu -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 7961 } 7962 /* now lets add any data within the MTU constraints */ 7963 switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) { 7964 case AF_INET: 7965 if (net->mtu > (sizeof(struct ip) + sizeof(struct sctphdr))) 7966 omtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 7967 else 7968 omtu = 0; 7969 break; 7970 #ifdef INET6 7971 case AF_INET6: 7972 if (net->mtu > (sizeof(struct ip6_hdr) + sizeof(struct sctphdr))) 7973 omtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 7974 else 7975 omtu = 0; 7976 break; 7977 #endif 7978 default: 7979 /* TSNH */ 7980 omtu = 0; 7981 break; 7982 } 7983 if ((((asoc->state & SCTP_STATE_OPEN) == SCTP_STATE_OPEN) && 7984 (skip_data_for_this_net == 0)) || 7985 (cookie)) { 7986 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 7987 if (no_data_chunks) { 7988 /* let only control go out */ 7989 *reason_code = 1; 7990 break; 7991 } 7992 if (net->flight_size >= net->cwnd) { 7993 /* skip this net, no room for data */ 7994 *reason_code = 2; 7995 break; 7996 } 7997 if ((chk->whoTo != NULL) && 7998 (chk->whoTo != net)) { 7999 /* Don't send the chunk on this net */ 8000 continue; 8001 } 8002 if ((chk->send_size > omtu) && ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) == 0)) { 8003 /*- 8004 * strange, we have a chunk that is 8005 * to big for its destination and 8006 * yet no fragment ok flag. 8007 * Something went wrong when the 8008 * PMTU changed...we did not mark 8009 * this chunk for some reason?? I 8010 * will fix it here by letting IP 8011 * fragment it for now and printing 8012 * a warning. This really should not 8013 * happen ... 8014 */ 8015 SCTP_PRINTF("Warning chunk of %d bytes > mtu:%d and yet PMTU disc missed\n", 8016 chk->send_size, mtu); 8017 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 8018 } 8019 if (SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) && 8020 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) == SCTP_STATE_SHUTDOWN_PENDING)) { 8021 struct sctp_data_chunk *dchkh; 8022 8023 dchkh = mtod(chk->data, struct sctp_data_chunk *); 8024 dchkh->ch.chunk_flags |= SCTP_DATA_SACK_IMMEDIATELY; 8025 } 8026 if (((chk->send_size <= mtu) && (chk->send_size <= r_mtu)) || 8027 ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) && (chk->send_size <= asoc->peers_rwnd))) { 8028 /* ok we will add this one */ 8029 8030 /* 8031 * Add an AUTH chunk, if chunk 8032 * requires it, save the offset into 8033 * the chain for AUTH 8034 */ 8035 if (data_auth_reqd) { 8036 if (auth == NULL) { 8037 outchain = sctp_add_auth_chunk(outchain, 8038 &endoutchain, 8039 &auth, 8040 &auth_offset, 8041 stcb, 8042 SCTP_DATA); 8043 auth_keyid = chk->auth_keyid; 8044 override_ok = 0; 8045 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8046 } else if (override_ok) { 8047 /* 8048 * use this data's 8049 * keyid 8050 */ 8051 auth_keyid = chk->auth_keyid; 8052 override_ok = 0; 8053 } else if (auth_keyid != chk->auth_keyid) { 8054 /* 8055 * different keyid, 8056 * so done bundling 8057 */ 8058 break; 8059 } 8060 } 8061 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 0, 8062 chk->send_size, chk->copy_by_ref); 8063 if (outchain == NULL) { 8064 SCTPDBG(SCTP_DEBUG_OUTPUT3, "No memory?\n"); 8065 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 8066 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8067 } 8068 *reason_code = 3; 8069 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 8070 return (ENOMEM); 8071 } 8072 /* upate our MTU size */ 8073 /* Do clear IP_DF ? */ 8074 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8075 no_fragmentflg = 0; 8076 } 8077 /* unsigned subtraction of mtu */ 8078 if (mtu > chk->send_size) 8079 mtu -= chk->send_size; 8080 else 8081 mtu = 0; 8082 /* unsigned subtraction of r_mtu */ 8083 if (r_mtu > chk->send_size) 8084 r_mtu -= chk->send_size; 8085 else 8086 r_mtu = 0; 8087 8088 to_out += chk->send_size; 8089 if ((to_out > mx_mtu) && no_fragmentflg) { 8090 #ifdef INVARIANTS 8091 panic("Exceeding mtu of %d out size is %d", mx_mtu, to_out); 8092 #else 8093 SCTP_PRINTF("Exceeding mtu of %d out size is %d\n", 8094 mx_mtu, to_out); 8095 #endif 8096 } 8097 chk->window_probe = 0; 8098 data_list[bundle_at++] = chk; 8099 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 8100 mtu = 0; 8101 break; 8102 } 8103 if (chk->sent == SCTP_DATAGRAM_UNSENT) { 8104 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) { 8105 SCTP_STAT_INCR_COUNTER64(sctps_outorderchunks); 8106 } else { 8107 SCTP_STAT_INCR_COUNTER64(sctps_outunorderchunks); 8108 } 8109 if (((chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) == SCTP_DATA_LAST_FRAG) && 8110 ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0)) 8111 /* 8112 * Count number of 8113 * user msg's that 8114 * were fragmented 8115 * we do this by 8116 * counting when we 8117 * see a LAST 8118 * fragment only. 8119 */ 8120 SCTP_STAT_INCR_COUNTER64(sctps_fragusrmsgs); 8121 } 8122 if ((mtu == 0) || (r_mtu == 0) || (one_chunk)) { 8123 if ((one_chunk) && (stcb->asoc.total_flight == 0)) { 8124 data_list[0]->window_probe = 1; 8125 net->window_probe = 1; 8126 } 8127 break; 8128 } 8129 } else { 8130 /* 8131 * Must be sent in order of the 8132 * TSN's (on a network) 8133 */ 8134 break; 8135 } 8136 } /* for (chunk gather loop for this net) */ 8137 } /* if asoc.state OPEN */ 8138 no_data_fill: 8139 /* Is there something to send for this destination? */ 8140 if (outchain) { 8141 /* We may need to start a control timer or two */ 8142 if (asconf) { 8143 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, 8144 stcb, net); 8145 /* 8146 * do NOT clear the asconf flag as it is 8147 * used to do appropriate source address 8148 * selection. 8149 */ 8150 } 8151 if (cookie) { 8152 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 8153 cookie = 0; 8154 } 8155 /* must start a send timer if data is being sent */ 8156 if (bundle_at && (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer))) { 8157 /* 8158 * no timer running on this destination 8159 * restart it. 8160 */ 8161 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8162 } else if ((asoc->sctp_cmt_on_off > 0) && 8163 (asoc->sctp_cmt_pf > 0) && 8164 pf_hbflag && 8165 ((net->dest_state & SCTP_ADDR_PF) == SCTP_ADDR_PF) && 8166 (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer))) { 8167 /* 8168 * JRS 5/14/07 - If a HB has been sent to a 8169 * PF destination and no T3 timer is 8170 * currently running, start the T3 timer to 8171 * track the HBs that were sent. 8172 */ 8173 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8174 } 8175 /* Now send it, if there is anything to send :> */ 8176 if ((error = sctp_lowlevel_chunk_output(inp, 8177 stcb, 8178 net, 8179 (struct sockaddr *)&net->ro._l_addr, 8180 outchain, 8181 auth_offset, 8182 auth, 8183 auth_keyid, 8184 no_fragmentflg, 8185 bundle_at, 8186 data_list[0], 8187 asconf, 8188 inp->sctp_lport, stcb->rport, 8189 htonl(stcb->asoc.peer_vtag), 8190 net->port, so_locked, NULL, NULL))) { 8191 /* error, we could not output */ 8192 if (error == ENOBUFS) { 8193 SCTP_STAT_INCR(sctps_lowlevelerr); 8194 asoc->ifp_had_enobuf = 1; 8195 } 8196 if (from_where == 0) { 8197 SCTP_STAT_INCR(sctps_lowlevelerrusr); 8198 } 8199 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error); 8200 if (hbflag) { 8201 if (*now_filled == 0) { 8202 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 8203 *now_filled = 1; 8204 *now = net->last_sent_time; 8205 } else { 8206 net->last_sent_time = *now; 8207 } 8208 hbflag = 0; 8209 } 8210 if (error == EHOSTUNREACH) { 8211 /* 8212 * Destination went unreachable 8213 * during this send 8214 */ 8215 sctp_move_chunks_from_net(stcb, net); 8216 } 8217 *reason_code = 6; 8218 /*- 8219 * I add this line to be paranoid. As far as 8220 * I can tell the continue, takes us back to 8221 * the top of the for, but just to make sure 8222 * I will reset these again here. 8223 */ 8224 ctl_cnt = bundle_at = 0; 8225 continue; /* This takes us back to the 8226 * for() for the nets. */ 8227 } else { 8228 asoc->ifp_had_enobuf = 0; 8229 } 8230 outchain = endoutchain = NULL; 8231 auth = NULL; 8232 auth_offset = 0; 8233 if (bundle_at || hbflag) { 8234 /* For data/asconf and hb set time */ 8235 if (*now_filled == 0) { 8236 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 8237 *now_filled = 1; 8238 *now = net->last_sent_time; 8239 } else { 8240 net->last_sent_time = *now; 8241 } 8242 } 8243 if (!no_out_cnt) { 8244 *num_out += (ctl_cnt + bundle_at); 8245 } 8246 if (bundle_at) { 8247 /* setup for a RTO measurement */ 8248 tsns_sent = data_list[0]->rec.data.TSN_seq; 8249 /* fill time if not already filled */ 8250 if (*now_filled == 0) { 8251 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 8252 *now_filled = 1; 8253 *now = asoc->time_last_sent; 8254 } else { 8255 asoc->time_last_sent = *now; 8256 } 8257 if (net->rto_needed) { 8258 data_list[0]->do_rtt = 1; 8259 net->rto_needed = 0; 8260 } 8261 SCTP_STAT_INCR_BY(sctps_senddata, bundle_at); 8262 sctp_clean_up_datalist(stcb, asoc, data_list, bundle_at, net); 8263 if (SCTP_BASE_SYSCTL(sctp_early_fr)) { 8264 if (net->flight_size < net->cwnd) { 8265 /* start or restart it */ 8266 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) { 8267 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, inp, stcb, net, 8268 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_2); 8269 } 8270 SCTP_STAT_INCR(sctps_earlyfrstrout); 8271 sctp_timer_start(SCTP_TIMER_TYPE_EARLYFR, inp, stcb, net); 8272 } else { 8273 /* stop it if its running */ 8274 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) { 8275 SCTP_STAT_INCR(sctps_earlyfrstpout); 8276 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, inp, stcb, net, 8277 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3); 8278 } 8279 } 8280 } 8281 } 8282 if (one_chunk) { 8283 break; 8284 } 8285 } 8286 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8287 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_SEND); 8288 } 8289 } 8290 if (old_start_at == NULL) { 8291 old_start_at = start_at; 8292 start_at = TAILQ_FIRST(&asoc->nets); 8293 if (old_start_at) 8294 goto again_one_more_time; 8295 } 8296 /* 8297 * At the end there should be no NON timed chunks hanging on this 8298 * queue. 8299 */ 8300 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8301 sctp_log_cwnd(stcb, net, *num_out, SCTP_CWND_LOG_FROM_SEND); 8302 } 8303 if ((*num_out == 0) && (*reason_code == 0)) { 8304 *reason_code = 4; 8305 } else { 8306 *reason_code = 5; 8307 } 8308 sctp_clean_up_ctl(stcb, asoc); 8309 return (0); 8310 } 8311 8312 void 8313 sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err) 8314 { 8315 /*- 8316 * Prepend a OPERATIONAL_ERROR chunk header and put on the end of 8317 * the control chunk queue. 8318 */ 8319 struct sctp_chunkhdr *hdr; 8320 struct sctp_tmit_chunk *chk; 8321 struct mbuf *mat; 8322 8323 SCTP_TCB_LOCK_ASSERT(stcb); 8324 sctp_alloc_a_chunk(stcb, chk); 8325 if (chk == NULL) { 8326 /* no memory */ 8327 sctp_m_freem(op_err); 8328 return; 8329 } 8330 chk->copy_by_ref = 0; 8331 SCTP_BUF_PREPEND(op_err, sizeof(struct sctp_chunkhdr), M_DONTWAIT); 8332 if (op_err == NULL) { 8333 sctp_free_a_chunk(stcb, chk); 8334 return; 8335 } 8336 chk->send_size = 0; 8337 mat = op_err; 8338 while (mat != NULL) { 8339 chk->send_size += SCTP_BUF_LEN(mat); 8340 mat = SCTP_BUF_NEXT(mat); 8341 } 8342 chk->rec.chunk_id.id = SCTP_OPERATION_ERROR; 8343 chk->rec.chunk_id.can_take_data = 1; 8344 chk->sent = SCTP_DATAGRAM_UNSENT; 8345 chk->snd_count = 0; 8346 chk->flags = 0; 8347 chk->asoc = &stcb->asoc; 8348 chk->data = op_err; 8349 chk->whoTo = chk->asoc->primary_destination; 8350 atomic_add_int(&chk->whoTo->ref_count, 1); 8351 hdr = mtod(op_err, struct sctp_chunkhdr *); 8352 hdr->chunk_type = SCTP_OPERATION_ERROR; 8353 hdr->chunk_flags = 0; 8354 hdr->chunk_length = htons(chk->send_size); 8355 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, 8356 chk, 8357 sctp_next); 8358 chk->asoc->ctrl_queue_cnt++; 8359 } 8360 8361 int 8362 sctp_send_cookie_echo(struct mbuf *m, 8363 int offset, 8364 struct sctp_tcb *stcb, 8365 struct sctp_nets *net) 8366 { 8367 /*- 8368 * pull out the cookie and put it at the front of the control chunk 8369 * queue. 8370 */ 8371 int at; 8372 struct mbuf *cookie; 8373 struct sctp_paramhdr parm, *phdr; 8374 struct sctp_chunkhdr *hdr; 8375 struct sctp_tmit_chunk *chk; 8376 uint16_t ptype, plen; 8377 8378 /* First find the cookie in the param area */ 8379 cookie = NULL; 8380 at = offset + sizeof(struct sctp_init_chunk); 8381 8382 SCTP_TCB_LOCK_ASSERT(stcb); 8383 do { 8384 phdr = sctp_get_next_param(m, at, &parm, sizeof(parm)); 8385 if (phdr == NULL) { 8386 return (-3); 8387 } 8388 ptype = ntohs(phdr->param_type); 8389 plen = ntohs(phdr->param_length); 8390 if (ptype == SCTP_STATE_COOKIE) { 8391 int pad; 8392 8393 /* found the cookie */ 8394 if ((pad = (plen % 4))) { 8395 plen += 4 - pad; 8396 } 8397 cookie = SCTP_M_COPYM(m, at, plen, M_DONTWAIT); 8398 if (cookie == NULL) { 8399 /* No memory */ 8400 return (-2); 8401 } 8402 #ifdef SCTP_MBUF_LOGGING 8403 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 8404 struct mbuf *mat; 8405 8406 mat = cookie; 8407 while (mat) { 8408 if (SCTP_BUF_IS_EXTENDED(mat)) { 8409 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 8410 } 8411 mat = SCTP_BUF_NEXT(mat); 8412 } 8413 } 8414 #endif 8415 break; 8416 } 8417 at += SCTP_SIZE32(plen); 8418 } while (phdr); 8419 if (cookie == NULL) { 8420 /* Did not find the cookie */ 8421 return (-3); 8422 } 8423 /* ok, we got the cookie lets change it into a cookie echo chunk */ 8424 8425 /* first the change from param to cookie */ 8426 hdr = mtod(cookie, struct sctp_chunkhdr *); 8427 hdr->chunk_type = SCTP_COOKIE_ECHO; 8428 hdr->chunk_flags = 0; 8429 /* get the chunk stuff now and place it in the FRONT of the queue */ 8430 sctp_alloc_a_chunk(stcb, chk); 8431 if (chk == NULL) { 8432 /* no memory */ 8433 sctp_m_freem(cookie); 8434 return (-5); 8435 } 8436 chk->copy_by_ref = 0; 8437 chk->send_size = plen; 8438 chk->rec.chunk_id.id = SCTP_COOKIE_ECHO; 8439 chk->rec.chunk_id.can_take_data = 0; 8440 chk->sent = SCTP_DATAGRAM_UNSENT; 8441 chk->snd_count = 0; 8442 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 8443 chk->asoc = &stcb->asoc; 8444 chk->data = cookie; 8445 chk->whoTo = chk->asoc->primary_destination; 8446 atomic_add_int(&chk->whoTo->ref_count, 1); 8447 TAILQ_INSERT_HEAD(&chk->asoc->control_send_queue, chk, sctp_next); 8448 chk->asoc->ctrl_queue_cnt++; 8449 return (0); 8450 } 8451 8452 void 8453 sctp_send_heartbeat_ack(struct sctp_tcb *stcb, 8454 struct mbuf *m, 8455 int offset, 8456 int chk_length, 8457 struct sctp_nets *net) 8458 { 8459 /* 8460 * take a HB request and make it into a HB ack and send it. 8461 */ 8462 struct mbuf *outchain; 8463 struct sctp_chunkhdr *chdr; 8464 struct sctp_tmit_chunk *chk; 8465 8466 8467 if (net == NULL) 8468 /* must have a net pointer */ 8469 return; 8470 8471 outchain = SCTP_M_COPYM(m, offset, chk_length, M_DONTWAIT); 8472 if (outchain == NULL) { 8473 /* gak out of memory */ 8474 return; 8475 } 8476 #ifdef SCTP_MBUF_LOGGING 8477 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 8478 struct mbuf *mat; 8479 8480 mat = outchain; 8481 while (mat) { 8482 if (SCTP_BUF_IS_EXTENDED(mat)) { 8483 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 8484 } 8485 mat = SCTP_BUF_NEXT(mat); 8486 } 8487 } 8488 #endif 8489 chdr = mtod(outchain, struct sctp_chunkhdr *); 8490 chdr->chunk_type = SCTP_HEARTBEAT_ACK; 8491 chdr->chunk_flags = 0; 8492 if (chk_length % 4) { 8493 /* need pad */ 8494 uint32_t cpthis = 0; 8495 int padlen; 8496 8497 padlen = 4 - (chk_length % 4); 8498 m_copyback(outchain, chk_length, padlen, (caddr_t)&cpthis); 8499 } 8500 sctp_alloc_a_chunk(stcb, chk); 8501 if (chk == NULL) { 8502 /* no memory */ 8503 sctp_m_freem(outchain); 8504 return; 8505 } 8506 chk->copy_by_ref = 0; 8507 chk->send_size = chk_length; 8508 chk->rec.chunk_id.id = SCTP_HEARTBEAT_ACK; 8509 chk->rec.chunk_id.can_take_data = 1; 8510 chk->sent = SCTP_DATAGRAM_UNSENT; 8511 chk->snd_count = 0; 8512 chk->flags = 0; 8513 chk->asoc = &stcb->asoc; 8514 chk->data = outchain; 8515 chk->whoTo = net; 8516 atomic_add_int(&chk->whoTo->ref_count, 1); 8517 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 8518 chk->asoc->ctrl_queue_cnt++; 8519 } 8520 8521 void 8522 sctp_send_cookie_ack(struct sctp_tcb *stcb) 8523 { 8524 /* formulate and queue a cookie-ack back to sender */ 8525 struct mbuf *cookie_ack; 8526 struct sctp_chunkhdr *hdr; 8527 struct sctp_tmit_chunk *chk; 8528 8529 cookie_ack = NULL; 8530 SCTP_TCB_LOCK_ASSERT(stcb); 8531 8532 cookie_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER); 8533 if (cookie_ack == NULL) { 8534 /* no mbuf's */ 8535 return; 8536 } 8537 SCTP_BUF_RESV_UF(cookie_ack, SCTP_MIN_OVERHEAD); 8538 sctp_alloc_a_chunk(stcb, chk); 8539 if (chk == NULL) { 8540 /* no memory */ 8541 sctp_m_freem(cookie_ack); 8542 return; 8543 } 8544 chk->copy_by_ref = 0; 8545 chk->send_size = sizeof(struct sctp_chunkhdr); 8546 chk->rec.chunk_id.id = SCTP_COOKIE_ACK; 8547 chk->rec.chunk_id.can_take_data = 1; 8548 chk->sent = SCTP_DATAGRAM_UNSENT; 8549 chk->snd_count = 0; 8550 chk->flags = 0; 8551 chk->asoc = &stcb->asoc; 8552 chk->data = cookie_ack; 8553 if (chk->asoc->last_control_chunk_from != NULL) { 8554 chk->whoTo = chk->asoc->last_control_chunk_from; 8555 } else { 8556 chk->whoTo = chk->asoc->primary_destination; 8557 } 8558 atomic_add_int(&chk->whoTo->ref_count, 1); 8559 hdr = mtod(cookie_ack, struct sctp_chunkhdr *); 8560 hdr->chunk_type = SCTP_COOKIE_ACK; 8561 hdr->chunk_flags = 0; 8562 hdr->chunk_length = htons(chk->send_size); 8563 SCTP_BUF_LEN(cookie_ack) = chk->send_size; 8564 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 8565 chk->asoc->ctrl_queue_cnt++; 8566 return; 8567 } 8568 8569 8570 void 8571 sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net) 8572 { 8573 /* formulate and queue a SHUTDOWN-ACK back to the sender */ 8574 struct mbuf *m_shutdown_ack; 8575 struct sctp_shutdown_ack_chunk *ack_cp; 8576 struct sctp_tmit_chunk *chk; 8577 8578 m_shutdown_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_ack_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 8579 if (m_shutdown_ack == NULL) { 8580 /* no mbuf's */ 8581 return; 8582 } 8583 SCTP_BUF_RESV_UF(m_shutdown_ack, SCTP_MIN_OVERHEAD); 8584 sctp_alloc_a_chunk(stcb, chk); 8585 if (chk == NULL) { 8586 /* no memory */ 8587 sctp_m_freem(m_shutdown_ack); 8588 return; 8589 } 8590 chk->copy_by_ref = 0; 8591 chk->send_size = sizeof(struct sctp_chunkhdr); 8592 chk->rec.chunk_id.id = SCTP_SHUTDOWN_ACK; 8593 chk->rec.chunk_id.can_take_data = 1; 8594 chk->sent = SCTP_DATAGRAM_UNSENT; 8595 chk->snd_count = 0; 8596 chk->flags = 0; 8597 chk->asoc = &stcb->asoc; 8598 chk->data = m_shutdown_ack; 8599 chk->whoTo = net; 8600 atomic_add_int(&net->ref_count, 1); 8601 8602 ack_cp = mtod(m_shutdown_ack, struct sctp_shutdown_ack_chunk *); 8603 ack_cp->ch.chunk_type = SCTP_SHUTDOWN_ACK; 8604 ack_cp->ch.chunk_flags = 0; 8605 ack_cp->ch.chunk_length = htons(chk->send_size); 8606 SCTP_BUF_LEN(m_shutdown_ack) = chk->send_size; 8607 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 8608 chk->asoc->ctrl_queue_cnt++; 8609 return; 8610 } 8611 8612 void 8613 sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net) 8614 { 8615 /* formulate and queue a SHUTDOWN to the sender */ 8616 struct mbuf *m_shutdown; 8617 struct sctp_shutdown_chunk *shutdown_cp; 8618 struct sctp_tmit_chunk *chk; 8619 8620 m_shutdown = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 8621 if (m_shutdown == NULL) { 8622 /* no mbuf's */ 8623 return; 8624 } 8625 SCTP_BUF_RESV_UF(m_shutdown, SCTP_MIN_OVERHEAD); 8626 sctp_alloc_a_chunk(stcb, chk); 8627 if (chk == NULL) { 8628 /* no memory */ 8629 sctp_m_freem(m_shutdown); 8630 return; 8631 } 8632 chk->copy_by_ref = 0; 8633 chk->send_size = sizeof(struct sctp_shutdown_chunk); 8634 chk->rec.chunk_id.id = SCTP_SHUTDOWN; 8635 chk->rec.chunk_id.can_take_data = 1; 8636 chk->sent = SCTP_DATAGRAM_UNSENT; 8637 chk->snd_count = 0; 8638 chk->flags = 0; 8639 chk->asoc = &stcb->asoc; 8640 chk->data = m_shutdown; 8641 chk->whoTo = net; 8642 atomic_add_int(&net->ref_count, 1); 8643 8644 shutdown_cp = mtod(m_shutdown, struct sctp_shutdown_chunk *); 8645 shutdown_cp->ch.chunk_type = SCTP_SHUTDOWN; 8646 shutdown_cp->ch.chunk_flags = 0; 8647 shutdown_cp->ch.chunk_length = htons(chk->send_size); 8648 shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn); 8649 SCTP_BUF_LEN(m_shutdown) = chk->send_size; 8650 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 8651 chk->asoc->ctrl_queue_cnt++; 8652 return; 8653 } 8654 8655 void 8656 sctp_send_asconf(struct sctp_tcb *stcb, struct sctp_nets *net, int addr_locked) 8657 { 8658 /* 8659 * formulate and queue an ASCONF to the peer. ASCONF parameters 8660 * should be queued on the assoc queue. 8661 */ 8662 struct sctp_tmit_chunk *chk; 8663 struct mbuf *m_asconf; 8664 int len; 8665 8666 SCTP_TCB_LOCK_ASSERT(stcb); 8667 8668 if ((!TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) && 8669 (!sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS))) { 8670 /* can't send a new one if there is one in flight already */ 8671 return; 8672 } 8673 /* compose an ASCONF chunk, maximum length is PMTU */ 8674 m_asconf = sctp_compose_asconf(stcb, &len, addr_locked); 8675 if (m_asconf == NULL) { 8676 return; 8677 } 8678 sctp_alloc_a_chunk(stcb, chk); 8679 if (chk == NULL) { 8680 /* no memory */ 8681 sctp_m_freem(m_asconf); 8682 return; 8683 } 8684 chk->copy_by_ref = 0; 8685 chk->data = m_asconf; 8686 chk->send_size = len; 8687 chk->rec.chunk_id.id = SCTP_ASCONF; 8688 chk->rec.chunk_id.can_take_data = 0; 8689 chk->sent = SCTP_DATAGRAM_UNSENT; 8690 chk->snd_count = 0; 8691 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 8692 chk->asoc = &stcb->asoc; 8693 chk->whoTo = net; 8694 atomic_add_int(&chk->whoTo->ref_count, 1); 8695 TAILQ_INSERT_TAIL(&chk->asoc->asconf_send_queue, chk, sctp_next); 8696 chk->asoc->ctrl_queue_cnt++; 8697 return; 8698 } 8699 8700 void 8701 sctp_send_asconf_ack(struct sctp_tcb *stcb) 8702 { 8703 /* 8704 * formulate and queue a asconf-ack back to sender. the asconf-ack 8705 * must be stored in the tcb. 8706 */ 8707 struct sctp_tmit_chunk *chk; 8708 struct sctp_asconf_ack *ack, *latest_ack; 8709 struct mbuf *m_ack, *m; 8710 struct sctp_nets *net = NULL; 8711 8712 SCTP_TCB_LOCK_ASSERT(stcb); 8713 /* Get the latest ASCONF-ACK */ 8714 latest_ack = TAILQ_LAST(&stcb->asoc.asconf_ack_sent, sctp_asconf_ackhead); 8715 if (latest_ack == NULL) { 8716 return; 8717 } 8718 if (latest_ack->last_sent_to != NULL && 8719 latest_ack->last_sent_to == stcb->asoc.last_control_chunk_from) { 8720 /* we're doing a retransmission */ 8721 net = sctp_find_alternate_net(stcb, stcb->asoc.last_control_chunk_from, 0); 8722 if (net == NULL) { 8723 /* no alternate */ 8724 if (stcb->asoc.last_control_chunk_from == NULL) 8725 net = stcb->asoc.primary_destination; 8726 else 8727 net = stcb->asoc.last_control_chunk_from; 8728 } 8729 } else { 8730 /* normal case */ 8731 if (stcb->asoc.last_control_chunk_from == NULL) 8732 net = stcb->asoc.primary_destination; 8733 else 8734 net = stcb->asoc.last_control_chunk_from; 8735 } 8736 latest_ack->last_sent_to = net; 8737 8738 TAILQ_FOREACH(ack, &stcb->asoc.asconf_ack_sent, next) { 8739 if (ack->data == NULL) { 8740 continue; 8741 } 8742 /* copy the asconf_ack */ 8743 m_ack = SCTP_M_COPYM(ack->data, 0, M_COPYALL, M_DONTWAIT); 8744 if (m_ack == NULL) { 8745 /* couldn't copy it */ 8746 return; 8747 } 8748 #ifdef SCTP_MBUF_LOGGING 8749 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 8750 struct mbuf *mat; 8751 8752 mat = m_ack; 8753 while (mat) { 8754 if (SCTP_BUF_IS_EXTENDED(mat)) { 8755 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 8756 } 8757 mat = SCTP_BUF_NEXT(mat); 8758 } 8759 } 8760 #endif 8761 8762 sctp_alloc_a_chunk(stcb, chk); 8763 if (chk == NULL) { 8764 /* no memory */ 8765 if (m_ack) 8766 sctp_m_freem(m_ack); 8767 return; 8768 } 8769 chk->copy_by_ref = 0; 8770 8771 chk->whoTo = net; 8772 chk->data = m_ack; 8773 chk->send_size = 0; 8774 /* Get size */ 8775 m = m_ack; 8776 chk->send_size = ack->len; 8777 chk->rec.chunk_id.id = SCTP_ASCONF_ACK; 8778 chk->rec.chunk_id.can_take_data = 1; 8779 chk->sent = SCTP_DATAGRAM_UNSENT; 8780 chk->snd_count = 0; 8781 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; /* XXX */ 8782 chk->asoc = &stcb->asoc; 8783 atomic_add_int(&chk->whoTo->ref_count, 1); 8784 8785 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 8786 chk->asoc->ctrl_queue_cnt++; 8787 } 8788 return; 8789 } 8790 8791 8792 static int 8793 sctp_chunk_retransmission(struct sctp_inpcb *inp, 8794 struct sctp_tcb *stcb, 8795 struct sctp_association *asoc, 8796 int *cnt_out, struct timeval *now, int *now_filled, int *fr_done, int so_locked 8797 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 8798 SCTP_UNUSED 8799 #endif 8800 ) 8801 { 8802 /*- 8803 * send out one MTU of retransmission. If fast_retransmit is 8804 * happening we ignore the cwnd. Otherwise we obey the cwnd and 8805 * rwnd. For a Cookie or Asconf in the control chunk queue we 8806 * retransmit them by themselves. 8807 * 8808 * For data chunks we will pick out the lowest TSN's in the sent_queue 8809 * marked for resend and bundle them all together (up to a MTU of 8810 * destination). The address to send to should have been 8811 * selected/changed where the retransmission was marked (i.e. in FR 8812 * or t3-timeout routines). 8813 */ 8814 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 8815 struct sctp_tmit_chunk *chk, *fwd; 8816 struct mbuf *m, *endofchain; 8817 struct sctp_nets *net = NULL; 8818 uint32_t tsns_sent = 0; 8819 int no_fragmentflg, bundle_at, cnt_thru; 8820 unsigned int mtu; 8821 int error, i, one_chunk, fwd_tsn, ctl_cnt, tmr_started; 8822 struct sctp_auth_chunk *auth = NULL; 8823 uint32_t auth_offset = 0; 8824 uint16_t auth_keyid; 8825 int override_ok = 1; 8826 int data_auth_reqd = 0; 8827 uint32_t dmtu = 0; 8828 8829 SCTP_TCB_LOCK_ASSERT(stcb); 8830 tmr_started = ctl_cnt = bundle_at = error = 0; 8831 no_fragmentflg = 1; 8832 fwd_tsn = 0; 8833 *cnt_out = 0; 8834 fwd = NULL; 8835 endofchain = m = NULL; 8836 auth_keyid = stcb->asoc.authinfo.active_keyid; 8837 #ifdef SCTP_AUDITING_ENABLED 8838 sctp_audit_log(0xC3, 1); 8839 #endif 8840 if ((TAILQ_EMPTY(&asoc->sent_queue)) && 8841 (TAILQ_EMPTY(&asoc->control_send_queue))) { 8842 SCTPDBG(SCTP_DEBUG_OUTPUT1, "SCTP hits empty queue with cnt set to %d?\n", 8843 asoc->sent_queue_retran_cnt); 8844 asoc->sent_queue_cnt = 0; 8845 asoc->sent_queue_cnt_removeable = 0; 8846 /* send back 0/0 so we enter normal transmission */ 8847 *cnt_out = 0; 8848 return (0); 8849 } 8850 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8851 if ((chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) || 8852 (chk->rec.chunk_id.id == SCTP_STREAM_RESET) || 8853 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN)) { 8854 if (chk->sent != SCTP_DATAGRAM_RESEND) { 8855 continue; 8856 } 8857 if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 8858 if (chk != asoc->str_reset) { 8859 /* 8860 * not eligible for retran if its 8861 * not ours 8862 */ 8863 continue; 8864 } 8865 } 8866 ctl_cnt++; 8867 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 8868 fwd_tsn = 1; 8869 fwd = chk; 8870 } 8871 /* 8872 * Add an AUTH chunk, if chunk requires it save the 8873 * offset into the chain for AUTH 8874 */ 8875 if ((auth == NULL) && 8876 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8877 stcb->asoc.peer_auth_chunks))) { 8878 m = sctp_add_auth_chunk(m, &endofchain, 8879 &auth, &auth_offset, 8880 stcb, 8881 chk->rec.chunk_id.id); 8882 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8883 } 8884 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 8885 break; 8886 } 8887 } 8888 one_chunk = 0; 8889 cnt_thru = 0; 8890 /* do we have control chunks to retransmit? */ 8891 if (m != NULL) { 8892 /* Start a timer no matter if we suceed or fail */ 8893 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 8894 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, chk->whoTo); 8895 } else if (chk->rec.chunk_id.id == SCTP_ASCONF) 8896 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, chk->whoTo); 8897 chk->snd_count++; /* update our count */ 8898 if ((error = sctp_lowlevel_chunk_output(inp, stcb, chk->whoTo, 8899 (struct sockaddr *)&chk->whoTo->ro._l_addr, m, 8900 auth_offset, auth, stcb->asoc.authinfo.active_keyid, 8901 no_fragmentflg, 0, NULL, 0, 8902 inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 8903 chk->whoTo->port, so_locked, NULL, NULL))) { 8904 SCTP_STAT_INCR(sctps_lowlevelerr); 8905 return (error); 8906 } 8907 m = endofchain = NULL; 8908 auth = NULL; 8909 auth_offset = 0; 8910 /* 8911 * We don't want to mark the net->sent time here since this 8912 * we use this for HB and retrans cannot measure RTT 8913 */ 8914 /* (void)SCTP_GETTIME_TIMEVAL(&chk->whoTo->last_sent_time); */ 8915 *cnt_out += 1; 8916 chk->sent = SCTP_DATAGRAM_SENT; 8917 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt); 8918 if (fwd_tsn == 0) { 8919 return (0); 8920 } else { 8921 /* Clean up the fwd-tsn list */ 8922 sctp_clean_up_ctl(stcb, asoc); 8923 return (0); 8924 } 8925 } 8926 /* 8927 * Ok, it is just data retransmission we need to do or that and a 8928 * fwd-tsn with it all. 8929 */ 8930 if (TAILQ_EMPTY(&asoc->sent_queue)) { 8931 return (SCTP_RETRAN_DONE); 8932 } 8933 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) || 8934 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT)) { 8935 /* not yet open, resend the cookie and that is it */ 8936 return (1); 8937 } 8938 #ifdef SCTP_AUDITING_ENABLED 8939 sctp_auditing(20, inp, stcb, NULL); 8940 #endif 8941 data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks); 8942 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 8943 if (chk->sent != SCTP_DATAGRAM_RESEND) { 8944 /* No, not sent to this net or not ready for rtx */ 8945 continue; 8946 } 8947 if (chk->data == NULL) { 8948 printf("TSN:%x chk->snd_count:%d chk->sent:%d can't retran - no data\n", 8949 chk->rec.data.TSN_seq, chk->snd_count, chk->sent); 8950 continue; 8951 } 8952 if ((SCTP_BASE_SYSCTL(sctp_max_retran_chunk)) && 8953 (chk->snd_count >= SCTP_BASE_SYSCTL(sctp_max_retran_chunk))) { 8954 /* Gak, we have exceeded max unlucky retran, abort! */ 8955 SCTP_PRINTF("Gak, chk->snd_count:%d >= max:%d - send abort\n", 8956 chk->snd_count, 8957 SCTP_BASE_SYSCTL(sctp_max_retran_chunk)); 8958 atomic_add_int(&stcb->asoc.refcnt, 1); 8959 sctp_abort_an_association(stcb->sctp_ep, stcb, 0, NULL, so_locked); 8960 SCTP_TCB_LOCK(stcb); 8961 atomic_subtract_int(&stcb->asoc.refcnt, 1); 8962 return (SCTP_RETRAN_EXIT); 8963 } 8964 /* pick up the net */ 8965 net = chk->whoTo; 8966 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 8967 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 8968 } else { 8969 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8970 } 8971 8972 if ((asoc->peers_rwnd < mtu) && (asoc->total_flight > 0)) { 8973 /* No room in peers rwnd */ 8974 uint32_t tsn; 8975 8976 tsn = asoc->last_acked_seq + 1; 8977 if (tsn == chk->rec.data.TSN_seq) { 8978 /* 8979 * we make a special exception for this 8980 * case. The peer has no rwnd but is missing 8981 * the lowest chunk.. which is probably what 8982 * is holding up the rwnd. 8983 */ 8984 goto one_chunk_around; 8985 } 8986 return (1); 8987 } 8988 one_chunk_around: 8989 if (asoc->peers_rwnd < mtu) { 8990 one_chunk = 1; 8991 if ((asoc->peers_rwnd == 0) && 8992 (asoc->total_flight == 0)) { 8993 chk->window_probe = 1; 8994 chk->whoTo->window_probe = 1; 8995 } 8996 } 8997 #ifdef SCTP_AUDITING_ENABLED 8998 sctp_audit_log(0xC3, 2); 8999 #endif 9000 bundle_at = 0; 9001 m = NULL; 9002 net->fast_retran_ip = 0; 9003 if (chk->rec.data.doing_fast_retransmit == 0) { 9004 /* 9005 * if no FR in progress skip destination that have 9006 * flight_size > cwnd. 9007 */ 9008 if (net->flight_size >= net->cwnd) { 9009 continue; 9010 } 9011 } else { 9012 /* 9013 * Mark the destination net to have FR recovery 9014 * limits put on it. 9015 */ 9016 *fr_done = 1; 9017 net->fast_retran_ip = 1; 9018 } 9019 9020 /* 9021 * if no AUTH is yet included and this chunk requires it, 9022 * make sure to account for it. We don't apply the size 9023 * until the AUTH chunk is actually added below in case 9024 * there is no room for this chunk. 9025 */ 9026 if (data_auth_reqd && (auth == NULL)) { 9027 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 9028 } else 9029 dmtu = 0; 9030 9031 if ((chk->send_size <= (mtu - dmtu)) || 9032 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 9033 /* ok we will add this one */ 9034 if (data_auth_reqd) { 9035 if (auth == NULL) { 9036 m = sctp_add_auth_chunk(m, 9037 &endofchain, 9038 &auth, 9039 &auth_offset, 9040 stcb, 9041 SCTP_DATA); 9042 auth_keyid = chk->auth_keyid; 9043 override_ok = 0; 9044 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9045 } else if (override_ok) { 9046 auth_keyid = chk->auth_keyid; 9047 override_ok = 0; 9048 } else if (chk->auth_keyid != auth_keyid) { 9049 /* different keyid, so done bundling */ 9050 break; 9051 } 9052 } 9053 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 9054 if (m == NULL) { 9055 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 9056 return (ENOMEM); 9057 } 9058 /* Do clear IP_DF ? */ 9059 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 9060 no_fragmentflg = 0; 9061 } 9062 /* upate our MTU size */ 9063 if (mtu > (chk->send_size + dmtu)) 9064 mtu -= (chk->send_size + dmtu); 9065 else 9066 mtu = 0; 9067 data_list[bundle_at++] = chk; 9068 if (one_chunk && (asoc->total_flight <= 0)) { 9069 SCTP_STAT_INCR(sctps_windowprobed); 9070 } 9071 } 9072 if (one_chunk == 0) { 9073 /* 9074 * now are there anymore forward from chk to pick 9075 * up? 9076 */ 9077 fwd = TAILQ_NEXT(chk, sctp_next); 9078 while (fwd) { 9079 if (fwd->sent != SCTP_DATAGRAM_RESEND) { 9080 /* Nope, not for retran */ 9081 fwd = TAILQ_NEXT(fwd, sctp_next); 9082 continue; 9083 } 9084 if (fwd->whoTo != net) { 9085 /* Nope, not the net in question */ 9086 fwd = TAILQ_NEXT(fwd, sctp_next); 9087 continue; 9088 } 9089 if (data_auth_reqd && (auth == NULL)) { 9090 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 9091 } else 9092 dmtu = 0; 9093 if (fwd->send_size <= (mtu - dmtu)) { 9094 if (data_auth_reqd) { 9095 if (auth == NULL) { 9096 m = sctp_add_auth_chunk(m, 9097 &endofchain, 9098 &auth, 9099 &auth_offset, 9100 stcb, 9101 SCTP_DATA); 9102 auth_keyid = fwd->auth_keyid; 9103 override_ok = 0; 9104 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9105 } else if (override_ok) { 9106 auth_keyid = fwd->auth_keyid; 9107 override_ok = 0; 9108 } else if (fwd->auth_keyid != auth_keyid) { 9109 /* 9110 * different keyid, 9111 * so done bundling 9112 */ 9113 break; 9114 } 9115 } 9116 m = sctp_copy_mbufchain(fwd->data, m, &endofchain, 0, fwd->send_size, fwd->copy_by_ref); 9117 if (m == NULL) { 9118 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 9119 return (ENOMEM); 9120 } 9121 /* Do clear IP_DF ? */ 9122 if (fwd->flags & CHUNK_FLAGS_FRAGMENT_OK) { 9123 no_fragmentflg = 0; 9124 } 9125 /* upate our MTU size */ 9126 if (mtu > (fwd->send_size + dmtu)) 9127 mtu -= (fwd->send_size + dmtu); 9128 else 9129 mtu = 0; 9130 data_list[bundle_at++] = fwd; 9131 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 9132 break; 9133 } 9134 fwd = TAILQ_NEXT(fwd, sctp_next); 9135 } else { 9136 /* can't fit so we are done */ 9137 break; 9138 } 9139 } 9140 } 9141 /* Is there something to send for this destination? */ 9142 if (m) { 9143 /* 9144 * No matter if we fail/or suceed we should start a 9145 * timer. A failure is like a lost IP packet :-) 9146 */ 9147 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 9148 /* 9149 * no timer running on this destination 9150 * restart it. 9151 */ 9152 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 9153 tmr_started = 1; 9154 } 9155 /* Now lets send it, if there is anything to send :> */ 9156 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 9157 (struct sockaddr *)&net->ro._l_addr, m, 9158 auth_offset, auth, auth_keyid, 9159 no_fragmentflg, 0, NULL, 0, 9160 inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 9161 net->port, so_locked, NULL, NULL))) { 9162 /* error, we could not output */ 9163 SCTP_STAT_INCR(sctps_lowlevelerr); 9164 return (error); 9165 } 9166 m = endofchain = NULL; 9167 auth = NULL; 9168 auth_offset = 0; 9169 /* For HB's */ 9170 /* 9171 * We don't want to mark the net->sent time here 9172 * since this we use this for HB and retrans cannot 9173 * measure RTT 9174 */ 9175 /* (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); */ 9176 9177 /* For auto-close */ 9178 cnt_thru++; 9179 if (*now_filled == 0) { 9180 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 9181 *now = asoc->time_last_sent; 9182 *now_filled = 1; 9183 } else { 9184 asoc->time_last_sent = *now; 9185 } 9186 *cnt_out += bundle_at; 9187 #ifdef SCTP_AUDITING_ENABLED 9188 sctp_audit_log(0xC4, bundle_at); 9189 #endif 9190 if (bundle_at) { 9191 tsns_sent = data_list[0]->rec.data.TSN_seq; 9192 } 9193 for (i = 0; i < bundle_at; i++) { 9194 SCTP_STAT_INCR(sctps_sendretransdata); 9195 data_list[i]->sent = SCTP_DATAGRAM_SENT; 9196 /* 9197 * When we have a revoked data, and we 9198 * retransmit it, then we clear the revoked 9199 * flag since this flag dictates if we 9200 * subtracted from the fs 9201 */ 9202 if (data_list[i]->rec.data.chunk_was_revoked) { 9203 /* Deflate the cwnd */ 9204 data_list[i]->whoTo->cwnd -= data_list[i]->book_size; 9205 data_list[i]->rec.data.chunk_was_revoked = 0; 9206 } 9207 data_list[i]->snd_count++; 9208 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 9209 /* record the time */ 9210 data_list[i]->sent_rcv_time = asoc->time_last_sent; 9211 if (data_list[i]->book_size_scale) { 9212 /* 9213 * need to double the book size on 9214 * this one 9215 */ 9216 data_list[i]->book_size_scale = 0; 9217 /* 9218 * Since we double the booksize, we 9219 * must also double the output queue 9220 * size, since this get shrunk when 9221 * we free by this amount. 9222 */ 9223 atomic_add_int(&((asoc)->total_output_queue_size), data_list[i]->book_size); 9224 data_list[i]->book_size *= 2; 9225 9226 9227 } else { 9228 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 9229 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 9230 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 9231 } 9232 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 9233 (uint32_t) (data_list[i]->send_size + 9234 SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 9235 } 9236 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 9237 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_RSND, 9238 data_list[i]->whoTo->flight_size, 9239 data_list[i]->book_size, 9240 (uintptr_t) data_list[i]->whoTo, 9241 data_list[i]->rec.data.TSN_seq); 9242 } 9243 sctp_flight_size_increase(data_list[i]); 9244 sctp_total_flight_increase(stcb, data_list[i]); 9245 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 9246 /* SWS sender side engages */ 9247 asoc->peers_rwnd = 0; 9248 } 9249 if ((i == 0) && 9250 (data_list[i]->rec.data.doing_fast_retransmit)) { 9251 SCTP_STAT_INCR(sctps_sendfastretrans); 9252 if ((data_list[i] == TAILQ_FIRST(&asoc->sent_queue)) && 9253 (tmr_started == 0)) { 9254 /*- 9255 * ok we just fast-retrans'd 9256 * the lowest TSN, i.e the 9257 * first on the list. In 9258 * this case we want to give 9259 * some more time to get a 9260 * SACK back without a 9261 * t3-expiring. 9262 */ 9263 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net, 9264 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4); 9265 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 9266 } 9267 } 9268 } 9269 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9270 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_RESEND); 9271 } 9272 #ifdef SCTP_AUDITING_ENABLED 9273 sctp_auditing(21, inp, stcb, NULL); 9274 #endif 9275 } else { 9276 /* None will fit */ 9277 return (1); 9278 } 9279 if (asoc->sent_queue_retran_cnt <= 0) { 9280 /* all done we have no more to retran */ 9281 asoc->sent_queue_retran_cnt = 0; 9282 break; 9283 } 9284 if (one_chunk) { 9285 /* No more room in rwnd */ 9286 return (1); 9287 } 9288 /* stop the for loop here. we sent out a packet */ 9289 break; 9290 } 9291 return (0); 9292 } 9293 9294 9295 static int 9296 sctp_timer_validation(struct sctp_inpcb *inp, 9297 struct sctp_tcb *stcb, 9298 struct sctp_association *asoc, 9299 int ret) 9300 { 9301 struct sctp_nets *net; 9302 9303 /* Validate that a timer is running somewhere */ 9304 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 9305 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 9306 /* Here is a timer */ 9307 return (ret); 9308 } 9309 } 9310 SCTP_TCB_LOCK_ASSERT(stcb); 9311 /* Gak, we did not have a timer somewhere */ 9312 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Deadlock avoided starting timer on a dest at retran\n"); 9313 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->primary_destination); 9314 return (ret); 9315 } 9316 9317 void 9318 sctp_chunk_output(struct sctp_inpcb *inp, 9319 struct sctp_tcb *stcb, 9320 int from_where, 9321 int so_locked 9322 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 9323 SCTP_UNUSED 9324 #endif 9325 ) 9326 { 9327 /*- 9328 * Ok this is the generic chunk service queue. we must do the 9329 * following: 9330 * - See if there are retransmits pending, if so we must 9331 * do these first. 9332 * - Service the stream queue that is next, moving any 9333 * message (note I must get a complete message i.e. 9334 * FIRST/MIDDLE and LAST to the out queue in one pass) and assigning 9335 * TSN's 9336 * - Check to see if the cwnd/rwnd allows any output, if so we 9337 * go ahead and fomulate and send the low level chunks. Making sure 9338 * to combine any control in the control chunk queue also. 9339 */ 9340 struct sctp_association *asoc; 9341 struct sctp_nets *net; 9342 int error = 0, num_out = 0, tot_out = 0, ret = 0, reason_code = 0; 9343 unsigned int burst_cnt = 0; 9344 struct timeval now; 9345 int now_filled = 0; 9346 int nagle_on = 0; 9347 int frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 9348 int un_sent = 0; 9349 int fr_done; 9350 unsigned int tot_frs = 0; 9351 9352 asoc = &stcb->asoc; 9353 if (from_where == SCTP_OUTPUT_FROM_USR_SEND) { 9354 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NODELAY)) { 9355 nagle_on = 0; 9356 } else { 9357 nagle_on = 1; 9358 } 9359 } 9360 SCTP_TCB_LOCK_ASSERT(stcb); 9361 9362 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); 9363 9364 if ((un_sent <= 0) && 9365 (TAILQ_EMPTY(&asoc->control_send_queue)) && 9366 (TAILQ_EMPTY(&asoc->asconf_send_queue)) && 9367 (asoc->sent_queue_retran_cnt == 0)) { 9368 /* Nothing to do unless there is something to be sent left */ 9369 return; 9370 } 9371 /* 9372 * Do we have something to send, data or control AND a sack timer 9373 * running, if so piggy-back the sack. 9374 */ 9375 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 9376 sctp_send_sack(stcb); 9377 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); 9378 } 9379 while (asoc->sent_queue_retran_cnt) { 9380 /*- 9381 * Ok, it is retransmission time only, we send out only ONE 9382 * packet with a single call off to the retran code. 9383 */ 9384 if (from_where == SCTP_OUTPUT_FROM_COOKIE_ACK) { 9385 /*- 9386 * Special hook for handling cookiess discarded 9387 * by peer that carried data. Send cookie-ack only 9388 * and then the next call with get the retran's. 9389 */ 9390 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 9391 from_where, 9392 &now, &now_filled, frag_point, so_locked); 9393 return; 9394 } else if (from_where != SCTP_OUTPUT_FROM_HB_TMR) { 9395 /* if its not from a HB then do it */ 9396 fr_done = 0; 9397 ret = sctp_chunk_retransmission(inp, stcb, asoc, &num_out, &now, &now_filled, &fr_done, so_locked); 9398 if (fr_done) { 9399 tot_frs++; 9400 } 9401 } else { 9402 /* 9403 * its from any other place, we don't allow retran 9404 * output (only control) 9405 */ 9406 ret = 1; 9407 } 9408 if (ret > 0) { 9409 /* Can't send anymore */ 9410 /*- 9411 * now lets push out control by calling med-level 9412 * output once. this assures that we WILL send HB's 9413 * if queued too. 9414 */ 9415 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 9416 from_where, 9417 &now, &now_filled, frag_point, so_locked); 9418 #ifdef SCTP_AUDITING_ENABLED 9419 sctp_auditing(8, inp, stcb, NULL); 9420 #endif 9421 (void)sctp_timer_validation(inp, stcb, asoc, ret); 9422 return; 9423 } 9424 if (ret < 0) { 9425 /*- 9426 * The count was off.. retran is not happening so do 9427 * the normal retransmission. 9428 */ 9429 #ifdef SCTP_AUDITING_ENABLED 9430 sctp_auditing(9, inp, stcb, NULL); 9431 #endif 9432 if (ret == SCTP_RETRAN_EXIT) { 9433 return; 9434 } 9435 break; 9436 } 9437 if (from_where == SCTP_OUTPUT_FROM_T3) { 9438 /* Only one transmission allowed out of a timeout */ 9439 #ifdef SCTP_AUDITING_ENABLED 9440 sctp_auditing(10, inp, stcb, NULL); 9441 #endif 9442 /* Push out any control */ 9443 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, from_where, 9444 &now, &now_filled, frag_point, so_locked); 9445 return; 9446 } 9447 if ((asoc->fr_max_burst > 0) && (tot_frs >= asoc->fr_max_burst)) { 9448 /* Hit FR burst limit */ 9449 return; 9450 } 9451 if ((num_out == 0) && (ret == 0)) { 9452 /* No more retrans to send */ 9453 break; 9454 } 9455 } 9456 #ifdef SCTP_AUDITING_ENABLED 9457 sctp_auditing(12, inp, stcb, NULL); 9458 #endif 9459 /* Check for bad destinations, if they exist move chunks around. */ 9460 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 9461 if ((net->dest_state & SCTP_ADDR_NOT_REACHABLE) == 9462 SCTP_ADDR_NOT_REACHABLE) { 9463 /*- 9464 * if possible move things off of this address we 9465 * still may send below due to the dormant state but 9466 * we try to find an alternate address to send to 9467 * and if we have one we move all queued data on the 9468 * out wheel to this alternate address. 9469 */ 9470 if (net->ref_count > 1) 9471 sctp_move_chunks_from_net(stcb, net); 9472 } else if ((asoc->sctp_cmt_on_off > 0) && 9473 (asoc->sctp_cmt_pf > 0) && 9474 ((net->dest_state & SCTP_ADDR_PF) == SCTP_ADDR_PF)) { 9475 /* 9476 * JRS 5/14/07 - If CMT PF is on and the current 9477 * destination is in PF state, move all queued data 9478 * to an alternate desination. 9479 */ 9480 if (net->ref_count > 1) 9481 sctp_move_chunks_from_net(stcb, net); 9482 } else { 9483 /*- 9484 * if ((asoc->sat_network) || (net->addr_is_local)) 9485 * { burst_limit = asoc->max_burst * 9486 * SCTP_SAT_NETWORK_BURST_INCR; } 9487 */ 9488 if (asoc->max_burst > 0) { 9489 if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst)) { 9490 if ((net->flight_size + (asoc->max_burst * net->mtu)) < net->cwnd) { 9491 /* 9492 * JRS - Use the congestion 9493 * control given in the 9494 * congestion control module 9495 */ 9496 asoc->cc_functions.sctp_cwnd_update_after_output(stcb, net, asoc->max_burst); 9497 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 9498 sctp_log_maxburst(stcb, net, 0, asoc->max_burst, SCTP_MAX_BURST_APPLIED); 9499 } 9500 SCTP_STAT_INCR(sctps_maxburstqueued); 9501 } 9502 net->fast_retran_ip = 0; 9503 } else { 9504 if (net->flight_size == 0) { 9505 /* 9506 * Should be decaying the 9507 * cwnd here 9508 */ 9509 ; 9510 } 9511 } 9512 } 9513 } 9514 9515 } 9516 burst_cnt = 0; 9517 do { 9518 error = sctp_med_chunk_output(inp, stcb, asoc, &num_out, 9519 &reason_code, 0, from_where, 9520 &now, &now_filled, frag_point, so_locked); 9521 if (error) { 9522 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Error %d was returned from med-c-op\n", error); 9523 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 9524 sctp_log_maxburst(stcb, asoc->primary_destination, error, burst_cnt, SCTP_MAX_BURST_ERROR_STOP); 9525 } 9526 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9527 sctp_log_cwnd(stcb, NULL, error, SCTP_SEND_NOW_COMPLETES); 9528 sctp_log_cwnd(stcb, NULL, 0xdeadbeef, SCTP_SEND_NOW_COMPLETES); 9529 } 9530 break; 9531 } 9532 SCTPDBG(SCTP_DEBUG_OUTPUT3, "m-c-o put out %d\n", num_out); 9533 9534 tot_out += num_out; 9535 burst_cnt++; 9536 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9537 sctp_log_cwnd(stcb, NULL, num_out, SCTP_SEND_NOW_COMPLETES); 9538 if (num_out == 0) { 9539 sctp_log_cwnd(stcb, NULL, reason_code, SCTP_SEND_NOW_COMPLETES); 9540 } 9541 } 9542 if (nagle_on) { 9543 /*- 9544 * When nagle is on, we look at how much is un_sent, then 9545 * if its smaller than an MTU and we have data in 9546 * flight we stop. 9547 */ 9548 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 9549 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 9550 if ((un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) && 9551 (stcb->asoc.total_flight > 0)) { 9552 break; 9553 } 9554 } 9555 if (TAILQ_EMPTY(&asoc->control_send_queue) && 9556 TAILQ_EMPTY(&asoc->send_queue) && 9557 stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { 9558 /* Nothing left to send */ 9559 break; 9560 } 9561 if ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) <= 0) { 9562 /* Nothing left to send */ 9563 break; 9564 } 9565 } while (num_out && 9566 ((asoc->max_burst == 0) || 9567 SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) || 9568 (burst_cnt < asoc->max_burst))); 9569 9570 if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) == 0) { 9571 if ((asoc->max_burst > 0) && (burst_cnt >= asoc->max_burst)) { 9572 SCTP_STAT_INCR(sctps_maxburstqueued); 9573 asoc->burst_limit_applied = 1; 9574 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 9575 sctp_log_maxburst(stcb, asoc->primary_destination, 0, burst_cnt, SCTP_MAX_BURST_APPLIED); 9576 } 9577 } else { 9578 asoc->burst_limit_applied = 0; 9579 } 9580 } 9581 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9582 sctp_log_cwnd(stcb, NULL, tot_out, SCTP_SEND_NOW_COMPLETES); 9583 } 9584 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, we have put out %d chunks\n", 9585 tot_out); 9586 9587 /*- 9588 * Now we need to clean up the control chunk chain if a ECNE is on 9589 * it. It must be marked as UNSENT again so next call will continue 9590 * to send it until such time that we get a CWR, to remove it. 9591 */ 9592 if (stcb->asoc.ecn_echo_cnt_onq) 9593 sctp_fix_ecn_echo(asoc); 9594 return; 9595 } 9596 9597 9598 int 9599 sctp_output(inp, m, addr, control, p, flags) 9600 struct sctp_inpcb *inp; 9601 struct mbuf *m; 9602 struct sockaddr *addr; 9603 struct mbuf *control; 9604 struct thread *p; 9605 int flags; 9606 { 9607 if (inp == NULL) { 9608 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 9609 return (EINVAL); 9610 } 9611 if (inp->sctp_socket == NULL) { 9612 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 9613 return (EINVAL); 9614 } 9615 return (sctp_sosend(inp->sctp_socket, 9616 addr, 9617 (struct uio *)NULL, 9618 m, 9619 control, 9620 flags, p 9621 )); 9622 } 9623 9624 void 9625 send_forward_tsn(struct sctp_tcb *stcb, 9626 struct sctp_association *asoc) 9627 { 9628 struct sctp_tmit_chunk *chk; 9629 struct sctp_forward_tsn_chunk *fwdtsn; 9630 uint32_t advance_peer_ack_point; 9631 9632 SCTP_TCB_LOCK_ASSERT(stcb); 9633 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9634 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 9635 /* mark it to unsent */ 9636 chk->sent = SCTP_DATAGRAM_UNSENT; 9637 chk->snd_count = 0; 9638 /* Do we correct its output location? */ 9639 if (chk->whoTo != asoc->primary_destination) { 9640 sctp_free_remote_addr(chk->whoTo); 9641 chk->whoTo = asoc->primary_destination; 9642 atomic_add_int(&chk->whoTo->ref_count, 1); 9643 } 9644 goto sctp_fill_in_rest; 9645 } 9646 } 9647 /* Ok if we reach here we must build one */ 9648 sctp_alloc_a_chunk(stcb, chk); 9649 if (chk == NULL) { 9650 return; 9651 } 9652 asoc->fwd_tsn_cnt++; 9653 chk->copy_by_ref = 0; 9654 chk->rec.chunk_id.id = SCTP_FORWARD_CUM_TSN; 9655 chk->rec.chunk_id.can_take_data = 0; 9656 chk->asoc = asoc; 9657 chk->whoTo = NULL; 9658 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 9659 if (chk->data == NULL) { 9660 sctp_free_a_chunk(stcb, chk); 9661 return; 9662 } 9663 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 9664 chk->sent = SCTP_DATAGRAM_UNSENT; 9665 chk->snd_count = 0; 9666 chk->whoTo = asoc->primary_destination; 9667 atomic_add_int(&chk->whoTo->ref_count, 1); 9668 TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next); 9669 asoc->ctrl_queue_cnt++; 9670 sctp_fill_in_rest: 9671 /*- 9672 * Here we go through and fill out the part that deals with 9673 * stream/seq of the ones we skip. 9674 */ 9675 SCTP_BUF_LEN(chk->data) = 0; 9676 { 9677 struct sctp_tmit_chunk *at, *tp1, *last; 9678 struct sctp_strseq *strseq; 9679 unsigned int cnt_of_space, i, ovh; 9680 unsigned int space_needed; 9681 unsigned int cnt_of_skipped = 0; 9682 9683 TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) { 9684 if (at->sent != SCTP_FORWARD_TSN_SKIP) { 9685 /* no more to look at */ 9686 break; 9687 } 9688 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 9689 /* We don't report these */ 9690 continue; 9691 } 9692 cnt_of_skipped++; 9693 } 9694 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 9695 (cnt_of_skipped * sizeof(struct sctp_strseq))); 9696 9697 cnt_of_space = M_TRAILINGSPACE(chk->data); 9698 9699 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 9700 ovh = SCTP_MIN_OVERHEAD; 9701 } else { 9702 ovh = SCTP_MIN_V4_OVERHEAD; 9703 } 9704 if (cnt_of_space > (asoc->smallest_mtu - ovh)) { 9705 /* trim to a mtu size */ 9706 cnt_of_space = asoc->smallest_mtu - ovh; 9707 } 9708 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9709 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9710 0xff, 0, cnt_of_skipped, 9711 asoc->advanced_peer_ack_point); 9712 9713 } 9714 advance_peer_ack_point = asoc->advanced_peer_ack_point; 9715 if (cnt_of_space < space_needed) { 9716 /*- 9717 * ok we must trim down the chunk by lowering the 9718 * advance peer ack point. 9719 */ 9720 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9721 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9722 0xff, 0xff, cnt_of_space, 9723 space_needed); 9724 } 9725 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); 9726 cnt_of_skipped /= sizeof(struct sctp_strseq); 9727 /*- 9728 * Go through and find the TSN that will be the one 9729 * we report. 9730 */ 9731 at = TAILQ_FIRST(&asoc->sent_queue); 9732 for (i = 0; i < cnt_of_skipped; i++) { 9733 tp1 = TAILQ_NEXT(at, sctp_next); 9734 if (tp1 == NULL) { 9735 break; 9736 } 9737 at = tp1; 9738 } 9739 if (at && SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9740 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9741 0xff, cnt_of_skipped, at->rec.data.TSN_seq, 9742 asoc->advanced_peer_ack_point); 9743 } 9744 last = at; 9745 /*- 9746 * last now points to last one I can report, update 9747 * peer ack point 9748 */ 9749 if (last) 9750 advance_peer_ack_point = last->rec.data.TSN_seq; 9751 space_needed = sizeof(struct sctp_forward_tsn_chunk) + 9752 cnt_of_skipped * sizeof(struct sctp_strseq); 9753 } 9754 chk->send_size = space_needed; 9755 /* Setup the chunk */ 9756 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 9757 fwdtsn->ch.chunk_length = htons(chk->send_size); 9758 fwdtsn->ch.chunk_flags = 0; 9759 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 9760 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point); 9761 SCTP_BUF_LEN(chk->data) = chk->send_size; 9762 fwdtsn++; 9763 /*- 9764 * Move pointer to after the fwdtsn and transfer to the 9765 * strseq pointer. 9766 */ 9767 strseq = (struct sctp_strseq *)fwdtsn; 9768 /*- 9769 * Now populate the strseq list. This is done blindly 9770 * without pulling out duplicate stream info. This is 9771 * inefficent but won't harm the process since the peer will 9772 * look at these in sequence and will thus release anything. 9773 * It could mean we exceed the PMTU and chop off some that 9774 * we could have included.. but this is unlikely (aka 1432/4 9775 * would mean 300+ stream seq's would have to be reported in 9776 * one FWD-TSN. With a bit of work we can later FIX this to 9777 * optimize and pull out duplcates.. but it does add more 9778 * overhead. So for now... not! 9779 */ 9780 at = TAILQ_FIRST(&asoc->sent_queue); 9781 for (i = 0; i < cnt_of_skipped; i++) { 9782 tp1 = TAILQ_NEXT(at, sctp_next); 9783 if (tp1 == NULL) 9784 break; 9785 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 9786 /* We don't report these */ 9787 i--; 9788 at = tp1; 9789 continue; 9790 } 9791 if (at->rec.data.TSN_seq == advance_peer_ack_point) { 9792 at->rec.data.fwd_tsn_cnt = 0; 9793 } 9794 strseq->stream = ntohs(at->rec.data.stream_number); 9795 strseq->sequence = ntohs(at->rec.data.stream_seq); 9796 strseq++; 9797 at = tp1; 9798 } 9799 } 9800 return; 9801 9802 } 9803 9804 void 9805 sctp_send_sack(struct sctp_tcb *stcb) 9806 { 9807 /*- 9808 * Queue up a SACK or NR-SACK in the control queue. 9809 * We must first check to see if a SACK or NR-SACK is 9810 * somehow on the control queue. 9811 * If so, we will take and and remove the old one. 9812 */ 9813 struct sctp_association *asoc; 9814 struct sctp_tmit_chunk *chk, *a_chk; 9815 struct sctp_sack_chunk *sack; 9816 struct sctp_nr_sack_chunk *nr_sack; 9817 struct sctp_gap_ack_block *gap_descriptor; 9818 struct sack_track *selector; 9819 int mergeable = 0; 9820 int offset; 9821 caddr_t limit; 9822 uint32_t *dup; 9823 int limit_reached = 0; 9824 unsigned int i, siz, j; 9825 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space; 9826 int num_dups = 0; 9827 int space_req; 9828 uint32_t highest_tsn; 9829 uint8_t flags; 9830 uint8_t type; 9831 uint8_t tsn_map; 9832 9833 if ((stcb->asoc.sctp_nr_sack_on_off == 1) && 9834 (stcb->asoc.peer_supports_nr_sack == 1)) { 9835 type = SCTP_NR_SELECTIVE_ACK; 9836 } else { 9837 type = SCTP_SELECTIVE_ACK; 9838 } 9839 a_chk = NULL; 9840 asoc = &stcb->asoc; 9841 SCTP_TCB_LOCK_ASSERT(stcb); 9842 if (asoc->last_data_chunk_from == NULL) { 9843 /* Hmm we never received anything */ 9844 return; 9845 } 9846 sctp_slide_mapping_arrays(stcb); 9847 sctp_set_rwnd(stcb, asoc); 9848 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9849 if (chk->rec.chunk_id.id == type) { 9850 /* Hmm, found a sack already on queue, remove it */ 9851 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 9852 asoc->ctrl_queue_cnt--; 9853 a_chk = chk; 9854 if (a_chk->data) { 9855 sctp_m_freem(a_chk->data); 9856 a_chk->data = NULL; 9857 } 9858 sctp_free_remote_addr(a_chk->whoTo); 9859 a_chk->whoTo = NULL; 9860 break; 9861 } 9862 } 9863 if (a_chk == NULL) { 9864 sctp_alloc_a_chunk(stcb, a_chk); 9865 if (a_chk == NULL) { 9866 /* No memory so we drop the idea, and set a timer */ 9867 if (stcb->asoc.delayed_ack) { 9868 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 9869 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); 9870 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 9871 stcb->sctp_ep, stcb, NULL); 9872 } else { 9873 stcb->asoc.send_sack = 1; 9874 } 9875 return; 9876 } 9877 a_chk->copy_by_ref = 0; 9878 a_chk->rec.chunk_id.id = type; 9879 a_chk->rec.chunk_id.can_take_data = 1; 9880 } 9881 /* Clear our pkt counts */ 9882 asoc->data_pkts_seen = 0; 9883 9884 a_chk->asoc = asoc; 9885 a_chk->snd_count = 0; 9886 a_chk->send_size = 0; /* fill in later */ 9887 a_chk->sent = SCTP_DATAGRAM_UNSENT; 9888 a_chk->whoTo = NULL; 9889 9890 if ((asoc->numduptsns) || 9891 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE)) { 9892 /*- 9893 * Ok, we have some duplicates or the destination for the 9894 * sack is unreachable, lets see if we can select an 9895 * alternate than asoc->last_data_chunk_from 9896 */ 9897 if ((!(asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE)) && 9898 (asoc->used_alt_onsack > asoc->numnets)) { 9899 /* We used an alt last time, don't this time */ 9900 a_chk->whoTo = NULL; 9901 } else { 9902 asoc->used_alt_onsack++; 9903 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0); 9904 } 9905 if (a_chk->whoTo == NULL) { 9906 /* Nope, no alternate */ 9907 a_chk->whoTo = asoc->last_data_chunk_from; 9908 asoc->used_alt_onsack = 0; 9909 } 9910 } else { 9911 /* 9912 * No duplicates so we use the last place we received data 9913 * from. 9914 */ 9915 asoc->used_alt_onsack = 0; 9916 a_chk->whoTo = asoc->last_data_chunk_from; 9917 } 9918 if (a_chk->whoTo) { 9919 atomic_add_int(&a_chk->whoTo->ref_count, 1); 9920 } 9921 if (SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map)) { 9922 highest_tsn = asoc->highest_tsn_inside_map; 9923 } else { 9924 highest_tsn = asoc->highest_tsn_inside_nr_map; 9925 } 9926 if (highest_tsn == asoc->cumulative_tsn) { 9927 /* no gaps */ 9928 if (type == SCTP_SELECTIVE_ACK) { 9929 space_req = sizeof(struct sctp_sack_chunk); 9930 } else { 9931 space_req = sizeof(struct sctp_nr_sack_chunk); 9932 } 9933 } else { 9934 /* gaps get a cluster */ 9935 space_req = MCLBYTES; 9936 } 9937 /* Ok now lets formulate a MBUF with our sack */ 9938 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_DONTWAIT, 1, MT_DATA); 9939 if ((a_chk->data == NULL) || 9940 (a_chk->whoTo == NULL)) { 9941 /* rats, no mbuf memory */ 9942 if (a_chk->data) { 9943 /* was a problem with the destination */ 9944 sctp_m_freem(a_chk->data); 9945 a_chk->data = NULL; 9946 } 9947 sctp_free_a_chunk(stcb, a_chk); 9948 /* sa_ignore NO_NULL_CHK */ 9949 if (stcb->asoc.delayed_ack) { 9950 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 9951 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6); 9952 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 9953 stcb->sctp_ep, stcb, NULL); 9954 } else { 9955 stcb->asoc.send_sack = 1; 9956 } 9957 return; 9958 } 9959 /* ok, lets go through and fill it in */ 9960 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD); 9961 space = M_TRAILINGSPACE(a_chk->data); 9962 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) { 9963 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD); 9964 } 9965 limit = mtod(a_chk->data, caddr_t); 9966 limit += space; 9967 9968 flags = 0; 9969 9970 if ((asoc->sctp_cmt_on_off > 0) && 9971 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) { 9972 /*- 9973 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been 9974 * received, then set high bit to 1, else 0. Reset 9975 * pkts_rcvd. 9976 */ 9977 flags |= (asoc->cmt_dac_pkts_rcvd << 6); 9978 asoc->cmt_dac_pkts_rcvd = 0; 9979 } 9980 #ifdef SCTP_ASOCLOG_OF_TSNS 9981 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn; 9982 stcb->asoc.cumack_log_atsnt++; 9983 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) { 9984 stcb->asoc.cumack_log_atsnt = 0; 9985 } 9986 #endif 9987 /* reset the readers interpretation */ 9988 stcb->freed_by_sorcv_sincelast = 0; 9989 9990 if (type == SCTP_SELECTIVE_ACK) { 9991 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 9992 nr_sack = NULL; 9993 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk)); 9994 if (highest_tsn > asoc->mapping_array_base_tsn) { 9995 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 9996 } else { 9997 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8; 9998 } 9999 } else { 10000 sack = NULL; 10001 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *); 10002 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk)); 10003 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) { 10004 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10005 } else { 10006 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8; 10007 } 10008 } 10009 10010 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) { 10011 offset = 1; 10012 } else { 10013 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 10014 } 10015 if (((type == SCTP_SELECTIVE_ACK) && 10016 SCTP_TSN_GT(highest_tsn, asoc->cumulative_tsn)) || 10017 ((type == SCTP_NR_SELECTIVE_ACK) && 10018 SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->cumulative_tsn))) { 10019 /* we have a gap .. maybe */ 10020 for (i = 0; i < siz; i++) { 10021 tsn_map = asoc->mapping_array[i]; 10022 if (type == SCTP_SELECTIVE_ACK) { 10023 tsn_map |= asoc->nr_mapping_array[i]; 10024 } 10025 if (i == 0) { 10026 /* 10027 * Clear all bits corresponding to TSNs 10028 * smaller or equal to the cumulative TSN. 10029 */ 10030 tsn_map &= (~0 << (1 - offset)); 10031 } 10032 selector = &sack_array[tsn_map]; 10033 if (mergeable && selector->right_edge) { 10034 /* 10035 * Backup, left and right edges were ok to 10036 * merge. 10037 */ 10038 num_gap_blocks--; 10039 gap_descriptor--; 10040 } 10041 if (selector->num_entries == 0) 10042 mergeable = 0; 10043 else { 10044 for (j = 0; j < selector->num_entries; j++) { 10045 if (mergeable && selector->right_edge) { 10046 /* 10047 * do a merge by NOT setting 10048 * the left side 10049 */ 10050 mergeable = 0; 10051 } else { 10052 /* 10053 * no merge, set the left 10054 * side 10055 */ 10056 mergeable = 0; 10057 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10058 } 10059 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10060 num_gap_blocks++; 10061 gap_descriptor++; 10062 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10063 /* no more room */ 10064 limit_reached = 1; 10065 break; 10066 } 10067 } 10068 if (selector->left_edge) { 10069 mergeable = 1; 10070 } 10071 } 10072 if (limit_reached) { 10073 /* Reached the limit stop */ 10074 break; 10075 } 10076 offset += 8; 10077 } 10078 } 10079 if ((type == SCTP_NR_SELECTIVE_ACK) && 10080 (limit_reached == 0)) { 10081 10082 mergeable = 0; 10083 10084 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn) { 10085 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10086 } else { 10087 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8; 10088 } 10089 10090 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) { 10091 offset = 1; 10092 } else { 10093 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 10094 } 10095 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn)) { 10096 /* we have a gap .. maybe */ 10097 for (i = 0; i < siz; i++) { 10098 tsn_map = asoc->nr_mapping_array[i]; 10099 if (i == 0) { 10100 /* 10101 * Clear all bits corresponding to 10102 * TSNs smaller or equal to the 10103 * cumulative TSN. 10104 */ 10105 tsn_map &= (~0 << (1 - offset)); 10106 } 10107 selector = &sack_array[tsn_map]; 10108 if (mergeable && selector->right_edge) { 10109 /* 10110 * Backup, left and right edges were 10111 * ok to merge. 10112 */ 10113 num_nr_gap_blocks--; 10114 gap_descriptor--; 10115 } 10116 if (selector->num_entries == 0) 10117 mergeable = 0; 10118 else { 10119 for (j = 0; j < selector->num_entries; j++) { 10120 if (mergeable && selector->right_edge) { 10121 /* 10122 * do a merge by NOT 10123 * setting the left 10124 * side 10125 */ 10126 mergeable = 0; 10127 } else { 10128 /* 10129 * no merge, set the 10130 * left side 10131 */ 10132 mergeable = 0; 10133 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10134 } 10135 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10136 num_nr_gap_blocks++; 10137 gap_descriptor++; 10138 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10139 /* no more room */ 10140 limit_reached = 1; 10141 break; 10142 } 10143 } 10144 if (selector->left_edge) { 10145 mergeable = 1; 10146 } 10147 } 10148 if (limit_reached) { 10149 /* Reached the limit stop */ 10150 break; 10151 } 10152 offset += 8; 10153 } 10154 } 10155 } 10156 /* now we must add any dups we are going to report. */ 10157 if ((limit_reached == 0) && (asoc->numduptsns)) { 10158 dup = (uint32_t *) gap_descriptor; 10159 for (i = 0; i < asoc->numduptsns; i++) { 10160 *dup = htonl(asoc->dup_tsns[i]); 10161 dup++; 10162 num_dups++; 10163 if (((caddr_t)dup + sizeof(uint32_t)) > limit) { 10164 /* no more room */ 10165 break; 10166 } 10167 } 10168 asoc->numduptsns = 0; 10169 } 10170 /* 10171 * now that the chunk is prepared queue it to the control chunk 10172 * queue. 10173 */ 10174 if (type == SCTP_SELECTIVE_ACK) { 10175 a_chk->send_size = sizeof(struct sctp_sack_chunk) + 10176 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10177 num_dups * sizeof(int32_t); 10178 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10179 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10180 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 10181 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 10182 sack->sack.num_dup_tsns = htons(num_dups); 10183 sack->ch.chunk_type = type; 10184 sack->ch.chunk_flags = flags; 10185 sack->ch.chunk_length = htons(a_chk->send_size); 10186 } else { 10187 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) + 10188 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10189 num_dups * sizeof(int32_t); 10190 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10191 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10192 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd); 10193 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks); 10194 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks); 10195 nr_sack->nr_sack.num_dup_tsns = htons(num_dups); 10196 nr_sack->nr_sack.reserved = 0; 10197 nr_sack->ch.chunk_type = type; 10198 nr_sack->ch.chunk_flags = flags; 10199 nr_sack->ch.chunk_length = htons(a_chk->send_size); 10200 } 10201 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 10202 asoc->my_last_reported_rwnd = asoc->my_rwnd; 10203 asoc->ctrl_queue_cnt++; 10204 asoc->send_sack = 0; 10205 SCTP_STAT_INCR(sctps_sendsacks); 10206 return; 10207 } 10208 10209 void 10210 sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked 10211 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10212 SCTP_UNUSED 10213 #endif 10214 ) 10215 { 10216 struct mbuf *m_abort; 10217 struct mbuf *m_out = NULL, *m_end = NULL; 10218 struct sctp_abort_chunk *abort = NULL; 10219 int sz; 10220 uint32_t auth_offset = 0; 10221 struct sctp_auth_chunk *auth = NULL; 10222 10223 /*- 10224 * Add an AUTH chunk, if chunk requires it and save the offset into 10225 * the chain for AUTH 10226 */ 10227 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION, 10228 stcb->asoc.peer_auth_chunks)) { 10229 m_out = sctp_add_auth_chunk(m_out, &m_end, &auth, &auth_offset, 10230 stcb, SCTP_ABORT_ASSOCIATION); 10231 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10232 } 10233 SCTP_TCB_LOCK_ASSERT(stcb); 10234 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 10235 if (m_abort == NULL) { 10236 /* no mbuf's */ 10237 if (m_out) 10238 sctp_m_freem(m_out); 10239 return; 10240 } 10241 /* link in any error */ 10242 SCTP_BUF_NEXT(m_abort) = operr; 10243 sz = 0; 10244 if (operr) { 10245 struct mbuf *n; 10246 10247 n = operr; 10248 while (n) { 10249 sz += SCTP_BUF_LEN(n); 10250 n = SCTP_BUF_NEXT(n); 10251 } 10252 } 10253 SCTP_BUF_LEN(m_abort) = sizeof(*abort); 10254 if (m_out == NULL) { 10255 /* NO Auth chunk prepended, so reserve space in front */ 10256 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD); 10257 m_out = m_abort; 10258 } else { 10259 /* Put AUTH chunk at the front of the chain */ 10260 SCTP_BUF_NEXT(m_end) = m_abort; 10261 } 10262 10263 /* fill in the ABORT chunk */ 10264 abort = mtod(m_abort, struct sctp_abort_chunk *); 10265 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION; 10266 abort->ch.chunk_flags = 0; 10267 abort->ch.chunk_length = htons(sizeof(*abort) + sz); 10268 10269 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, 10270 stcb->asoc.primary_destination, 10271 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr, 10272 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, NULL, 0, 10273 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 10274 stcb->asoc.primary_destination->port, so_locked, NULL, NULL); 10275 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10276 } 10277 10278 void 10279 sctp_send_shutdown_complete(struct sctp_tcb *stcb, 10280 struct sctp_nets *net, 10281 int reflect_vtag) 10282 { 10283 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10284 struct mbuf *m_shutdown_comp; 10285 struct sctp_shutdown_complete_chunk *shutdown_complete; 10286 uint32_t vtag; 10287 uint8_t flags; 10288 10289 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER); 10290 if (m_shutdown_comp == NULL) { 10291 /* no mbuf's */ 10292 return; 10293 } 10294 if (reflect_vtag) { 10295 flags = SCTP_HAD_NO_TCB; 10296 vtag = stcb->asoc.my_vtag; 10297 } else { 10298 flags = 0; 10299 vtag = stcb->asoc.peer_vtag; 10300 } 10301 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *); 10302 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10303 shutdown_complete->ch.chunk_flags = flags; 10304 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10305 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk); 10306 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 10307 (struct sockaddr *)&net->ro._l_addr, 10308 m_shutdown_comp, 0, NULL, 0, 1, 0, NULL, 0, 10309 stcb->sctp_ep->sctp_lport, stcb->rport, 10310 htonl(vtag), 10311 net->port, SCTP_SO_NOT_LOCKED, NULL, NULL); 10312 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10313 return; 10314 } 10315 10316 void 10317 sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh, 10318 uint32_t vrf_id, uint16_t port) 10319 { 10320 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10321 struct mbuf *o_pak; 10322 struct mbuf *mout; 10323 struct ip *iph, *iph_out; 10324 struct udphdr *udp = NULL; 10325 10326 #ifdef INET6 10327 struct ip6_hdr *ip6, *ip6_out; 10328 10329 #endif 10330 int offset_out, len, mlen; 10331 struct sctp_shutdown_complete_msg *comp_cp; 10332 10333 iph = mtod(m, struct ip *); 10334 switch (iph->ip_v) { 10335 case IPVERSION: 10336 len = (sizeof(struct ip) + sizeof(struct sctp_shutdown_complete_msg)); 10337 break; 10338 #ifdef INET6 10339 case IPV6_VERSION >> 4: 10340 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_shutdown_complete_msg)); 10341 break; 10342 #endif 10343 default: 10344 return; 10345 } 10346 if (port) { 10347 len += sizeof(struct udphdr); 10348 } 10349 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 10350 if (mout == NULL) { 10351 return; 10352 } 10353 SCTP_BUF_RESV_UF(mout, max_linkhdr); 10354 SCTP_BUF_LEN(mout) = len; 10355 SCTP_BUF_NEXT(mout) = NULL; 10356 if (m->m_flags & M_FLOWID) { 10357 mout->m_pkthdr.flowid = m->m_pkthdr.flowid; 10358 mout->m_flags |= M_FLOWID; 10359 } 10360 iph_out = NULL; 10361 #ifdef INET6 10362 ip6_out = NULL; 10363 #endif 10364 offset_out = 0; 10365 10366 switch (iph->ip_v) { 10367 case IPVERSION: 10368 iph_out = mtod(mout, struct ip *); 10369 10370 /* Fill in the IP header for the ABORT */ 10371 iph_out->ip_v = IPVERSION; 10372 iph_out->ip_hl = (sizeof(struct ip) / 4); 10373 iph_out->ip_tos = (u_char)0; 10374 iph_out->ip_id = 0; 10375 iph_out->ip_off = 0; 10376 iph_out->ip_ttl = MAXTTL; 10377 if (port) { 10378 iph_out->ip_p = IPPROTO_UDP; 10379 } else { 10380 iph_out->ip_p = IPPROTO_SCTP; 10381 } 10382 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 10383 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 10384 10385 /* let IP layer calculate this */ 10386 iph_out->ip_sum = 0; 10387 offset_out += sizeof(*iph_out); 10388 comp_cp = (struct sctp_shutdown_complete_msg *)( 10389 (caddr_t)iph_out + offset_out); 10390 break; 10391 #ifdef INET6 10392 case IPV6_VERSION >> 4: 10393 ip6 = (struct ip6_hdr *)iph; 10394 ip6_out = mtod(mout, struct ip6_hdr *); 10395 10396 /* Fill in the IPv6 header for the ABORT */ 10397 ip6_out->ip6_flow = ip6->ip6_flow; 10398 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 10399 if (port) { 10400 ip6_out->ip6_nxt = IPPROTO_UDP; 10401 } else { 10402 ip6_out->ip6_nxt = IPPROTO_SCTP; 10403 } 10404 ip6_out->ip6_src = ip6->ip6_dst; 10405 ip6_out->ip6_dst = ip6->ip6_src; 10406 /* 10407 * ?? The old code had both the iph len + payload, I think 10408 * this is wrong and would never have worked 10409 */ 10410 ip6_out->ip6_plen = sizeof(struct sctp_shutdown_complete_msg); 10411 offset_out += sizeof(*ip6_out); 10412 comp_cp = (struct sctp_shutdown_complete_msg *)( 10413 (caddr_t)ip6_out + offset_out); 10414 break; 10415 #endif /* INET6 */ 10416 default: 10417 /* Currently not supported. */ 10418 sctp_m_freem(mout); 10419 return; 10420 } 10421 if (port) { 10422 udp = (struct udphdr *)comp_cp; 10423 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 10424 udp->uh_dport = port; 10425 udp->uh_ulen = htons(sizeof(struct sctp_shutdown_complete_msg) + sizeof(struct udphdr)); 10426 if (iph_out) 10427 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 10428 offset_out += sizeof(struct udphdr); 10429 comp_cp = (struct sctp_shutdown_complete_msg *)((caddr_t)comp_cp + sizeof(struct udphdr)); 10430 } 10431 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 10432 /* no mbuf's */ 10433 sctp_m_freem(mout); 10434 return; 10435 } 10436 /* Now copy in and fill in the ABORT tags etc. */ 10437 comp_cp->sh.src_port = sh->dest_port; 10438 comp_cp->sh.dest_port = sh->src_port; 10439 comp_cp->sh.checksum = 0; 10440 comp_cp->sh.v_tag = sh->v_tag; 10441 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB; 10442 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10443 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10444 10445 if (iph_out != NULL) { 10446 sctp_route_t ro; 10447 int ret; 10448 10449 mlen = SCTP_BUF_LEN(mout); 10450 bzero(&ro, sizeof ro); 10451 /* set IPv4 length */ 10452 iph_out->ip_len = mlen; 10453 #ifdef SCTP_PACKET_LOGGING 10454 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 10455 sctp_packet_log(mout, mlen); 10456 #endif 10457 if (port) { 10458 #if defined(SCTP_WITH_NO_CSUM) 10459 SCTP_STAT_INCR(sctps_sendnocrc); 10460 #else 10461 comp_cp->sh.checksum = sctp_calculate_cksum(mout, offset_out); 10462 SCTP_STAT_INCR(sctps_sendswcrc); 10463 #endif 10464 SCTP_ENABLE_UDP_CSUM(mout); 10465 } else { 10466 #if defined(SCTP_WITH_NO_CSUM) 10467 SCTP_STAT_INCR(sctps_sendnocrc); 10468 #else 10469 mout->m_pkthdr.csum_flags = CSUM_SCTP; 10470 mout->m_pkthdr.csum_data = 0; 10471 SCTP_STAT_INCR(sctps_sendhwcrc); 10472 #endif 10473 } 10474 SCTP_ATTACH_CHAIN(o_pak, mout, mlen); 10475 /* out it goes */ 10476 SCTP_IP_OUTPUT(ret, o_pak, &ro, NULL, vrf_id); 10477 10478 /* Free the route if we got one back */ 10479 if (ro.ro_rt) 10480 RTFREE(ro.ro_rt); 10481 } 10482 #ifdef INET6 10483 if (ip6_out != NULL) { 10484 struct route_in6 ro; 10485 int ret; 10486 struct ifnet *ifp = NULL; 10487 10488 bzero(&ro, sizeof(ro)); 10489 mlen = SCTP_BUF_LEN(mout); 10490 #ifdef SCTP_PACKET_LOGGING 10491 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 10492 sctp_packet_log(mout, mlen); 10493 #endif 10494 SCTP_ATTACH_CHAIN(o_pak, mout, mlen); 10495 if (port) { 10496 #if defined(SCTP_WITH_NO_CSUM) 10497 SCTP_STAT_INCR(sctps_sendnocrc); 10498 #else 10499 comp_cp->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 10500 SCTP_STAT_INCR(sctps_sendswcrc); 10501 #endif 10502 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), mlen - sizeof(struct ip6_hdr))) == 0) { 10503 udp->uh_sum = 0xffff; 10504 } 10505 } else { 10506 #if defined(SCTP_WITH_NO_CSUM) 10507 SCTP_STAT_INCR(sctps_sendnocrc); 10508 #else 10509 mout->m_pkthdr.csum_flags = CSUM_SCTP; 10510 mout->m_pkthdr.csum_data = 0; 10511 SCTP_STAT_INCR(sctps_sendhwcrc); 10512 #endif 10513 } 10514 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, NULL, vrf_id); 10515 10516 /* Free the route if we got one back */ 10517 if (ro.ro_rt) 10518 RTFREE(ro.ro_rt); 10519 } 10520 #endif 10521 SCTP_STAT_INCR(sctps_sendpackets); 10522 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 10523 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10524 return; 10525 10526 } 10527 10528 static struct sctp_nets * 10529 sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now) 10530 { 10531 struct sctp_nets *net, *hnet; 10532 int ms_goneby, highest_ms, state_overide = 0; 10533 10534 (void)SCTP_GETTIME_TIMEVAL(now); 10535 highest_ms = 0; 10536 hnet = NULL; 10537 SCTP_TCB_LOCK_ASSERT(stcb); 10538 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 10539 if ( 10540 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) || 10541 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE) 10542 ) { 10543 /* 10544 * Skip this guy from consideration if HB is off AND 10545 * its confirmed 10546 */ 10547 continue; 10548 } 10549 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro._l_addr) == 0) { 10550 /* skip this dest net from consideration */ 10551 continue; 10552 } 10553 if (net->last_sent_time.tv_sec) { 10554 /* Sent to so we subtract */ 10555 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000; 10556 } else 10557 /* Never been sent to */ 10558 ms_goneby = 0x7fffffff; 10559 /*- 10560 * When the address state is unconfirmed but still 10561 * considered reachable, we HB at a higher rate. Once it 10562 * goes confirmed OR reaches the "unreachable" state, thenw 10563 * we cut it back to HB at a more normal pace. 10564 */ 10565 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) { 10566 state_overide = 1; 10567 } else { 10568 state_overide = 0; 10569 } 10570 10571 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) && 10572 (ms_goneby > highest_ms)) { 10573 highest_ms = ms_goneby; 10574 hnet = net; 10575 } 10576 } 10577 if (hnet && 10578 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) { 10579 state_overide = 1; 10580 } else { 10581 state_overide = 0; 10582 } 10583 10584 if (hnet && highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) { 10585 /*- 10586 * Found the one with longest delay bounds OR it is 10587 * unconfirmed and still not marked unreachable. 10588 */ 10589 SCTPDBG(SCTP_DEBUG_OUTPUT4, "net:%p is the hb winner -", hnet); 10590 #ifdef SCTP_DEBUG 10591 if (hnet) { 10592 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT4, 10593 (struct sockaddr *)&hnet->ro._l_addr); 10594 } else { 10595 SCTPDBG(SCTP_DEBUG_OUTPUT4, " none\n"); 10596 } 10597 #endif 10598 /* update the timer now */ 10599 hnet->last_sent_time = *now; 10600 return (hnet); 10601 } 10602 /* Nothing to HB */ 10603 return (NULL); 10604 } 10605 10606 int 10607 sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net) 10608 { 10609 struct sctp_tmit_chunk *chk; 10610 struct sctp_nets *net; 10611 struct sctp_heartbeat_chunk *hb; 10612 struct timeval now; 10613 struct sockaddr_in *sin; 10614 struct sockaddr_in6 *sin6; 10615 10616 SCTP_TCB_LOCK_ASSERT(stcb); 10617 if (user_req == 0) { 10618 net = sctp_select_hb_destination(stcb, &now); 10619 if (net == NULL) { 10620 /*- 10621 * All our busy none to send to, just start the 10622 * timer again. 10623 */ 10624 if (stcb->asoc.state == 0) { 10625 return (0); 10626 } 10627 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, 10628 stcb->sctp_ep, 10629 stcb, 10630 net); 10631 return (0); 10632 } 10633 } else { 10634 net = u_net; 10635 if (net == NULL) { 10636 return (0); 10637 } 10638 (void)SCTP_GETTIME_TIMEVAL(&now); 10639 } 10640 sin = (struct sockaddr_in *)&net->ro._l_addr; 10641 if (sin->sin_family != AF_INET) { 10642 if (sin->sin_family != AF_INET6) { 10643 /* huh */ 10644 return (0); 10645 } 10646 } 10647 sctp_alloc_a_chunk(stcb, chk); 10648 if (chk == NULL) { 10649 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n"); 10650 return (0); 10651 } 10652 chk->copy_by_ref = 0; 10653 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST; 10654 chk->rec.chunk_id.can_take_data = 1; 10655 chk->asoc = &stcb->asoc; 10656 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 10657 10658 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 10659 if (chk->data == NULL) { 10660 sctp_free_a_chunk(stcb, chk); 10661 return (0); 10662 } 10663 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10664 SCTP_BUF_LEN(chk->data) = chk->send_size; 10665 chk->sent = SCTP_DATAGRAM_UNSENT; 10666 chk->snd_count = 0; 10667 chk->whoTo = net; 10668 atomic_add_int(&chk->whoTo->ref_count, 1); 10669 /* Now we have a mbuf that we can fill in with the details */ 10670 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 10671 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk)); 10672 /* fill out chunk header */ 10673 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 10674 hb->ch.chunk_flags = 0; 10675 hb->ch.chunk_length = htons(chk->send_size); 10676 /* Fill out hb parameter */ 10677 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 10678 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 10679 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 10680 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 10681 /* Did our user request this one, put it in */ 10682 hb->heartbeat.hb_info.user_req = user_req; 10683 hb->heartbeat.hb_info.addr_family = sin->sin_family; 10684 hb->heartbeat.hb_info.addr_len = sin->sin_len; 10685 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 10686 /* 10687 * we only take from the entropy pool if the address is not 10688 * confirmed. 10689 */ 10690 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 10691 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 10692 } else { 10693 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 10694 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 10695 } 10696 if (sin->sin_family == AF_INET) { 10697 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr)); 10698 } else if (sin->sin_family == AF_INET6) { 10699 /* We leave the scope the way it is in our lookup table. */ 10700 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 10701 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr)); 10702 } else { 10703 /* huh compiler bug */ 10704 return (0); 10705 } 10706 10707 /* 10708 * JRS 5/14/07 - In CMT PF, the T3 timer is used to track 10709 * PF-heartbeats. Because of this, threshold management is done by 10710 * the t3 timer handler, and does not need to be done upon the send 10711 * of a PF-heartbeat. If CMT PF is on and the destination to which a 10712 * heartbeat is being sent is in PF state, do NOT do threshold 10713 * management. 10714 */ 10715 if ((stcb->asoc.sctp_cmt_pf == 0) || 10716 ((net->dest_state & SCTP_ADDR_PF) != SCTP_ADDR_PF)) { 10717 /* ok we have a destination that needs a beat */ 10718 /* lets do the theshold management Qiaobing style */ 10719 if (sctp_threshold_management(stcb->sctp_ep, stcb, net, 10720 stcb->asoc.max_send_times)) { 10721 /*- 10722 * we have lost the association, in a way this is 10723 * quite bad since we really are one less time since 10724 * we really did not send yet. This is the down side 10725 * to the Q's style as defined in the RFC and not my 10726 * alternate style defined in the RFC. 10727 */ 10728 if (chk->data != NULL) { 10729 sctp_m_freem(chk->data); 10730 chk->data = NULL; 10731 } 10732 /* 10733 * Here we do NOT use the macro since the 10734 * association is now gone. 10735 */ 10736 if (chk->whoTo) { 10737 sctp_free_remote_addr(chk->whoTo); 10738 chk->whoTo = NULL; 10739 } 10740 sctp_free_a_chunk((struct sctp_tcb *)NULL, chk); 10741 return (-1); 10742 } 10743 } 10744 net->hb_responded = 0; 10745 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 10746 stcb->asoc.ctrl_queue_cnt++; 10747 SCTP_STAT_INCR(sctps_sendheartbeat); 10748 /*- 10749 * Call directly med level routine to put out the chunk. It will 10750 * always tumble out control chunks aka HB but it may even tumble 10751 * out data too. 10752 */ 10753 return (1); 10754 } 10755 10756 void 10757 sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 10758 uint32_t high_tsn) 10759 { 10760 struct sctp_association *asoc; 10761 struct sctp_ecne_chunk *ecne; 10762 struct sctp_tmit_chunk *chk; 10763 10764 asoc = &stcb->asoc; 10765 SCTP_TCB_LOCK_ASSERT(stcb); 10766 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10767 if ((chk->rec.chunk_id.id == SCTP_ECN_ECHO) && (net == chk->whoTo)) { 10768 /* found a previous ECN_ECHO update it if needed */ 10769 uint32_t cnt, ctsn; 10770 10771 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 10772 ctsn = ntohl(ecne->tsn); 10773 if (SCTP_TSN_GT(high_tsn, ctsn)) { 10774 ecne->tsn = htonl(high_tsn); 10775 SCTP_STAT_INCR(sctps_queue_upd_ecne); 10776 } 10777 cnt = ntohl(ecne->num_pkts_since_cwr); 10778 cnt++; 10779 ecne->num_pkts_since_cwr = htonl(cnt); 10780 return; 10781 } 10782 } 10783 /* nope could not find one to update so we must build one */ 10784 sctp_alloc_a_chunk(stcb, chk); 10785 if (chk == NULL) { 10786 return; 10787 } 10788 chk->copy_by_ref = 0; 10789 SCTP_STAT_INCR(sctps_queue_upd_ecne); 10790 chk->rec.chunk_id.id = SCTP_ECN_ECHO; 10791 chk->rec.chunk_id.can_take_data = 0; 10792 chk->asoc = &stcb->asoc; 10793 chk->send_size = sizeof(struct sctp_ecne_chunk); 10794 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 10795 if (chk->data == NULL) { 10796 sctp_free_a_chunk(stcb, chk); 10797 return; 10798 } 10799 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10800 SCTP_BUF_LEN(chk->data) = chk->send_size; 10801 chk->sent = SCTP_DATAGRAM_UNSENT; 10802 chk->snd_count = 0; 10803 chk->whoTo = net; 10804 atomic_add_int(&chk->whoTo->ref_count, 1); 10805 stcb->asoc.ecn_echo_cnt_onq++; 10806 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 10807 ecne->ch.chunk_type = SCTP_ECN_ECHO; 10808 ecne->ch.chunk_flags = 0; 10809 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 10810 ecne->tsn = htonl(high_tsn); 10811 ecne->num_pkts_since_cwr = htonl(1); 10812 TAILQ_INSERT_HEAD(&stcb->asoc.control_send_queue, chk, sctp_next); 10813 asoc->ctrl_queue_cnt++; 10814 } 10815 10816 void 10817 sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 10818 struct mbuf *m, int iphlen, int bad_crc) 10819 { 10820 struct sctp_association *asoc; 10821 struct sctp_pktdrop_chunk *drp; 10822 struct sctp_tmit_chunk *chk; 10823 uint8_t *datap; 10824 int len; 10825 int was_trunc = 0; 10826 struct ip *iph; 10827 10828 #ifdef INET6 10829 struct ip6_hdr *ip6h; 10830 10831 #endif 10832 int fullsz = 0, extra = 0; 10833 long spc; 10834 int offset; 10835 struct sctp_chunkhdr *ch, chunk_buf; 10836 unsigned int chk_length; 10837 10838 if (!stcb) { 10839 return; 10840 } 10841 asoc = &stcb->asoc; 10842 SCTP_TCB_LOCK_ASSERT(stcb); 10843 if (asoc->peer_supports_pktdrop == 0) { 10844 /*- 10845 * peer must declare support before I send one. 10846 */ 10847 return; 10848 } 10849 if (stcb->sctp_socket == NULL) { 10850 return; 10851 } 10852 sctp_alloc_a_chunk(stcb, chk); 10853 if (chk == NULL) { 10854 return; 10855 } 10856 chk->copy_by_ref = 0; 10857 iph = mtod(m, struct ip *); 10858 if (iph == NULL) { 10859 sctp_free_a_chunk(stcb, chk); 10860 return; 10861 } 10862 switch (iph->ip_v) { 10863 case IPVERSION: 10864 /* IPv4 */ 10865 len = chk->send_size = iph->ip_len; 10866 break; 10867 #ifdef INET6 10868 case IPV6_VERSION >> 4: 10869 /* IPv6 */ 10870 ip6h = mtod(m, struct ip6_hdr *); 10871 len = chk->send_size = htons(ip6h->ip6_plen); 10872 break; 10873 #endif 10874 default: 10875 return; 10876 } 10877 /* Validate that we do not have an ABORT in here. */ 10878 offset = iphlen + sizeof(struct sctphdr); 10879 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 10880 sizeof(*ch), (uint8_t *) & chunk_buf); 10881 while (ch != NULL) { 10882 chk_length = ntohs(ch->chunk_length); 10883 if (chk_length < sizeof(*ch)) { 10884 /* break to abort land */ 10885 break; 10886 } 10887 switch (ch->chunk_type) { 10888 case SCTP_PACKET_DROPPED: 10889 case SCTP_ABORT_ASSOCIATION: 10890 case SCTP_INITIATION_ACK: 10891 /** 10892 * We don't respond with an PKT-DROP to an ABORT 10893 * or PKT-DROP. We also do not respond to an 10894 * INIT-ACK, because we can't know if the initiation 10895 * tag is correct or not. 10896 */ 10897 sctp_free_a_chunk(stcb, chk); 10898 return; 10899 default: 10900 break; 10901 } 10902 offset += SCTP_SIZE32(chk_length); 10903 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 10904 sizeof(*ch), (uint8_t *) & chunk_buf); 10905 } 10906 10907 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) > 10908 min(stcb->asoc.smallest_mtu, MCLBYTES)) { 10909 /* 10910 * only send 1 mtu worth, trim off the excess on the end. 10911 */ 10912 fullsz = len - extra; 10913 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD; 10914 was_trunc = 1; 10915 } 10916 chk->asoc = &stcb->asoc; 10917 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 10918 if (chk->data == NULL) { 10919 jump_out: 10920 sctp_free_a_chunk(stcb, chk); 10921 return; 10922 } 10923 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10924 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 10925 if (drp == NULL) { 10926 sctp_m_freem(chk->data); 10927 chk->data = NULL; 10928 goto jump_out; 10929 } 10930 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 10931 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD)); 10932 chk->book_size_scale = 0; 10933 if (was_trunc) { 10934 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 10935 drp->trunc_len = htons(fullsz); 10936 /* 10937 * Len is already adjusted to size minus overhead above take 10938 * out the pkt_drop chunk itself from it. 10939 */ 10940 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk); 10941 len = chk->send_size; 10942 } else { 10943 /* no truncation needed */ 10944 drp->ch.chunk_flags = 0; 10945 drp->trunc_len = htons(0); 10946 } 10947 if (bad_crc) { 10948 drp->ch.chunk_flags |= SCTP_BADCRC; 10949 } 10950 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 10951 SCTP_BUF_LEN(chk->data) = chk->send_size; 10952 chk->sent = SCTP_DATAGRAM_UNSENT; 10953 chk->snd_count = 0; 10954 if (net) { 10955 /* we should hit here */ 10956 chk->whoTo = net; 10957 } else { 10958 chk->whoTo = asoc->primary_destination; 10959 } 10960 atomic_add_int(&chk->whoTo->ref_count, 1); 10961 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED; 10962 chk->rec.chunk_id.can_take_data = 1; 10963 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 10964 drp->ch.chunk_length = htons(chk->send_size); 10965 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket); 10966 if (spc < 0) { 10967 spc = 0; 10968 } 10969 drp->bottle_bw = htonl(spc); 10970 if (asoc->my_rwnd) { 10971 drp->current_onq = htonl(asoc->size_on_reasm_queue + 10972 asoc->size_on_all_streams + 10973 asoc->my_rwnd_control_len + 10974 stcb->sctp_socket->so_rcv.sb_cc); 10975 } else { 10976 /*- 10977 * If my rwnd is 0, possibly from mbuf depletion as well as 10978 * space used, tell the peer there is NO space aka onq == bw 10979 */ 10980 drp->current_onq = htonl(spc); 10981 } 10982 drp->reserved = 0; 10983 datap = drp->data; 10984 m_copydata(m, iphlen, len, (caddr_t)datap); 10985 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 10986 asoc->ctrl_queue_cnt++; 10987 } 10988 10989 void 10990 sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn, uint8_t override) 10991 { 10992 struct sctp_association *asoc; 10993 struct sctp_cwr_chunk *cwr; 10994 struct sctp_tmit_chunk *chk; 10995 10996 asoc = &stcb->asoc; 10997 SCTP_TCB_LOCK_ASSERT(stcb); 10998 10999 11000 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 11001 if ((chk->rec.chunk_id.id == SCTP_ECN_CWR) && (net == chk->whoTo)) { 11002 /* 11003 * found a previous CWR queued to same destination 11004 * update it if needed 11005 */ 11006 uint32_t ctsn; 11007 11008 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11009 ctsn = ntohl(cwr->tsn); 11010 if (SCTP_TSN_GT(high_tsn, ctsn)) { 11011 cwr->tsn = htonl(high_tsn); 11012 } 11013 if (override & SCTP_CWR_REDUCE_OVERRIDE) { 11014 /* Make sure override is carried */ 11015 cwr->ch.chunk_flags |= SCTP_CWR_REDUCE_OVERRIDE; 11016 } 11017 return; 11018 } 11019 } 11020 sctp_alloc_a_chunk(stcb, chk); 11021 if (chk == NULL) { 11022 return; 11023 } 11024 chk->copy_by_ref = 0; 11025 chk->rec.chunk_id.id = SCTP_ECN_CWR; 11026 chk->rec.chunk_id.can_take_data = 1; 11027 chk->asoc = &stcb->asoc; 11028 chk->send_size = sizeof(struct sctp_cwr_chunk); 11029 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 11030 if (chk->data == NULL) { 11031 sctp_free_a_chunk(stcb, chk); 11032 return; 11033 } 11034 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11035 SCTP_BUF_LEN(chk->data) = chk->send_size; 11036 chk->sent = SCTP_DATAGRAM_UNSENT; 11037 chk->snd_count = 0; 11038 chk->whoTo = net; 11039 atomic_add_int(&chk->whoTo->ref_count, 1); 11040 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11041 cwr->ch.chunk_type = SCTP_ECN_CWR; 11042 cwr->ch.chunk_flags = override; 11043 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 11044 cwr->tsn = htonl(high_tsn); 11045 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11046 asoc->ctrl_queue_cnt++; 11047 } 11048 11049 void 11050 sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk, 11051 int number_entries, uint16_t * list, 11052 uint32_t seq, uint32_t resp_seq, uint32_t last_sent) 11053 { 11054 int len, old_len, i; 11055 struct sctp_stream_reset_out_request *req_out; 11056 struct sctp_chunkhdr *ch; 11057 11058 ch = mtod(chk->data, struct sctp_chunkhdr *); 11059 11060 11061 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11062 11063 /* get to new offset for the param. */ 11064 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len); 11065 /* now how long will this param be? */ 11066 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries)); 11067 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST); 11068 req_out->ph.param_length = htons(len); 11069 req_out->request_seq = htonl(seq); 11070 req_out->response_seq = htonl(resp_seq); 11071 req_out->send_reset_at_tsn = htonl(last_sent); 11072 if (number_entries) { 11073 for (i = 0; i < number_entries; i++) { 11074 req_out->list_of_streams[i] = htons(list[i]); 11075 } 11076 } 11077 if (SCTP_SIZE32(len) > len) { 11078 /*- 11079 * Need to worry about the pad we may end up adding to the 11080 * end. This is easy since the struct is either aligned to 4 11081 * bytes or 2 bytes off. 11082 */ 11083 req_out->list_of_streams[number_entries] = 0; 11084 } 11085 /* now fix the chunk length */ 11086 ch->chunk_length = htons(len + old_len); 11087 chk->book_size = len + old_len; 11088 chk->book_size_scale = 0; 11089 chk->send_size = SCTP_SIZE32(chk->book_size); 11090 SCTP_BUF_LEN(chk->data) = chk->send_size; 11091 return; 11092 } 11093 11094 11095 void 11096 sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk, 11097 int number_entries, uint16_t * list, 11098 uint32_t seq) 11099 { 11100 int len, old_len, i; 11101 struct sctp_stream_reset_in_request *req_in; 11102 struct sctp_chunkhdr *ch; 11103 11104 ch = mtod(chk->data, struct sctp_chunkhdr *); 11105 11106 11107 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11108 11109 /* get to new offset for the param. */ 11110 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len); 11111 /* now how long will this param be? */ 11112 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries)); 11113 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST); 11114 req_in->ph.param_length = htons(len); 11115 req_in->request_seq = htonl(seq); 11116 if (number_entries) { 11117 for (i = 0; i < number_entries; i++) { 11118 req_in->list_of_streams[i] = htons(list[i]); 11119 } 11120 } 11121 if (SCTP_SIZE32(len) > len) { 11122 /*- 11123 * Need to worry about the pad we may end up adding to the 11124 * end. This is easy since the struct is either aligned to 4 11125 * bytes or 2 bytes off. 11126 */ 11127 req_in->list_of_streams[number_entries] = 0; 11128 } 11129 /* now fix the chunk length */ 11130 ch->chunk_length = htons(len + old_len); 11131 chk->book_size = len + old_len; 11132 chk->book_size_scale = 0; 11133 chk->send_size = SCTP_SIZE32(chk->book_size); 11134 SCTP_BUF_LEN(chk->data) = chk->send_size; 11135 return; 11136 } 11137 11138 11139 void 11140 sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk, 11141 uint32_t seq) 11142 { 11143 int len, old_len; 11144 struct sctp_stream_reset_tsn_request *req_tsn; 11145 struct sctp_chunkhdr *ch; 11146 11147 ch = mtod(chk->data, struct sctp_chunkhdr *); 11148 11149 11150 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11151 11152 /* get to new offset for the param. */ 11153 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len); 11154 /* now how long will this param be? */ 11155 len = sizeof(struct sctp_stream_reset_tsn_request); 11156 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST); 11157 req_tsn->ph.param_length = htons(len); 11158 req_tsn->request_seq = htonl(seq); 11159 11160 /* now fix the chunk length */ 11161 ch->chunk_length = htons(len + old_len); 11162 chk->send_size = len + old_len; 11163 chk->book_size = SCTP_SIZE32(chk->send_size); 11164 chk->book_size_scale = 0; 11165 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11166 return; 11167 } 11168 11169 void 11170 sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk, 11171 uint32_t resp_seq, uint32_t result) 11172 { 11173 int len, old_len; 11174 struct sctp_stream_reset_response *resp; 11175 struct sctp_chunkhdr *ch; 11176 11177 ch = mtod(chk->data, struct sctp_chunkhdr *); 11178 11179 11180 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11181 11182 /* get to new offset for the param. */ 11183 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len); 11184 /* now how long will this param be? */ 11185 len = sizeof(struct sctp_stream_reset_response); 11186 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11187 resp->ph.param_length = htons(len); 11188 resp->response_seq = htonl(resp_seq); 11189 resp->result = ntohl(result); 11190 11191 /* now fix the chunk length */ 11192 ch->chunk_length = htons(len + old_len); 11193 chk->book_size = len + old_len; 11194 chk->book_size_scale = 0; 11195 chk->send_size = SCTP_SIZE32(chk->book_size); 11196 SCTP_BUF_LEN(chk->data) = chk->send_size; 11197 return; 11198 11199 } 11200 11201 11202 void 11203 sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk, 11204 uint32_t resp_seq, uint32_t result, 11205 uint32_t send_una, uint32_t recv_next) 11206 { 11207 int len, old_len; 11208 struct sctp_stream_reset_response_tsn *resp; 11209 struct sctp_chunkhdr *ch; 11210 11211 ch = mtod(chk->data, struct sctp_chunkhdr *); 11212 11213 11214 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11215 11216 /* get to new offset for the param. */ 11217 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len); 11218 /* now how long will this param be? */ 11219 len = sizeof(struct sctp_stream_reset_response_tsn); 11220 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11221 resp->ph.param_length = htons(len); 11222 resp->response_seq = htonl(resp_seq); 11223 resp->result = htonl(result); 11224 resp->senders_next_tsn = htonl(send_una); 11225 resp->receivers_next_tsn = htonl(recv_next); 11226 11227 /* now fix the chunk length */ 11228 ch->chunk_length = htons(len + old_len); 11229 chk->book_size = len + old_len; 11230 chk->send_size = SCTP_SIZE32(chk->book_size); 11231 chk->book_size_scale = 0; 11232 SCTP_BUF_LEN(chk->data) = chk->send_size; 11233 return; 11234 } 11235 11236 static void 11237 sctp_add_a_stream(struct sctp_tmit_chunk *chk, 11238 uint32_t seq, 11239 uint16_t adding) 11240 { 11241 int len, old_len; 11242 struct sctp_chunkhdr *ch; 11243 struct sctp_stream_reset_add_strm *addstr; 11244 11245 ch = mtod(chk->data, struct sctp_chunkhdr *); 11246 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11247 11248 /* get to new offset for the param. */ 11249 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 11250 /* now how long will this param be? */ 11251 len = sizeof(struct sctp_stream_reset_add_strm); 11252 11253 /* Fill it out. */ 11254 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_STREAMS); 11255 addstr->ph.param_length = htons(len); 11256 addstr->request_seq = htonl(seq); 11257 addstr->number_of_streams = htons(adding); 11258 addstr->reserved = 0; 11259 11260 /* now fix the chunk length */ 11261 ch->chunk_length = htons(len + old_len); 11262 chk->send_size = len + old_len; 11263 chk->book_size = SCTP_SIZE32(chk->send_size); 11264 chk->book_size_scale = 0; 11265 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11266 return; 11267 } 11268 11269 int 11270 sctp_send_str_reset_req(struct sctp_tcb *stcb, 11271 int number_entries, uint16_t * list, 11272 uint8_t send_out_req, 11273 uint32_t resp_seq, 11274 uint8_t send_in_req, 11275 uint8_t send_tsn_req, 11276 uint8_t add_stream, 11277 uint16_t adding 11278 ) 11279 { 11280 11281 struct sctp_association *asoc; 11282 struct sctp_tmit_chunk *chk; 11283 struct sctp_chunkhdr *ch; 11284 uint32_t seq; 11285 11286 asoc = &stcb->asoc; 11287 if (asoc->stream_reset_outstanding) { 11288 /*- 11289 * Already one pending, must get ACK back to clear the flag. 11290 */ 11291 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY); 11292 return (EBUSY); 11293 } 11294 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0) && 11295 (add_stream == 0)) { 11296 /* nothing to do */ 11297 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11298 return (EINVAL); 11299 } 11300 if (send_tsn_req && (send_out_req || send_in_req)) { 11301 /* error, can't do that */ 11302 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11303 return (EINVAL); 11304 } 11305 sctp_alloc_a_chunk(stcb, chk); 11306 if (chk == NULL) { 11307 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11308 return (ENOMEM); 11309 } 11310 chk->copy_by_ref = 0; 11311 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 11312 chk->rec.chunk_id.can_take_data = 0; 11313 chk->asoc = &stcb->asoc; 11314 chk->book_size = sizeof(struct sctp_chunkhdr); 11315 chk->send_size = SCTP_SIZE32(chk->book_size); 11316 chk->book_size_scale = 0; 11317 11318 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 11319 if (chk->data == NULL) { 11320 sctp_free_a_chunk(stcb, chk); 11321 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11322 return (ENOMEM); 11323 } 11324 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11325 11326 /* setup chunk parameters */ 11327 chk->sent = SCTP_DATAGRAM_UNSENT; 11328 chk->snd_count = 0; 11329 chk->whoTo = asoc->primary_destination; 11330 atomic_add_int(&chk->whoTo->ref_count, 1); 11331 11332 ch = mtod(chk->data, struct sctp_chunkhdr *); 11333 ch->chunk_type = SCTP_STREAM_RESET; 11334 ch->chunk_flags = 0; 11335 ch->chunk_length = htons(chk->book_size); 11336 SCTP_BUF_LEN(chk->data) = chk->send_size; 11337 11338 seq = stcb->asoc.str_reset_seq_out; 11339 if (send_out_req) { 11340 sctp_add_stream_reset_out(chk, number_entries, list, 11341 seq, resp_seq, (stcb->asoc.sending_seq - 1)); 11342 asoc->stream_reset_out_is_outstanding = 1; 11343 seq++; 11344 asoc->stream_reset_outstanding++; 11345 } 11346 if (add_stream) { 11347 sctp_add_a_stream(chk, seq, adding); 11348 seq++; 11349 asoc->stream_reset_outstanding++; 11350 } 11351 if (send_in_req) { 11352 sctp_add_stream_reset_in(chk, number_entries, list, seq); 11353 asoc->stream_reset_outstanding++; 11354 } 11355 if (send_tsn_req) { 11356 sctp_add_stream_reset_tsn(chk, seq); 11357 asoc->stream_reset_outstanding++; 11358 } 11359 asoc->str_reset = chk; 11360 11361 /* insert the chunk for sending */ 11362 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 11363 chk, 11364 sctp_next); 11365 asoc->ctrl_queue_cnt++; 11366 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 11367 return (0); 11368 } 11369 11370 void 11371 sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag, 11372 struct mbuf *err_cause, uint32_t vrf_id, uint16_t port) 11373 { 11374 /*- 11375 * Formulate the abort message, and send it back down. 11376 */ 11377 struct mbuf *o_pak; 11378 struct mbuf *mout; 11379 struct sctp_abort_msg *abm; 11380 struct ip *iph, *iph_out; 11381 struct udphdr *udp; 11382 11383 #ifdef INET6 11384 struct ip6_hdr *ip6, *ip6_out; 11385 11386 #endif 11387 int iphlen_out, len; 11388 11389 /* don't respond to ABORT with ABORT */ 11390 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 11391 if (err_cause) 11392 sctp_m_freem(err_cause); 11393 return; 11394 } 11395 iph = mtod(m, struct ip *); 11396 switch (iph->ip_v) { 11397 case IPVERSION: 11398 len = (sizeof(struct ip) + sizeof(struct sctp_abort_msg)); 11399 break; 11400 #ifdef INET6 11401 case IPV6_VERSION >> 4: 11402 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_abort_msg)); 11403 break; 11404 #endif 11405 default: 11406 if (err_cause) { 11407 sctp_m_freem(err_cause); 11408 } 11409 return; 11410 } 11411 if (port) { 11412 len += sizeof(struct udphdr); 11413 } 11414 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 11415 if (mout == NULL) { 11416 if (err_cause) { 11417 sctp_m_freem(err_cause); 11418 } 11419 return; 11420 } 11421 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11422 SCTP_BUF_LEN(mout) = len; 11423 SCTP_BUF_NEXT(mout) = err_cause; 11424 if (m->m_flags & M_FLOWID) { 11425 mout->m_pkthdr.flowid = m->m_pkthdr.flowid; 11426 mout->m_flags |= M_FLOWID; 11427 } 11428 iph_out = NULL; 11429 #ifdef INET6 11430 ip6_out = NULL; 11431 #endif 11432 switch (iph->ip_v) { 11433 case IPVERSION: 11434 iph_out = mtod(mout, struct ip *); 11435 11436 /* Fill in the IP header for the ABORT */ 11437 iph_out->ip_v = IPVERSION; 11438 iph_out->ip_hl = (sizeof(struct ip) / 4); 11439 iph_out->ip_tos = (u_char)0; 11440 iph_out->ip_id = 0; 11441 iph_out->ip_off = 0; 11442 iph_out->ip_ttl = MAXTTL; 11443 if (port) { 11444 iph_out->ip_p = IPPROTO_UDP; 11445 } else { 11446 iph_out->ip_p = IPPROTO_SCTP; 11447 } 11448 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 11449 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 11450 /* let IP layer calculate this */ 11451 iph_out->ip_sum = 0; 11452 11453 iphlen_out = sizeof(*iph_out); 11454 abm = (struct sctp_abort_msg *)((caddr_t)iph_out + iphlen_out); 11455 break; 11456 #ifdef INET6 11457 case IPV6_VERSION >> 4: 11458 ip6 = (struct ip6_hdr *)iph; 11459 ip6_out = mtod(mout, struct ip6_hdr *); 11460 11461 /* Fill in the IP6 header for the ABORT */ 11462 ip6_out->ip6_flow = ip6->ip6_flow; 11463 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11464 if (port) { 11465 ip6_out->ip6_nxt = IPPROTO_UDP; 11466 } else { 11467 ip6_out->ip6_nxt = IPPROTO_SCTP; 11468 } 11469 ip6_out->ip6_src = ip6->ip6_dst; 11470 ip6_out->ip6_dst = ip6->ip6_src; 11471 11472 iphlen_out = sizeof(*ip6_out); 11473 abm = (struct sctp_abort_msg *)((caddr_t)ip6_out + iphlen_out); 11474 break; 11475 #endif /* INET6 */ 11476 default: 11477 /* Currently not supported */ 11478 sctp_m_freem(mout); 11479 return; 11480 } 11481 11482 udp = (struct udphdr *)abm; 11483 if (port) { 11484 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11485 udp->uh_dport = port; 11486 /* set udp->uh_ulen later */ 11487 udp->uh_sum = 0; 11488 iphlen_out += sizeof(struct udphdr); 11489 abm = (struct sctp_abort_msg *)((caddr_t)abm + sizeof(struct udphdr)); 11490 } 11491 abm->sh.src_port = sh->dest_port; 11492 abm->sh.dest_port = sh->src_port; 11493 abm->sh.checksum = 0; 11494 if (vtag == 0) { 11495 abm->sh.v_tag = sh->v_tag; 11496 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB; 11497 } else { 11498 abm->sh.v_tag = htonl(vtag); 11499 abm->msg.ch.chunk_flags = 0; 11500 } 11501 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION; 11502 11503 if (err_cause) { 11504 struct mbuf *m_tmp = err_cause; 11505 int err_len = 0; 11506 11507 /* get length of the err_cause chain */ 11508 while (m_tmp != NULL) { 11509 err_len += SCTP_BUF_LEN(m_tmp); 11510 m_tmp = SCTP_BUF_NEXT(m_tmp); 11511 } 11512 len = SCTP_BUF_LEN(mout) + err_len; 11513 if (err_len % 4) { 11514 /* need pad at end of chunk */ 11515 uint32_t cpthis = 0; 11516 int padlen; 11517 11518 padlen = 4 - (len % 4); 11519 m_copyback(mout, len, padlen, (caddr_t)&cpthis); 11520 len += padlen; 11521 } 11522 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len); 11523 } else { 11524 len = SCTP_BUF_LEN(mout); 11525 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch)); 11526 } 11527 11528 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11529 /* no mbuf's */ 11530 sctp_m_freem(mout); 11531 return; 11532 } 11533 if (iph_out != NULL) { 11534 sctp_route_t ro; 11535 int ret; 11536 11537 /* zap the stack pointer to the route */ 11538 bzero(&ro, sizeof ro); 11539 if (port) { 11540 udp->uh_ulen = htons(len - sizeof(struct ip)); 11541 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11542 } 11543 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip_output:\n"); 11544 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, iph_out, &abm->sh); 11545 /* set IPv4 length */ 11546 iph_out->ip_len = len; 11547 /* out it goes */ 11548 #ifdef SCTP_PACKET_LOGGING 11549 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11550 sctp_packet_log(mout, len); 11551 #endif 11552 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11553 if (port) { 11554 #if defined(SCTP_WITH_NO_CSUM) 11555 SCTP_STAT_INCR(sctps_sendnocrc); 11556 #else 11557 abm->sh.checksum = sctp_calculate_cksum(mout, iphlen_out); 11558 SCTP_STAT_INCR(sctps_sendswcrc); 11559 #endif 11560 SCTP_ENABLE_UDP_CSUM(o_pak); 11561 } else { 11562 #if defined(SCTP_WITH_NO_CSUM) 11563 SCTP_STAT_INCR(sctps_sendnocrc); 11564 #else 11565 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11566 mout->m_pkthdr.csum_data = 0; 11567 SCTP_STAT_INCR(sctps_sendhwcrc); 11568 #endif 11569 } 11570 SCTP_IP_OUTPUT(ret, o_pak, &ro, NULL, vrf_id); 11571 11572 /* Free the route if we got one back */ 11573 if (ro.ro_rt) 11574 RTFREE(ro.ro_rt); 11575 } 11576 #ifdef INET6 11577 if (ip6_out != NULL) { 11578 struct route_in6 ro; 11579 int ret; 11580 struct ifnet *ifp = NULL; 11581 11582 /* zap the stack pointer to the route */ 11583 bzero(&ro, sizeof(ro)); 11584 if (port) { 11585 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr)); 11586 } 11587 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip6_output:\n"); 11588 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, (struct ip *)ip6_out, &abm->sh); 11589 ip6_out->ip6_plen = len - sizeof(*ip6_out); 11590 #ifdef SCTP_PACKET_LOGGING 11591 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11592 sctp_packet_log(mout, len); 11593 #endif 11594 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11595 if (port) { 11596 #if defined(SCTP_WITH_NO_CSUM) 11597 SCTP_STAT_INCR(sctps_sendnocrc); 11598 #else 11599 abm->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11600 SCTP_STAT_INCR(sctps_sendswcrc); 11601 #endif 11602 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11603 udp->uh_sum = 0xffff; 11604 } 11605 } else { 11606 #if defined(SCTP_WITH_NO_CSUM) 11607 SCTP_STAT_INCR(sctps_sendnocrc); 11608 #else 11609 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11610 mout->m_pkthdr.csum_data = 0; 11611 SCTP_STAT_INCR(sctps_sendhwcrc); 11612 #endif 11613 } 11614 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, NULL, vrf_id); 11615 11616 /* Free the route if we got one back */ 11617 if (ro.ro_rt) 11618 RTFREE(ro.ro_rt); 11619 } 11620 #endif 11621 SCTP_STAT_INCR(sctps_sendpackets); 11622 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11623 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11624 } 11625 11626 void 11627 sctp_send_operr_to(struct mbuf *m, int iphlen, struct mbuf *scm, uint32_t vtag, 11628 uint32_t vrf_id, uint16_t port) 11629 { 11630 struct mbuf *o_pak; 11631 struct sctphdr *sh, *sh_out; 11632 struct sctp_chunkhdr *ch; 11633 struct ip *iph, *iph_out; 11634 struct udphdr *udp = NULL; 11635 struct mbuf *mout; 11636 11637 #ifdef INET6 11638 struct ip6_hdr *ip6, *ip6_out; 11639 11640 #endif 11641 int iphlen_out, len; 11642 11643 iph = mtod(m, struct ip *); 11644 sh = (struct sctphdr *)((caddr_t)iph + iphlen); 11645 switch (iph->ip_v) { 11646 case IPVERSION: 11647 len = (sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)); 11648 break; 11649 #ifdef INET6 11650 case IPV6_VERSION >> 4: 11651 len = (sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)); 11652 break; 11653 #endif 11654 default: 11655 if (scm) { 11656 sctp_m_freem(scm); 11657 } 11658 return; 11659 } 11660 if (port) { 11661 len += sizeof(struct udphdr); 11662 } 11663 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 11664 if (mout == NULL) { 11665 if (scm) { 11666 sctp_m_freem(scm); 11667 } 11668 return; 11669 } 11670 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11671 SCTP_BUF_LEN(mout) = len; 11672 SCTP_BUF_NEXT(mout) = scm; 11673 if (m->m_flags & M_FLOWID) { 11674 mout->m_pkthdr.flowid = m->m_pkthdr.flowid; 11675 mout->m_flags |= M_FLOWID; 11676 } 11677 iph_out = NULL; 11678 #ifdef INET6 11679 ip6_out = NULL; 11680 #endif 11681 switch (iph->ip_v) { 11682 case IPVERSION: 11683 iph_out = mtod(mout, struct ip *); 11684 11685 /* Fill in the IP header for the ABORT */ 11686 iph_out->ip_v = IPVERSION; 11687 iph_out->ip_hl = (sizeof(struct ip) / 4); 11688 iph_out->ip_tos = (u_char)0; 11689 iph_out->ip_id = 0; 11690 iph_out->ip_off = 0; 11691 iph_out->ip_ttl = MAXTTL; 11692 if (port) { 11693 iph_out->ip_p = IPPROTO_UDP; 11694 } else { 11695 iph_out->ip_p = IPPROTO_SCTP; 11696 } 11697 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 11698 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 11699 /* let IP layer calculate this */ 11700 iph_out->ip_sum = 0; 11701 11702 iphlen_out = sizeof(struct ip); 11703 sh_out = (struct sctphdr *)((caddr_t)iph_out + iphlen_out); 11704 break; 11705 #ifdef INET6 11706 case IPV6_VERSION >> 4: 11707 ip6 = (struct ip6_hdr *)iph; 11708 ip6_out = mtod(mout, struct ip6_hdr *); 11709 11710 /* Fill in the IP6 header for the ABORT */ 11711 ip6_out->ip6_flow = ip6->ip6_flow; 11712 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11713 if (port) { 11714 ip6_out->ip6_nxt = IPPROTO_UDP; 11715 } else { 11716 ip6_out->ip6_nxt = IPPROTO_SCTP; 11717 } 11718 ip6_out->ip6_src = ip6->ip6_dst; 11719 ip6_out->ip6_dst = ip6->ip6_src; 11720 11721 iphlen_out = sizeof(struct ip6_hdr); 11722 sh_out = (struct sctphdr *)((caddr_t)ip6_out + iphlen_out); 11723 break; 11724 #endif /* INET6 */ 11725 default: 11726 /* Currently not supported */ 11727 sctp_m_freem(mout); 11728 return; 11729 } 11730 11731 udp = (struct udphdr *)sh_out; 11732 if (port) { 11733 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11734 udp->uh_dport = port; 11735 /* set udp->uh_ulen later */ 11736 udp->uh_sum = 0; 11737 iphlen_out += sizeof(struct udphdr); 11738 sh_out = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 11739 } 11740 sh_out->src_port = sh->dest_port; 11741 sh_out->dest_port = sh->src_port; 11742 sh_out->v_tag = vtag; 11743 sh_out->checksum = 0; 11744 11745 ch = (struct sctp_chunkhdr *)((caddr_t)sh_out + sizeof(struct sctphdr)); 11746 ch->chunk_type = SCTP_OPERATION_ERROR; 11747 ch->chunk_flags = 0; 11748 11749 if (scm) { 11750 struct mbuf *m_tmp = scm; 11751 int cause_len = 0; 11752 11753 /* get length of the err_cause chain */ 11754 while (m_tmp != NULL) { 11755 cause_len += SCTP_BUF_LEN(m_tmp); 11756 m_tmp = SCTP_BUF_NEXT(m_tmp); 11757 } 11758 len = SCTP_BUF_LEN(mout) + cause_len; 11759 if (cause_len % 4) { 11760 /* need pad at end of chunk */ 11761 uint32_t cpthis = 0; 11762 int padlen; 11763 11764 padlen = 4 - (len % 4); 11765 m_copyback(mout, len, padlen, (caddr_t)&cpthis); 11766 len += padlen; 11767 } 11768 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len); 11769 } else { 11770 len = SCTP_BUF_LEN(mout); 11771 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr)); 11772 } 11773 11774 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11775 /* no mbuf's */ 11776 sctp_m_freem(mout); 11777 return; 11778 } 11779 if (iph_out != NULL) { 11780 sctp_route_t ro; 11781 int ret; 11782 11783 /* zap the stack pointer to the route */ 11784 bzero(&ro, sizeof ro); 11785 if (port) { 11786 udp->uh_ulen = htons(len - sizeof(struct ip)); 11787 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11788 } 11789 /* set IPv4 length */ 11790 iph_out->ip_len = len; 11791 /* out it goes */ 11792 #ifdef SCTP_PACKET_LOGGING 11793 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11794 sctp_packet_log(mout, len); 11795 #endif 11796 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11797 if (port) { 11798 #if defined(SCTP_WITH_NO_CSUM) 11799 SCTP_STAT_INCR(sctps_sendnocrc); 11800 #else 11801 sh_out->checksum = sctp_calculate_cksum(mout, iphlen_out); 11802 SCTP_STAT_INCR(sctps_sendswcrc); 11803 #endif 11804 SCTP_ENABLE_UDP_CSUM(o_pak); 11805 } else { 11806 #if defined(SCTP_WITH_NO_CSUM) 11807 SCTP_STAT_INCR(sctps_sendnocrc); 11808 #else 11809 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11810 mout->m_pkthdr.csum_data = 0; 11811 SCTP_STAT_INCR(sctps_sendhwcrc); 11812 #endif 11813 } 11814 SCTP_IP_OUTPUT(ret, o_pak, &ro, NULL, vrf_id); 11815 11816 /* Free the route if we got one back */ 11817 if (ro.ro_rt) 11818 RTFREE(ro.ro_rt); 11819 } 11820 #ifdef INET6 11821 if (ip6_out != NULL) { 11822 struct route_in6 ro; 11823 int ret; 11824 struct ifnet *ifp = NULL; 11825 11826 /* zap the stack pointer to the route */ 11827 bzero(&ro, sizeof(ro)); 11828 if (port) { 11829 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr)); 11830 } 11831 ip6_out->ip6_plen = len - sizeof(*ip6_out); 11832 #ifdef SCTP_PACKET_LOGGING 11833 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11834 sctp_packet_log(mout, len); 11835 #endif 11836 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11837 if (port) { 11838 #if defined(SCTP_WITH_NO_CSUM) 11839 SCTP_STAT_INCR(sctps_sendnocrc); 11840 #else 11841 sh_out->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11842 SCTP_STAT_INCR(sctps_sendswcrc); 11843 #endif 11844 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11845 udp->uh_sum = 0xffff; 11846 } 11847 } else { 11848 #if defined(SCTP_WITH_NO_CSUM) 11849 SCTP_STAT_INCR(sctps_sendnocrc); 11850 #else 11851 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11852 mout->m_pkthdr.csum_data = 0; 11853 SCTP_STAT_INCR(sctps_sendhwcrc); 11854 #endif 11855 } 11856 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, NULL, vrf_id); 11857 11858 /* Free the route if we got one back */ 11859 if (ro.ro_rt) 11860 RTFREE(ro.ro_rt); 11861 } 11862 #endif 11863 SCTP_STAT_INCR(sctps_sendpackets); 11864 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11865 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11866 } 11867 11868 static struct mbuf * 11869 sctp_copy_resume(struct sctp_stream_queue_pending *sp, 11870 struct uio *uio, 11871 struct sctp_sndrcvinfo *srcv, 11872 int max_send_len, 11873 int user_marks_eor, 11874 int *error, 11875 uint32_t * sndout, 11876 struct mbuf **new_tail) 11877 { 11878 struct mbuf *m; 11879 11880 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0, 11881 (M_PKTHDR | (user_marks_eor ? M_EOR : 0))); 11882 if (m == NULL) { 11883 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11884 *error = ENOMEM; 11885 } else { 11886 *sndout = m_length(m, NULL); 11887 *new_tail = m_last(m); 11888 } 11889 return (m); 11890 } 11891 11892 static int 11893 sctp_copy_one(struct sctp_stream_queue_pending *sp, 11894 struct uio *uio, 11895 int resv_upfront) 11896 { 11897 int left; 11898 11899 left = sp->length; 11900 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, 11901 resv_upfront, 0); 11902 if (sp->data == NULL) { 11903 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11904 return (ENOMEM); 11905 } 11906 sp->tail_mbuf = m_last(sp->data); 11907 return (0); 11908 } 11909 11910 11911 11912 static struct sctp_stream_queue_pending * 11913 sctp_copy_it_in(struct sctp_tcb *stcb, 11914 struct sctp_association *asoc, 11915 struct sctp_sndrcvinfo *srcv, 11916 struct uio *uio, 11917 struct sctp_nets *net, 11918 int max_send_len, 11919 int user_marks_eor, 11920 int *error, 11921 int non_blocking) 11922 { 11923 /*- 11924 * This routine must be very careful in its work. Protocol 11925 * processing is up and running so care must be taken to spl...() 11926 * when you need to do something that may effect the stcb/asoc. The 11927 * sb is locked however. When data is copied the protocol processing 11928 * should be enabled since this is a slower operation... 11929 */ 11930 struct sctp_stream_queue_pending *sp = NULL; 11931 int resv_in_first; 11932 11933 *error = 0; 11934 /* Now can we send this? */ 11935 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 11936 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 11937 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 11938 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 11939 /* got data while shutting down */ 11940 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 11941 *error = ECONNRESET; 11942 goto out_now; 11943 } 11944 sctp_alloc_a_strmoq(stcb, sp); 11945 if (sp == NULL) { 11946 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11947 *error = ENOMEM; 11948 goto out_now; 11949 } 11950 sp->act_flags = 0; 11951 sp->sender_all_done = 0; 11952 sp->sinfo_flags = srcv->sinfo_flags; 11953 sp->timetolive = srcv->sinfo_timetolive; 11954 sp->ppid = srcv->sinfo_ppid; 11955 sp->context = srcv->sinfo_context; 11956 sp->strseq = 0; 11957 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 11958 11959 sp->stream = srcv->sinfo_stream; 11960 sp->length = min(uio->uio_resid, max_send_len); 11961 if ((sp->length == (uint32_t) uio->uio_resid) && 11962 ((user_marks_eor == 0) || 11963 (srcv->sinfo_flags & SCTP_EOF) || 11964 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 11965 sp->msg_is_complete = 1; 11966 } else { 11967 sp->msg_is_complete = 0; 11968 } 11969 sp->sender_all_done = 0; 11970 sp->some_taken = 0; 11971 sp->put_last_out = 0; 11972 resv_in_first = sizeof(struct sctp_data_chunk); 11973 sp->data = sp->tail_mbuf = NULL; 11974 if (sp->length == 0) { 11975 *error = 0; 11976 goto skip_copy; 11977 } 11978 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 11979 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 11980 sctp_auth_key_acquire(stcb, stcb->asoc.authinfo.active_keyid); 11981 sp->holds_key_ref = 1; 11982 } 11983 *error = sctp_copy_one(sp, uio, resv_in_first); 11984 skip_copy: 11985 if (*error) { 11986 sctp_free_a_strmoq(stcb, sp); 11987 sp = NULL; 11988 } else { 11989 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 11990 sp->net = net; 11991 atomic_add_int(&sp->net->ref_count, 1); 11992 } else { 11993 sp->net = NULL; 11994 } 11995 sctp_set_prsctp_policy(sp); 11996 } 11997 out_now: 11998 return (sp); 11999 } 12000 12001 12002 int 12003 sctp_sosend(struct socket *so, 12004 struct sockaddr *addr, 12005 struct uio *uio, 12006 struct mbuf *top, 12007 struct mbuf *control, 12008 int flags, 12009 struct thread *p 12010 ) 12011 { 12012 int error, use_rcvinfo = 0; 12013 struct sctp_sndrcvinfo srcv; 12014 struct sockaddr *addr_to_use; 12015 12016 #if defined(INET) && defined(INET6) 12017 struct sockaddr_in sin; 12018 12019 #endif 12020 12021 if (control) { 12022 /* process cmsg snd/rcv info (maybe a assoc-id) */ 12023 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control, 12024 sizeof(srcv))) { 12025 /* got one */ 12026 use_rcvinfo = 1; 12027 } 12028 } 12029 addr_to_use = addr; 12030 #if defined(INET) && defined(INET6) 12031 if ((addr) && (addr->sa_family == AF_INET6)) { 12032 struct sockaddr_in6 *sin6; 12033 12034 sin6 = (struct sockaddr_in6 *)addr; 12035 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 12036 in6_sin6_2_sin(&sin, sin6); 12037 addr_to_use = (struct sockaddr *)&sin; 12038 } 12039 } 12040 #endif 12041 error = sctp_lower_sosend(so, addr_to_use, uio, top, 12042 control, 12043 flags, 12044 use_rcvinfo ? &srcv : NULL 12045 ,p 12046 ); 12047 return (error); 12048 } 12049 12050 12051 int 12052 sctp_lower_sosend(struct socket *so, 12053 struct sockaddr *addr, 12054 struct uio *uio, 12055 struct mbuf *i_pak, 12056 struct mbuf *control, 12057 int flags, 12058 struct sctp_sndrcvinfo *srcv 12059 , 12060 struct thread *p 12061 ) 12062 { 12063 unsigned int sndlen = 0, max_len; 12064 int error, len; 12065 struct mbuf *top = NULL; 12066 int queue_only = 0, queue_only_for_init = 0; 12067 int free_cnt_applied = 0; 12068 int un_sent; 12069 int now_filled = 0; 12070 unsigned int inqueue_bytes = 0; 12071 struct sctp_block_entry be; 12072 struct sctp_inpcb *inp; 12073 struct sctp_tcb *stcb = NULL; 12074 struct timeval now; 12075 struct sctp_nets *net; 12076 struct sctp_association *asoc; 12077 struct sctp_inpcb *t_inp; 12078 int user_marks_eor; 12079 int create_lock_applied = 0; 12080 int nagle_applies = 0; 12081 int some_on_control = 0; 12082 int got_all_of_the_send = 0; 12083 int hold_tcblock = 0; 12084 int non_blocking = 0; 12085 uint32_t local_add_more, local_soresv = 0; 12086 uint16_t port; 12087 uint16_t sinfo_flags; 12088 sctp_assoc_t sinfo_assoc_id; 12089 12090 error = 0; 12091 net = NULL; 12092 stcb = NULL; 12093 asoc = NULL; 12094 12095 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 12096 if (inp == NULL) { 12097 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12098 error = EINVAL; 12099 if (i_pak) { 12100 SCTP_RELEASE_PKT(i_pak); 12101 } 12102 return (error); 12103 } 12104 if ((uio == NULL) && (i_pak == NULL)) { 12105 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12106 return (EINVAL); 12107 } 12108 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 12109 atomic_add_int(&inp->total_sends, 1); 12110 if (uio) { 12111 if (uio->uio_resid < 0) { 12112 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12113 return (EINVAL); 12114 } 12115 sndlen = uio->uio_resid; 12116 } else { 12117 top = SCTP_HEADER_TO_CHAIN(i_pak); 12118 sndlen = SCTP_HEADER_LEN(i_pak); 12119 } 12120 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n", 12121 addr, 12122 sndlen); 12123 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 12124 (inp->sctp_socket->so_qlimit)) { 12125 /* The listener can NOT send */ 12126 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12127 error = ENOTCONN; 12128 goto out_unlocked; 12129 } 12130 /** 12131 * Pre-screen address, if one is given the sin-len 12132 * must be set correctly! 12133 */ 12134 if (addr) { 12135 union sctp_sockstore *raddr = (union sctp_sockstore *)addr; 12136 12137 switch (raddr->sa.sa_family) { 12138 #if defined(INET) 12139 case AF_INET: 12140 if (raddr->sin.sin_len != sizeof(struct sockaddr_in)) { 12141 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12142 error = EINVAL; 12143 goto out_unlocked; 12144 } 12145 port = raddr->sin.sin_port; 12146 break; 12147 #endif 12148 #if defined(INET6) 12149 case AF_INET6: 12150 if (raddr->sin6.sin6_len != sizeof(struct sockaddr_in6)) { 12151 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12152 error = EINVAL; 12153 goto out_unlocked; 12154 } 12155 port = raddr->sin6.sin6_port; 12156 break; 12157 #endif 12158 default: 12159 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAFNOSUPPORT); 12160 error = EAFNOSUPPORT; 12161 goto out_unlocked; 12162 } 12163 } else 12164 port = 0; 12165 12166 if (srcv) { 12167 sinfo_flags = srcv->sinfo_flags; 12168 sinfo_assoc_id = srcv->sinfo_assoc_id; 12169 if (INVALID_SINFO_FLAG(sinfo_flags) || 12170 PR_SCTP_INVALID_POLICY(sinfo_flags)) { 12171 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12172 error = EINVAL; 12173 goto out_unlocked; 12174 } 12175 if (srcv->sinfo_flags) 12176 SCTP_STAT_INCR(sctps_sends_with_flags); 12177 } else { 12178 sinfo_flags = inp->def_send.sinfo_flags; 12179 sinfo_assoc_id = inp->def_send.sinfo_assoc_id; 12180 } 12181 if (sinfo_flags & SCTP_SENDALL) { 12182 /* its a sendall */ 12183 error = sctp_sendall(inp, uio, top, srcv); 12184 top = NULL; 12185 goto out_unlocked; 12186 } 12187 if ((sinfo_flags & SCTP_ADDR_OVER) && (addr == NULL)) { 12188 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12189 error = EINVAL; 12190 goto out_unlocked; 12191 } 12192 /* now we must find the assoc */ 12193 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) || 12194 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12195 SCTP_INP_RLOCK(inp); 12196 stcb = LIST_FIRST(&inp->sctp_asoc_list); 12197 if (stcb == NULL) { 12198 SCTP_INP_RUNLOCK(inp); 12199 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12200 error = ENOTCONN; 12201 goto out_unlocked; 12202 } 12203 SCTP_TCB_LOCK(stcb); 12204 hold_tcblock = 1; 12205 SCTP_INP_RUNLOCK(inp); 12206 } else if (sinfo_assoc_id) { 12207 stcb = sctp_findassociation_ep_asocid(inp, sinfo_assoc_id, 0); 12208 } else if (addr) { 12209 /*- 12210 * Since we did not use findep we must 12211 * increment it, and if we don't find a tcb 12212 * decrement it. 12213 */ 12214 SCTP_INP_WLOCK(inp); 12215 SCTP_INP_INCR_REF(inp); 12216 SCTP_INP_WUNLOCK(inp); 12217 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12218 if (stcb == NULL) { 12219 SCTP_INP_WLOCK(inp); 12220 SCTP_INP_DECR_REF(inp); 12221 SCTP_INP_WUNLOCK(inp); 12222 } else { 12223 hold_tcblock = 1; 12224 } 12225 } 12226 if ((stcb == NULL) && (addr)) { 12227 /* Possible implicit send? */ 12228 SCTP_ASOC_CREATE_LOCK(inp); 12229 create_lock_applied = 1; 12230 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 12231 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 12232 /* Should I really unlock ? */ 12233 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12234 error = EINVAL; 12235 goto out_unlocked; 12236 12237 } 12238 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 12239 (addr->sa_family == AF_INET6)) { 12240 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12241 error = EINVAL; 12242 goto out_unlocked; 12243 } 12244 SCTP_INP_WLOCK(inp); 12245 SCTP_INP_INCR_REF(inp); 12246 SCTP_INP_WUNLOCK(inp); 12247 /* With the lock applied look again */ 12248 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12249 if (stcb == NULL) { 12250 SCTP_INP_WLOCK(inp); 12251 SCTP_INP_DECR_REF(inp); 12252 SCTP_INP_WUNLOCK(inp); 12253 } else { 12254 hold_tcblock = 1; 12255 } 12256 if (t_inp != inp) { 12257 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12258 error = ENOTCONN; 12259 goto out_unlocked; 12260 } 12261 } 12262 if (stcb == NULL) { 12263 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 12264 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12265 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12266 error = ENOTCONN; 12267 goto out_unlocked; 12268 } 12269 if (addr == NULL) { 12270 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12271 error = ENOENT; 12272 goto out_unlocked; 12273 } else { 12274 /* 12275 * UDP style, we must go ahead and start the INIT 12276 * process 12277 */ 12278 uint32_t vrf_id; 12279 12280 if ((sinfo_flags & SCTP_ABORT) || 12281 ((sinfo_flags & SCTP_EOF) && (sndlen == 0))) { 12282 /*- 12283 * User asks to abort a non-existant assoc, 12284 * or EOF a non-existant assoc with no data 12285 */ 12286 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12287 error = ENOENT; 12288 goto out_unlocked; 12289 } 12290 /* get an asoc/stcb struct */ 12291 vrf_id = inp->def_vrf_id; 12292 #ifdef INVARIANTS 12293 if (create_lock_applied == 0) { 12294 panic("Error, should hold create lock and I don't?"); 12295 } 12296 #endif 12297 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id, 12298 p 12299 ); 12300 if (stcb == NULL) { 12301 /* Error is setup for us in the call */ 12302 goto out_unlocked; 12303 } 12304 if (create_lock_applied) { 12305 SCTP_ASOC_CREATE_UNLOCK(inp); 12306 create_lock_applied = 0; 12307 } else { 12308 SCTP_PRINTF("Huh-3? create lock should have been on??\n"); 12309 } 12310 /* 12311 * Turn on queue only flag to prevent data from 12312 * being sent 12313 */ 12314 queue_only = 1; 12315 asoc = &stcb->asoc; 12316 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 12317 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 12318 12319 /* initialize authentication params for the assoc */ 12320 sctp_initialize_auth_params(inp, stcb); 12321 12322 if (control) { 12323 /* 12324 * see if a init structure exists in cmsg 12325 * headers 12326 */ 12327 struct sctp_initmsg initm; 12328 int i; 12329 12330 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control, 12331 sizeof(initm))) { 12332 /* 12333 * we have an INIT override of the 12334 * default 12335 */ 12336 if (initm.sinit_max_attempts) 12337 asoc->max_init_times = initm.sinit_max_attempts; 12338 if (initm.sinit_num_ostreams) 12339 asoc->pre_open_streams = initm.sinit_num_ostreams; 12340 if (initm.sinit_max_instreams) 12341 asoc->max_inbound_streams = initm.sinit_max_instreams; 12342 if (initm.sinit_max_init_timeo) 12343 asoc->initial_init_rto_max = initm.sinit_max_init_timeo; 12344 if (asoc->streamoutcnt < asoc->pre_open_streams) { 12345 struct sctp_stream_out *tmp_str; 12346 int had_lock = 0; 12347 12348 /* Default is NOT correct */ 12349 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, defout:%d pre_open:%d\n", 12350 asoc->streamoutcnt, asoc->pre_open_streams); 12351 /* 12352 * What happens if this 12353 * fails? we panic ... 12354 */ 12355 12356 if (hold_tcblock) { 12357 had_lock = 1; 12358 SCTP_TCB_UNLOCK(stcb); 12359 } 12360 SCTP_MALLOC(tmp_str, 12361 struct sctp_stream_out *, 12362 (asoc->pre_open_streams * 12363 sizeof(struct sctp_stream_out)), 12364 SCTP_M_STRMO); 12365 if (had_lock) { 12366 SCTP_TCB_LOCK(stcb); 12367 } 12368 if (tmp_str != NULL) { 12369 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 12370 asoc->strmout = tmp_str; 12371 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams; 12372 } else { 12373 asoc->pre_open_streams = asoc->streamoutcnt; 12374 } 12375 for (i = 0; i < asoc->streamoutcnt; i++) { 12376 /*- 12377 * inbound side must be set 12378 * to 0xffff, also NOTE when 12379 * we get the INIT-ACK back 12380 * (for INIT sender) we MUST 12381 * reduce the count 12382 * (streamoutcnt) but first 12383 * check if we sent to any 12384 * of the upper streams that 12385 * were dropped (if some 12386 * were). Those that were 12387 * dropped must be notified 12388 * to the upper layer as 12389 * failed to send. 12390 */ 12391 asoc->strmout[i].next_sequence_sent = 0x0; 12392 TAILQ_INIT(&asoc->strmout[i].outqueue); 12393 asoc->strmout[i].stream_no = i; 12394 asoc->strmout[i].last_msg_incomplete = 0; 12395 asoc->ss_functions.sctp_ss_init_stream(&asoc->strmout[i], NULL); 12396 } 12397 } 12398 } 12399 } 12400 hold_tcblock = 1; 12401 /* out with the INIT */ 12402 queue_only_for_init = 1; 12403 /*- 12404 * we may want to dig in after this call and adjust the MTU 12405 * value. It defaulted to 1500 (constant) but the ro 12406 * structure may now have an update and thus we may need to 12407 * change it BEFORE we append the message. 12408 */ 12409 } 12410 } else 12411 asoc = &stcb->asoc; 12412 if (srcv == NULL) 12413 srcv = (struct sctp_sndrcvinfo *)&asoc->def_send; 12414 if (srcv->sinfo_flags & SCTP_ADDR_OVER) { 12415 if (addr) 12416 net = sctp_findnet(stcb, addr); 12417 else 12418 net = NULL; 12419 if ((net == NULL) || 12420 ((port != 0) && (port != stcb->rport))) { 12421 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12422 error = EINVAL; 12423 goto out_unlocked; 12424 } 12425 } else { 12426 net = stcb->asoc.primary_destination; 12427 } 12428 atomic_add_int(&stcb->total_sends, 1); 12429 /* Keep the stcb from being freed under our feet */ 12430 atomic_add_int(&asoc->refcnt, 1); 12431 free_cnt_applied = 1; 12432 12433 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { 12434 if (sndlen > asoc->smallest_mtu) { 12435 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12436 error = EMSGSIZE; 12437 goto out_unlocked; 12438 } 12439 } 12440 if ((SCTP_SO_IS_NBIO(so) 12441 || (flags & MSG_NBIO) 12442 )) { 12443 non_blocking = 1; 12444 } 12445 /* would we block? */ 12446 if (non_blocking) { 12447 if (hold_tcblock == 0) { 12448 SCTP_TCB_LOCK(stcb); 12449 hold_tcblock = 1; 12450 } 12451 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12452 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) || 12453 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12454 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); 12455 if (sndlen > SCTP_SB_LIMIT_SND(so)) 12456 error = EMSGSIZE; 12457 else 12458 error = EWOULDBLOCK; 12459 goto out_unlocked; 12460 } 12461 stcb->asoc.sb_send_resv += sndlen; 12462 SCTP_TCB_UNLOCK(stcb); 12463 hold_tcblock = 0; 12464 } else { 12465 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen); 12466 } 12467 local_soresv = sndlen; 12468 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12469 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12470 error = ECONNRESET; 12471 goto out_unlocked; 12472 } 12473 if (create_lock_applied) { 12474 SCTP_ASOC_CREATE_UNLOCK(inp); 12475 create_lock_applied = 0; 12476 } 12477 if (asoc->stream_reset_outstanding) { 12478 /* 12479 * Can't queue any data while stream reset is underway. 12480 */ 12481 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN); 12482 error = EAGAIN; 12483 goto out_unlocked; 12484 } 12485 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12486 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12487 queue_only = 1; 12488 } 12489 /* we are now done with all control */ 12490 if (control) { 12491 sctp_m_freem(control); 12492 control = NULL; 12493 } 12494 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 12495 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 12496 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 12497 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 12498 if (srcv->sinfo_flags & SCTP_ABORT) { 12499 ; 12500 } else { 12501 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12502 error = ECONNRESET; 12503 goto out_unlocked; 12504 } 12505 } 12506 /* Ok, we will attempt a msgsnd :> */ 12507 if (p) { 12508 p->td_ru.ru_msgsnd++; 12509 } 12510 /* Are we aborting? */ 12511 if (srcv->sinfo_flags & SCTP_ABORT) { 12512 struct mbuf *mm; 12513 int tot_demand, tot_out = 0, max_out; 12514 12515 SCTP_STAT_INCR(sctps_sends_with_abort); 12516 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12517 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12518 /* It has to be up before we abort */ 12519 /* how big is the user initiated abort? */ 12520 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12521 error = EINVAL; 12522 goto out; 12523 } 12524 if (hold_tcblock) { 12525 SCTP_TCB_UNLOCK(stcb); 12526 hold_tcblock = 0; 12527 } 12528 if (top) { 12529 struct mbuf *cntm = NULL; 12530 12531 mm = sctp_get_mbuf_for_msg(1, 0, M_WAIT, 1, MT_DATA); 12532 if (sndlen != 0) { 12533 cntm = top; 12534 while (cntm) { 12535 tot_out += SCTP_BUF_LEN(cntm); 12536 cntm = SCTP_BUF_NEXT(cntm); 12537 } 12538 } 12539 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12540 } else { 12541 /* Must fit in a MTU */ 12542 tot_out = sndlen; 12543 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12544 if (tot_demand > SCTP_DEFAULT_ADD_MORE) { 12545 /* To big */ 12546 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12547 error = EMSGSIZE; 12548 goto out; 12549 } 12550 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAIT, 1, MT_DATA); 12551 } 12552 if (mm == NULL) { 12553 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12554 error = ENOMEM; 12555 goto out; 12556 } 12557 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); 12558 max_out -= sizeof(struct sctp_abort_msg); 12559 if (tot_out > max_out) { 12560 tot_out = max_out; 12561 } 12562 if (mm) { 12563 struct sctp_paramhdr *ph; 12564 12565 /* now move forward the data pointer */ 12566 ph = mtod(mm, struct sctp_paramhdr *); 12567 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 12568 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out)); 12569 ph++; 12570 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr); 12571 if (top == NULL) { 12572 error = uiomove((caddr_t)ph, (int)tot_out, uio); 12573 if (error) { 12574 /*- 12575 * Here if we can't get his data we 12576 * still abort we just don't get to 12577 * send the users note :-0 12578 */ 12579 sctp_m_freem(mm); 12580 mm = NULL; 12581 } 12582 } else { 12583 if (sndlen != 0) { 12584 SCTP_BUF_NEXT(mm) = top; 12585 } 12586 } 12587 } 12588 if (hold_tcblock == 0) { 12589 SCTP_TCB_LOCK(stcb); 12590 hold_tcblock = 1; 12591 } 12592 atomic_add_int(&stcb->asoc.refcnt, -1); 12593 free_cnt_applied = 0; 12594 /* release this lock, otherwise we hang on ourselves */ 12595 sctp_abort_an_association(stcb->sctp_ep, stcb, 12596 SCTP_RESPONSE_TO_USER_REQ, 12597 mm, SCTP_SO_LOCKED); 12598 /* now relock the stcb so everything is sane */ 12599 hold_tcblock = 0; 12600 stcb = NULL; 12601 /* 12602 * In this case top is already chained to mm avoid double 12603 * free, since we free it below if top != NULL and driver 12604 * would free it after sending the packet out 12605 */ 12606 if (sndlen != 0) { 12607 top = NULL; 12608 } 12609 goto out_unlocked; 12610 } 12611 /* Calculate the maximum we can send */ 12612 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12613 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12614 if (non_blocking) { 12615 /* we already checked for non-blocking above. */ 12616 max_len = sndlen; 12617 } else { 12618 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12619 } 12620 } else { 12621 max_len = 0; 12622 } 12623 if (hold_tcblock) { 12624 SCTP_TCB_UNLOCK(stcb); 12625 hold_tcblock = 0; 12626 } 12627 /* Is the stream no. valid? */ 12628 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 12629 /* Invalid stream number */ 12630 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12631 error = EINVAL; 12632 goto out_unlocked; 12633 } 12634 if (asoc->strmout == NULL) { 12635 /* huh? software error */ 12636 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 12637 error = EFAULT; 12638 goto out_unlocked; 12639 } 12640 /* Unless E_EOR mode is on, we must make a send FIT in one call. */ 12641 if ((user_marks_eor == 0) && 12642 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { 12643 /* It will NEVER fit */ 12644 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12645 error = EMSGSIZE; 12646 goto out_unlocked; 12647 } 12648 if ((uio == NULL) && user_marks_eor) { 12649 /*- 12650 * We do not support eeor mode for 12651 * sending with mbuf chains (like sendfile). 12652 */ 12653 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12654 error = EINVAL; 12655 goto out_unlocked; 12656 } 12657 if (user_marks_eor) { 12658 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); 12659 } else { 12660 /*- 12661 * For non-eeor the whole message must fit in 12662 * the socket send buffer. 12663 */ 12664 local_add_more = sndlen; 12665 } 12666 len = 0; 12667 if (non_blocking) { 12668 goto skip_preblock; 12669 } 12670 if (((max_len <= local_add_more) && 12671 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || 12672 (max_len == 0) || 12673 ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12674 /* No room right now ! */ 12675 SOCKBUF_LOCK(&so->so_snd); 12676 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12677 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || 12678 ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12679 SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", 12680 (unsigned int)SCTP_SB_LIMIT_SND(so), 12681 inqueue_bytes, 12682 local_add_more, 12683 stcb->asoc.stream_queue_cnt, 12684 stcb->asoc.chunks_on_out_queue, 12685 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)); 12686 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12687 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, so, asoc, sndlen); 12688 } 12689 be.error = 0; 12690 stcb->block_entry = &be; 12691 error = sbwait(&so->so_snd); 12692 stcb->block_entry = NULL; 12693 if (error || so->so_error || be.error) { 12694 if (error == 0) { 12695 if (so->so_error) 12696 error = so->so_error; 12697 if (be.error) { 12698 error = be.error; 12699 } 12700 } 12701 SOCKBUF_UNLOCK(&so->so_snd); 12702 goto out_unlocked; 12703 } 12704 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12705 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 12706 so, asoc, stcb->asoc.total_output_queue_size); 12707 } 12708 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12709 goto out_unlocked; 12710 } 12711 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12712 } 12713 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12714 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12715 } else { 12716 max_len = 0; 12717 } 12718 SOCKBUF_UNLOCK(&so->so_snd); 12719 } 12720 skip_preblock: 12721 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12722 goto out_unlocked; 12723 } 12724 /* 12725 * sndlen covers for mbuf case uio_resid covers for the non-mbuf 12726 * case NOTE: uio will be null when top/mbuf is passed 12727 */ 12728 if (sndlen == 0) { 12729 if (srcv->sinfo_flags & SCTP_EOF) { 12730 got_all_of_the_send = 1; 12731 goto dataless_eof; 12732 } else { 12733 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12734 error = EINVAL; 12735 goto out; 12736 } 12737 } 12738 if (top == NULL) { 12739 struct sctp_stream_queue_pending *sp; 12740 struct sctp_stream_out *strm; 12741 uint32_t sndout; 12742 12743 SCTP_TCB_SEND_LOCK(stcb); 12744 if ((asoc->stream_locked) && 12745 (asoc->stream_locked_on != srcv->sinfo_stream)) { 12746 SCTP_TCB_SEND_UNLOCK(stcb); 12747 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12748 error = EINVAL; 12749 goto out; 12750 } 12751 SCTP_TCB_SEND_UNLOCK(stcb); 12752 12753 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 12754 if (strm->last_msg_incomplete == 0) { 12755 do_a_copy_in: 12756 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error, non_blocking); 12757 if ((sp == NULL) || (error)) { 12758 goto out; 12759 } 12760 SCTP_TCB_SEND_LOCK(stcb); 12761 if (sp->msg_is_complete) { 12762 strm->last_msg_incomplete = 0; 12763 asoc->stream_locked = 0; 12764 } else { 12765 /* 12766 * Just got locked to this guy in case of an 12767 * interrupt. 12768 */ 12769 strm->last_msg_incomplete = 1; 12770 asoc->stream_locked = 1; 12771 asoc->stream_locked_on = srcv->sinfo_stream; 12772 sp->sender_all_done = 0; 12773 } 12774 sctp_snd_sb_alloc(stcb, sp->length); 12775 atomic_add_int(&asoc->stream_queue_cnt, 1); 12776 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 12777 sp->strseq = strm->next_sequence_sent; 12778 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_SCTP) { 12779 sctp_misc_ints(SCTP_STRMOUT_LOG_ASSIGN, 12780 (uintptr_t) stcb, sp->length, 12781 (uint32_t) ((srcv->sinfo_stream << 16) | sp->strseq), 0); 12782 } 12783 strm->next_sequence_sent++; 12784 } else { 12785 SCTP_STAT_INCR(sctps_sends_with_unord); 12786 } 12787 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 12788 stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, asoc, strm, sp, 1); 12789 SCTP_TCB_SEND_UNLOCK(stcb); 12790 } else { 12791 SCTP_TCB_SEND_LOCK(stcb); 12792 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead); 12793 SCTP_TCB_SEND_UNLOCK(stcb); 12794 if (sp == NULL) { 12795 /* ???? Huh ??? last msg is gone */ 12796 #ifdef INVARIANTS 12797 panic("Warning: Last msg marked incomplete, yet nothing left?"); 12798 #else 12799 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n"); 12800 strm->last_msg_incomplete = 0; 12801 #endif 12802 goto do_a_copy_in; 12803 12804 } 12805 } 12806 while (uio->uio_resid > 0) { 12807 /* How much room do we have? */ 12808 struct mbuf *new_tail, *mm; 12809 12810 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 12811 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 12812 else 12813 max_len = 0; 12814 12815 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || 12816 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) || 12817 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) { 12818 sndout = 0; 12819 new_tail = NULL; 12820 if (hold_tcblock) { 12821 SCTP_TCB_UNLOCK(stcb); 12822 hold_tcblock = 0; 12823 } 12824 mm = sctp_copy_resume(sp, uio, srcv, max_len, user_marks_eor, &error, &sndout, &new_tail); 12825 if ((mm == NULL) || error) { 12826 if (mm) { 12827 sctp_m_freem(mm); 12828 } 12829 goto out; 12830 } 12831 /* Update the mbuf and count */ 12832 SCTP_TCB_SEND_LOCK(stcb); 12833 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12834 /* 12835 * we need to get out. Peer probably 12836 * aborted. 12837 */ 12838 sctp_m_freem(mm); 12839 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) { 12840 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12841 error = ECONNRESET; 12842 } 12843 SCTP_TCB_SEND_UNLOCK(stcb); 12844 goto out; 12845 } 12846 if (sp->tail_mbuf) { 12847 /* tack it to the end */ 12848 SCTP_BUF_NEXT(sp->tail_mbuf) = mm; 12849 sp->tail_mbuf = new_tail; 12850 } else { 12851 /* A stolen mbuf */ 12852 sp->data = mm; 12853 sp->tail_mbuf = new_tail; 12854 } 12855 sctp_snd_sb_alloc(stcb, sndout); 12856 atomic_add_int(&sp->length, sndout); 12857 len += sndout; 12858 12859 /* Did we reach EOR? */ 12860 if ((uio->uio_resid == 0) && 12861 ((user_marks_eor == 0) || 12862 (srcv->sinfo_flags & SCTP_EOF) || 12863 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12864 sp->msg_is_complete = 1; 12865 } else { 12866 sp->msg_is_complete = 0; 12867 } 12868 SCTP_TCB_SEND_UNLOCK(stcb); 12869 } 12870 if (uio->uio_resid == 0) { 12871 /* got it all? */ 12872 continue; 12873 } 12874 /* PR-SCTP? */ 12875 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) { 12876 /* 12877 * This is ugly but we must assure locking 12878 * order 12879 */ 12880 if (hold_tcblock == 0) { 12881 SCTP_TCB_LOCK(stcb); 12882 hold_tcblock = 1; 12883 } 12884 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 12885 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12886 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 12887 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12888 else 12889 max_len = 0; 12890 if (max_len > 0) { 12891 continue; 12892 } 12893 SCTP_TCB_UNLOCK(stcb); 12894 hold_tcblock = 0; 12895 } 12896 /* wait for space now */ 12897 if (non_blocking) { 12898 /* Non-blocking io in place out */ 12899 goto skip_out_eof; 12900 } 12901 /* What about the INIT, send it maybe */ 12902 if (queue_only_for_init) { 12903 if (hold_tcblock == 0) { 12904 SCTP_TCB_LOCK(stcb); 12905 hold_tcblock = 1; 12906 } 12907 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 12908 /* a collision took us forward? */ 12909 queue_only = 0; 12910 } else { 12911 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 12912 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 12913 queue_only = 1; 12914 } 12915 } 12916 if ((net->flight_size > net->cwnd) && 12917 (asoc->sctp_cmt_on_off == 0)) { 12918 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 12919 queue_only = 1; 12920 } else if (asoc->ifp_had_enobuf) { 12921 SCTP_STAT_INCR(sctps_ifnomemqueued); 12922 if (net->flight_size > (2 * net->mtu)) { 12923 queue_only = 1; 12924 } 12925 asoc->ifp_had_enobuf = 0; 12926 } 12927 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 12928 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 12929 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 12930 (stcb->asoc.total_flight > 0) && 12931 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 12932 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 12933 12934 /*- 12935 * Ok, Nagle is set on and we have data outstanding. 12936 * Don't send anything and let SACKs drive out the 12937 * data unless wen have a "full" segment to send. 12938 */ 12939 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 12940 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 12941 } 12942 SCTP_STAT_INCR(sctps_naglequeued); 12943 nagle_applies = 1; 12944 } else { 12945 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 12946 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 12947 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 12948 } 12949 SCTP_STAT_INCR(sctps_naglesent); 12950 nagle_applies = 0; 12951 } 12952 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12953 12954 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 12955 nagle_applies, un_sent); 12956 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 12957 stcb->asoc.total_flight, 12958 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 12959 } 12960 if (queue_only_for_init) 12961 queue_only_for_init = 0; 12962 if ((queue_only == 0) && (nagle_applies == 0)) { 12963 /*- 12964 * need to start chunk output 12965 * before blocking.. note that if 12966 * a lock is already applied, then 12967 * the input via the net is happening 12968 * and I don't need to start output :-D 12969 */ 12970 if (hold_tcblock == 0) { 12971 if (SCTP_TCB_TRYLOCK(stcb)) { 12972 hold_tcblock = 1; 12973 sctp_chunk_output(inp, 12974 stcb, 12975 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 12976 } 12977 } else { 12978 sctp_chunk_output(inp, 12979 stcb, 12980 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 12981 } 12982 if (hold_tcblock == 1) { 12983 SCTP_TCB_UNLOCK(stcb); 12984 hold_tcblock = 0; 12985 } 12986 } 12987 SOCKBUF_LOCK(&so->so_snd); 12988 /*- 12989 * This is a bit strange, but I think it will 12990 * work. The total_output_queue_size is locked and 12991 * protected by the TCB_LOCK, which we just released. 12992 * There is a race that can occur between releasing it 12993 * above, and me getting the socket lock, where sacks 12994 * come in but we have not put the SB_WAIT on the 12995 * so_snd buffer to get the wakeup. After the LOCK 12996 * is applied the sack_processing will also need to 12997 * LOCK the so->so_snd to do the actual sowwakeup(). So 12998 * once we have the socket buffer lock if we recheck the 12999 * size we KNOW we will get to sleep safely with the 13000 * wakeup flag in place. 13001 */ 13002 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size + 13003 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) { 13004 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13005 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 13006 so, asoc, uio->uio_resid); 13007 } 13008 be.error = 0; 13009 stcb->block_entry = &be; 13010 error = sbwait(&so->so_snd); 13011 stcb->block_entry = NULL; 13012 13013 if (error || so->so_error || be.error) { 13014 if (error == 0) { 13015 if (so->so_error) 13016 error = so->so_error; 13017 if (be.error) { 13018 error = be.error; 13019 } 13020 } 13021 SOCKBUF_UNLOCK(&so->so_snd); 13022 goto out_unlocked; 13023 } 13024 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13025 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 13026 so, asoc, stcb->asoc.total_output_queue_size); 13027 } 13028 } 13029 SOCKBUF_UNLOCK(&so->so_snd); 13030 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13031 goto out_unlocked; 13032 } 13033 } 13034 SCTP_TCB_SEND_LOCK(stcb); 13035 if (sp) { 13036 if (sp->msg_is_complete == 0) { 13037 strm->last_msg_incomplete = 1; 13038 asoc->stream_locked = 1; 13039 asoc->stream_locked_on = srcv->sinfo_stream; 13040 } else { 13041 sp->sender_all_done = 1; 13042 strm->last_msg_incomplete = 0; 13043 asoc->stream_locked = 0; 13044 } 13045 } else { 13046 SCTP_PRINTF("Huh no sp TSNH?\n"); 13047 strm->last_msg_incomplete = 0; 13048 asoc->stream_locked = 0; 13049 } 13050 SCTP_TCB_SEND_UNLOCK(stcb); 13051 if (uio->uio_resid == 0) { 13052 got_all_of_the_send = 1; 13053 } 13054 } else { 13055 /* We send in a 0, since we do NOT have any locks */ 13056 error = sctp_msg_append(stcb, net, top, srcv, 0); 13057 top = NULL; 13058 if (srcv->sinfo_flags & SCTP_EOF) { 13059 /* 13060 * This should only happen for Panda for the mbuf 13061 * send case, which does NOT yet support EEOR mode. 13062 * Thus, we can just set this flag to do the proper 13063 * EOF handling. 13064 */ 13065 got_all_of_the_send = 1; 13066 } 13067 } 13068 if (error) { 13069 goto out; 13070 } 13071 dataless_eof: 13072 /* EOF thing ? */ 13073 if ((srcv->sinfo_flags & SCTP_EOF) && 13074 (got_all_of_the_send == 1) && 13075 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) { 13076 int cnt; 13077 13078 SCTP_STAT_INCR(sctps_sends_with_eof); 13079 error = 0; 13080 if (hold_tcblock == 0) { 13081 SCTP_TCB_LOCK(stcb); 13082 hold_tcblock = 1; 13083 } 13084 cnt = sctp_is_there_unsent_data(stcb); 13085 if (TAILQ_EMPTY(&asoc->send_queue) && 13086 TAILQ_EMPTY(&asoc->sent_queue) && 13087 (cnt == 0)) { 13088 if (asoc->locked_on_sending) { 13089 goto abort_anyway; 13090 } 13091 /* there is nothing queued to send, so I'm done... */ 13092 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13093 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13094 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13095 /* only send SHUTDOWN the first time through */ 13096 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 13097 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 13098 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 13099 } 13100 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 13101 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 13102 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 13103 asoc->primary_destination); 13104 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13105 asoc->primary_destination); 13106 } 13107 } else { 13108 /*- 13109 * we still got (or just got) data to send, so set 13110 * SHUTDOWN_PENDING 13111 */ 13112 /*- 13113 * XXX sockets draft says that SCTP_EOF should be 13114 * sent with no data. currently, we will allow user 13115 * data to be sent first and move to 13116 * SHUTDOWN-PENDING 13117 */ 13118 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13119 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13120 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13121 if (hold_tcblock == 0) { 13122 SCTP_TCB_LOCK(stcb); 13123 hold_tcblock = 1; 13124 } 13125 if (asoc->locked_on_sending) { 13126 /* Locked to send out the data */ 13127 struct sctp_stream_queue_pending *sp; 13128 13129 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 13130 if (sp) { 13131 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 13132 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 13133 } 13134 } 13135 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 13136 if (TAILQ_EMPTY(&asoc->send_queue) && 13137 TAILQ_EMPTY(&asoc->sent_queue) && 13138 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 13139 abort_anyway: 13140 if (free_cnt_applied) { 13141 atomic_add_int(&stcb->asoc.refcnt, -1); 13142 free_cnt_applied = 0; 13143 } 13144 sctp_abort_an_association(stcb->sctp_ep, stcb, 13145 SCTP_RESPONSE_TO_USER_REQ, 13146 NULL, SCTP_SO_LOCKED); 13147 /* 13148 * now relock the stcb so everything 13149 * is sane 13150 */ 13151 hold_tcblock = 0; 13152 stcb = NULL; 13153 goto out; 13154 } 13155 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13156 asoc->primary_destination); 13157 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY); 13158 } 13159 } 13160 } 13161 skip_out_eof: 13162 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 13163 some_on_control = 1; 13164 } 13165 if (queue_only_for_init) { 13166 if (hold_tcblock == 0) { 13167 SCTP_TCB_LOCK(stcb); 13168 hold_tcblock = 1; 13169 } 13170 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13171 /* a collision took us forward? */ 13172 queue_only = 0; 13173 } else { 13174 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13175 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT); 13176 queue_only = 1; 13177 } 13178 } 13179 if ((net->flight_size > net->cwnd) && 13180 (stcb->asoc.sctp_cmt_on_off == 0)) { 13181 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13182 queue_only = 1; 13183 } else if (asoc->ifp_had_enobuf) { 13184 SCTP_STAT_INCR(sctps_ifnomemqueued); 13185 if (net->flight_size > (2 * net->mtu)) { 13186 queue_only = 1; 13187 } 13188 asoc->ifp_had_enobuf = 0; 13189 } 13190 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13191 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13192 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13193 (stcb->asoc.total_flight > 0) && 13194 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13195 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13196 /*- 13197 * Ok, Nagle is set on and we have data outstanding. 13198 * Don't send anything and let SACKs drive out the 13199 * data unless wen have a "full" segment to send. 13200 */ 13201 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13202 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13203 } 13204 SCTP_STAT_INCR(sctps_naglequeued); 13205 nagle_applies = 1; 13206 } else { 13207 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13208 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13209 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13210 } 13211 SCTP_STAT_INCR(sctps_naglesent); 13212 nagle_applies = 0; 13213 } 13214 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13215 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 13216 nagle_applies, un_sent); 13217 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 13218 stcb->asoc.total_flight, 13219 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 13220 } 13221 if (queue_only_for_init) 13222 queue_only_for_init = 0; 13223 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 13224 /* we can attempt to send too. */ 13225 if (hold_tcblock == 0) { 13226 /* 13227 * If there is activity recv'ing sacks no need to 13228 * send 13229 */ 13230 if (SCTP_TCB_TRYLOCK(stcb)) { 13231 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13232 hold_tcblock = 1; 13233 } 13234 } else { 13235 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13236 } 13237 } else if ((queue_only == 0) && 13238 (stcb->asoc.peers_rwnd == 0) && 13239 (stcb->asoc.total_flight == 0)) { 13240 /* We get to have a probe outstanding */ 13241 if (hold_tcblock == 0) { 13242 hold_tcblock = 1; 13243 SCTP_TCB_LOCK(stcb); 13244 } 13245 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13246 } else if (some_on_control) { 13247 int num_out, reason, frag_point; 13248 13249 /* Here we do control only */ 13250 if (hold_tcblock == 0) { 13251 hold_tcblock = 1; 13252 SCTP_TCB_LOCK(stcb); 13253 } 13254 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 13255 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 13256 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED); 13257 } 13258 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n", 13259 queue_only, stcb->asoc.peers_rwnd, un_sent, 13260 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 13261 stcb->asoc.total_output_queue_size, error); 13262 13263 out: 13264 out_unlocked: 13265 13266 if (local_soresv && stcb) { 13267 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen); 13268 local_soresv = 0; 13269 } 13270 if (create_lock_applied) { 13271 SCTP_ASOC_CREATE_UNLOCK(inp); 13272 create_lock_applied = 0; 13273 } 13274 if ((stcb) && hold_tcblock) { 13275 SCTP_TCB_UNLOCK(stcb); 13276 } 13277 if (stcb && free_cnt_applied) { 13278 atomic_add_int(&stcb->asoc.refcnt, -1); 13279 } 13280 #ifdef INVARIANTS 13281 if (stcb) { 13282 if (mtx_owned(&stcb->tcb_mtx)) { 13283 panic("Leaving with tcb mtx owned?"); 13284 } 13285 if (mtx_owned(&stcb->tcb_send_mtx)) { 13286 panic("Leaving with tcb send mtx owned?"); 13287 } 13288 } 13289 #endif 13290 #ifdef INVARIANTS 13291 if (inp) { 13292 sctp_validate_no_locks(inp); 13293 } else { 13294 printf("Warning - inp is NULL so cant validate locks\n"); 13295 } 13296 #endif 13297 if (top) { 13298 sctp_m_freem(top); 13299 } 13300 if (control) { 13301 sctp_m_freem(control); 13302 } 13303 return (error); 13304 } 13305 13306 13307 /* 13308 * generate an AUTHentication chunk, if required 13309 */ 13310 struct mbuf * 13311 sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 13312 struct sctp_auth_chunk **auth_ret, uint32_t * offset, 13313 struct sctp_tcb *stcb, uint8_t chunk) 13314 { 13315 struct mbuf *m_auth; 13316 struct sctp_auth_chunk *auth; 13317 int chunk_len; 13318 13319 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) || 13320 (stcb == NULL)) 13321 return (m); 13322 13323 /* sysctl disabled auth? */ 13324 if (SCTP_BASE_SYSCTL(sctp_auth_disable)) 13325 return (m); 13326 13327 /* peer doesn't do auth... */ 13328 if (!stcb->asoc.peer_supports_auth) { 13329 return (m); 13330 } 13331 /* does the requested chunk require auth? */ 13332 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) { 13333 return (m); 13334 } 13335 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_DONTWAIT, 1, MT_HEADER); 13336 if (m_auth == NULL) { 13337 /* no mbuf's */ 13338 return (m); 13339 } 13340 /* reserve some space if this will be the first mbuf */ 13341 if (m == NULL) 13342 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD); 13343 /* fill in the AUTH chunk details */ 13344 auth = mtod(m_auth, struct sctp_auth_chunk *); 13345 bzero(auth, sizeof(*auth)); 13346 auth->ch.chunk_type = SCTP_AUTHENTICATION; 13347 auth->ch.chunk_flags = 0; 13348 chunk_len = sizeof(*auth) + 13349 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 13350 auth->ch.chunk_length = htons(chunk_len); 13351 auth->hmac_id = htons(stcb->asoc.peer_hmac_id); 13352 /* key id and hmac digest will be computed and filled in upon send */ 13353 13354 /* save the offset where the auth was inserted into the chain */ 13355 if (m != NULL) { 13356 struct mbuf *cn; 13357 13358 *offset = 0; 13359 cn = m; 13360 while (cn) { 13361 *offset += SCTP_BUF_LEN(cn); 13362 cn = SCTP_BUF_NEXT(cn); 13363 } 13364 } else 13365 *offset = 0; 13366 13367 /* update length and return pointer to the auth chunk */ 13368 SCTP_BUF_LEN(m_auth) = chunk_len; 13369 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0); 13370 if (auth_ret != NULL) 13371 *auth_ret = auth; 13372 13373 return (m); 13374 } 13375 13376 #ifdef INET6 13377 int 13378 sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro) 13379 { 13380 struct nd_prefix *pfx = NULL; 13381 struct nd_pfxrouter *pfxrtr = NULL; 13382 struct sockaddr_in6 gw6; 13383 13384 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6) 13385 return (0); 13386 13387 /* get prefix entry of address */ 13388 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) { 13389 if (pfx->ndpr_stateflags & NDPRF_DETACHED) 13390 continue; 13391 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr, 13392 &src6->sin6_addr, &pfx->ndpr_mask)) 13393 break; 13394 } 13395 /* no prefix entry in the prefix list */ 13396 if (pfx == NULL) { 13397 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for "); 13398 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13399 return (0); 13400 } 13401 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is "); 13402 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13403 13404 /* search installed gateway from prefix entry */ 13405 for (pfxrtr = pfx->ndpr_advrtrs.lh_first; pfxrtr; pfxrtr = 13406 pfxrtr->pfr_next) { 13407 memset(&gw6, 0, sizeof(struct sockaddr_in6)); 13408 gw6.sin6_family = AF_INET6; 13409 gw6.sin6_len = sizeof(struct sockaddr_in6); 13410 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr, 13411 sizeof(struct in6_addr)); 13412 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is "); 13413 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6); 13414 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is "); 13415 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13416 if (sctp_cmpaddr((struct sockaddr *)&gw6, 13417 ro->ro_rt->rt_gateway)) { 13418 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n"); 13419 return (1); 13420 } 13421 } 13422 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n"); 13423 return (0); 13424 } 13425 13426 #endif 13427 13428 int 13429 sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t * ro) 13430 { 13431 struct sockaddr_in *sin, *mask; 13432 struct ifaddr *ifa; 13433 struct in_addr srcnetaddr, gwnetaddr; 13434 13435 if (ro == NULL || ro->ro_rt == NULL || 13436 sifa->address.sa.sa_family != AF_INET) { 13437 return (0); 13438 } 13439 ifa = (struct ifaddr *)sifa->ifa; 13440 mask = (struct sockaddr_in *)(ifa->ifa_netmask); 13441 sin = (struct sockaddr_in *)&sifa->address.sin; 13442 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13443 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is "); 13444 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 13445 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr); 13446 13447 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway; 13448 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13449 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is "); 13450 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13451 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr); 13452 if (srcnetaddr.s_addr == gwnetaddr.s_addr) { 13453 return (1); 13454 } 13455 return (0); 13456 } 13457