35
36#include <netinet/sctp_os.h>
37#include <sys/proc.h>
38#include <netinet/sctp_var.h>
39#include <netinet/sctp_sysctl.h>
40#include <netinet/sctp_header.h>
41#include <netinet/sctp_pcb.h>
42#include <netinet/sctputil.h>
43#include <netinet/sctp_output.h>
44#include <netinet/sctp_uio.h>
45#include <netinet/sctputil.h>
46#include <netinet/sctp_auth.h>
47#include <netinet/sctp_timer.h>
48#include <netinet/sctp_asconf.h>
49#include <netinet/sctp_indata.h>
50#include <netinet/sctp_bsd_addr.h>
51#include <netinet/sctp_input.h>
52#include <netinet/sctp_crc32.h>
53#include <netinet/udp.h>
54#include <machine/in_cksum.h>
55
56
57
58#define SCTP_MAX_GAPS_INARRAY 4
59struct sack_track {
60 uint8_t right_edge; /* mergable on the right edge */
61 uint8_t left_edge; /* mergable on the left edge */
62 uint8_t num_entries;
63 uint8_t spare;
64 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY];
65};
66
67struct sack_track sack_array[256] = {
68 {0, 0, 0, 0, /* 0x00 */
69 {{0, 0},
70 {0, 0},
71 {0, 0},
72 {0, 0}
73 }
74 },
75 {1, 0, 1, 0, /* 0x01 */
76 {{0, 0},
77 {0, 0},
78 {0, 0},
79 {0, 0}
80 }
81 },
82 {0, 0, 1, 0, /* 0x02 */
83 {{1, 1},
84 {0, 0},
85 {0, 0},
86 {0, 0}
87 }
88 },
89 {1, 0, 1, 0, /* 0x03 */
90 {{0, 1},
91 {0, 0},
92 {0, 0},
93 {0, 0}
94 }
95 },
96 {0, 0, 1, 0, /* 0x04 */
97 {{2, 2},
98 {0, 0},
99 {0, 0},
100 {0, 0}
101 }
102 },
103 {1, 0, 2, 0, /* 0x05 */
104 {{0, 0},
105 {2, 2},
106 {0, 0},
107 {0, 0}
108 }
109 },
110 {0, 0, 1, 0, /* 0x06 */
111 {{1, 2},
112 {0, 0},
113 {0, 0},
114 {0, 0}
115 }
116 },
117 {1, 0, 1, 0, /* 0x07 */
118 {{0, 2},
119 {0, 0},
120 {0, 0},
121 {0, 0}
122 }
123 },
124 {0, 0, 1, 0, /* 0x08 */
125 {{3, 3},
126 {0, 0},
127 {0, 0},
128 {0, 0}
129 }
130 },
131 {1, 0, 2, 0, /* 0x09 */
132 {{0, 0},
133 {3, 3},
134 {0, 0},
135 {0, 0}
136 }
137 },
138 {0, 0, 2, 0, /* 0x0a */
139 {{1, 1},
140 {3, 3},
141 {0, 0},
142 {0, 0}
143 }
144 },
145 {1, 0, 2, 0, /* 0x0b */
146 {{0, 1},
147 {3, 3},
148 {0, 0},
149 {0, 0}
150 }
151 },
152 {0, 0, 1, 0, /* 0x0c */
153 {{2, 3},
154 {0, 0},
155 {0, 0},
156 {0, 0}
157 }
158 },
159 {1, 0, 2, 0, /* 0x0d */
160 {{0, 0},
161 {2, 3},
162 {0, 0},
163 {0, 0}
164 }
165 },
166 {0, 0, 1, 0, /* 0x0e */
167 {{1, 3},
168 {0, 0},
169 {0, 0},
170 {0, 0}
171 }
172 },
173 {1, 0, 1, 0, /* 0x0f */
174 {{0, 3},
175 {0, 0},
176 {0, 0},
177 {0, 0}
178 }
179 },
180 {0, 0, 1, 0, /* 0x10 */
181 {{4, 4},
182 {0, 0},
183 {0, 0},
184 {0, 0}
185 }
186 },
187 {1, 0, 2, 0, /* 0x11 */
188 {{0, 0},
189 {4, 4},
190 {0, 0},
191 {0, 0}
192 }
193 },
194 {0, 0, 2, 0, /* 0x12 */
195 {{1, 1},
196 {4, 4},
197 {0, 0},
198 {0, 0}
199 }
200 },
201 {1, 0, 2, 0, /* 0x13 */
202 {{0, 1},
203 {4, 4},
204 {0, 0},
205 {0, 0}
206 }
207 },
208 {0, 0, 2, 0, /* 0x14 */
209 {{2, 2},
210 {4, 4},
211 {0, 0},
212 {0, 0}
213 }
214 },
215 {1, 0, 3, 0, /* 0x15 */
216 {{0, 0},
217 {2, 2},
218 {4, 4},
219 {0, 0}
220 }
221 },
222 {0, 0, 2, 0, /* 0x16 */
223 {{1, 2},
224 {4, 4},
225 {0, 0},
226 {0, 0}
227 }
228 },
229 {1, 0, 2, 0, /* 0x17 */
230 {{0, 2},
231 {4, 4},
232 {0, 0},
233 {0, 0}
234 }
235 },
236 {0, 0, 1, 0, /* 0x18 */
237 {{3, 4},
238 {0, 0},
239 {0, 0},
240 {0, 0}
241 }
242 },
243 {1, 0, 2, 0, /* 0x19 */
244 {{0, 0},
245 {3, 4},
246 {0, 0},
247 {0, 0}
248 }
249 },
250 {0, 0, 2, 0, /* 0x1a */
251 {{1, 1},
252 {3, 4},
253 {0, 0},
254 {0, 0}
255 }
256 },
257 {1, 0, 2, 0, /* 0x1b */
258 {{0, 1},
259 {3, 4},
260 {0, 0},
261 {0, 0}
262 }
263 },
264 {0, 0, 1, 0, /* 0x1c */
265 {{2, 4},
266 {0, 0},
267 {0, 0},
268 {0, 0}
269 }
270 },
271 {1, 0, 2, 0, /* 0x1d */
272 {{0, 0},
273 {2, 4},
274 {0, 0},
275 {0, 0}
276 }
277 },
278 {0, 0, 1, 0, /* 0x1e */
279 {{1, 4},
280 {0, 0},
281 {0, 0},
282 {0, 0}
283 }
284 },
285 {1, 0, 1, 0, /* 0x1f */
286 {{0, 4},
287 {0, 0},
288 {0, 0},
289 {0, 0}
290 }
291 },
292 {0, 0, 1, 0, /* 0x20 */
293 {{5, 5},
294 {0, 0},
295 {0, 0},
296 {0, 0}
297 }
298 },
299 {1, 0, 2, 0, /* 0x21 */
300 {{0, 0},
301 {5, 5},
302 {0, 0},
303 {0, 0}
304 }
305 },
306 {0, 0, 2, 0, /* 0x22 */
307 {{1, 1},
308 {5, 5},
309 {0, 0},
310 {0, 0}
311 }
312 },
313 {1, 0, 2, 0, /* 0x23 */
314 {{0, 1},
315 {5, 5},
316 {0, 0},
317 {0, 0}
318 }
319 },
320 {0, 0, 2, 0, /* 0x24 */
321 {{2, 2},
322 {5, 5},
323 {0, 0},
324 {0, 0}
325 }
326 },
327 {1, 0, 3, 0, /* 0x25 */
328 {{0, 0},
329 {2, 2},
330 {5, 5},
331 {0, 0}
332 }
333 },
334 {0, 0, 2, 0, /* 0x26 */
335 {{1, 2},
336 {5, 5},
337 {0, 0},
338 {0, 0}
339 }
340 },
341 {1, 0, 2, 0, /* 0x27 */
342 {{0, 2},
343 {5, 5},
344 {0, 0},
345 {0, 0}
346 }
347 },
348 {0, 0, 2, 0, /* 0x28 */
349 {{3, 3},
350 {5, 5},
351 {0, 0},
352 {0, 0}
353 }
354 },
355 {1, 0, 3, 0, /* 0x29 */
356 {{0, 0},
357 {3, 3},
358 {5, 5},
359 {0, 0}
360 }
361 },
362 {0, 0, 3, 0, /* 0x2a */
363 {{1, 1},
364 {3, 3},
365 {5, 5},
366 {0, 0}
367 }
368 },
369 {1, 0, 3, 0, /* 0x2b */
370 {{0, 1},
371 {3, 3},
372 {5, 5},
373 {0, 0}
374 }
375 },
376 {0, 0, 2, 0, /* 0x2c */
377 {{2, 3},
378 {5, 5},
379 {0, 0},
380 {0, 0}
381 }
382 },
383 {1, 0, 3, 0, /* 0x2d */
384 {{0, 0},
385 {2, 3},
386 {5, 5},
387 {0, 0}
388 }
389 },
390 {0, 0, 2, 0, /* 0x2e */
391 {{1, 3},
392 {5, 5},
393 {0, 0},
394 {0, 0}
395 }
396 },
397 {1, 0, 2, 0, /* 0x2f */
398 {{0, 3},
399 {5, 5},
400 {0, 0},
401 {0, 0}
402 }
403 },
404 {0, 0, 1, 0, /* 0x30 */
405 {{4, 5},
406 {0, 0},
407 {0, 0},
408 {0, 0}
409 }
410 },
411 {1, 0, 2, 0, /* 0x31 */
412 {{0, 0},
413 {4, 5},
414 {0, 0},
415 {0, 0}
416 }
417 },
418 {0, 0, 2, 0, /* 0x32 */
419 {{1, 1},
420 {4, 5},
421 {0, 0},
422 {0, 0}
423 }
424 },
425 {1, 0, 2, 0, /* 0x33 */
426 {{0, 1},
427 {4, 5},
428 {0, 0},
429 {0, 0}
430 }
431 },
432 {0, 0, 2, 0, /* 0x34 */
433 {{2, 2},
434 {4, 5},
435 {0, 0},
436 {0, 0}
437 }
438 },
439 {1, 0, 3, 0, /* 0x35 */
440 {{0, 0},
441 {2, 2},
442 {4, 5},
443 {0, 0}
444 }
445 },
446 {0, 0, 2, 0, /* 0x36 */
447 {{1, 2},
448 {4, 5},
449 {0, 0},
450 {0, 0}
451 }
452 },
453 {1, 0, 2, 0, /* 0x37 */
454 {{0, 2},
455 {4, 5},
456 {0, 0},
457 {0, 0}
458 }
459 },
460 {0, 0, 1, 0, /* 0x38 */
461 {{3, 5},
462 {0, 0},
463 {0, 0},
464 {0, 0}
465 }
466 },
467 {1, 0, 2, 0, /* 0x39 */
468 {{0, 0},
469 {3, 5},
470 {0, 0},
471 {0, 0}
472 }
473 },
474 {0, 0, 2, 0, /* 0x3a */
475 {{1, 1},
476 {3, 5},
477 {0, 0},
478 {0, 0}
479 }
480 },
481 {1, 0, 2, 0, /* 0x3b */
482 {{0, 1},
483 {3, 5},
484 {0, 0},
485 {0, 0}
486 }
487 },
488 {0, 0, 1, 0, /* 0x3c */
489 {{2, 5},
490 {0, 0},
491 {0, 0},
492 {0, 0}
493 }
494 },
495 {1, 0, 2, 0, /* 0x3d */
496 {{0, 0},
497 {2, 5},
498 {0, 0},
499 {0, 0}
500 }
501 },
502 {0, 0, 1, 0, /* 0x3e */
503 {{1, 5},
504 {0, 0},
505 {0, 0},
506 {0, 0}
507 }
508 },
509 {1, 0, 1, 0, /* 0x3f */
510 {{0, 5},
511 {0, 0},
512 {0, 0},
513 {0, 0}
514 }
515 },
516 {0, 0, 1, 0, /* 0x40 */
517 {{6, 6},
518 {0, 0},
519 {0, 0},
520 {0, 0}
521 }
522 },
523 {1, 0, 2, 0, /* 0x41 */
524 {{0, 0},
525 {6, 6},
526 {0, 0},
527 {0, 0}
528 }
529 },
530 {0, 0, 2, 0, /* 0x42 */
531 {{1, 1},
532 {6, 6},
533 {0, 0},
534 {0, 0}
535 }
536 },
537 {1, 0, 2, 0, /* 0x43 */
538 {{0, 1},
539 {6, 6},
540 {0, 0},
541 {0, 0}
542 }
543 },
544 {0, 0, 2, 0, /* 0x44 */
545 {{2, 2},
546 {6, 6},
547 {0, 0},
548 {0, 0}
549 }
550 },
551 {1, 0, 3, 0, /* 0x45 */
552 {{0, 0},
553 {2, 2},
554 {6, 6},
555 {0, 0}
556 }
557 },
558 {0, 0, 2, 0, /* 0x46 */
559 {{1, 2},
560 {6, 6},
561 {0, 0},
562 {0, 0}
563 }
564 },
565 {1, 0, 2, 0, /* 0x47 */
566 {{0, 2},
567 {6, 6},
568 {0, 0},
569 {0, 0}
570 }
571 },
572 {0, 0, 2, 0, /* 0x48 */
573 {{3, 3},
574 {6, 6},
575 {0, 0},
576 {0, 0}
577 }
578 },
579 {1, 0, 3, 0, /* 0x49 */
580 {{0, 0},
581 {3, 3},
582 {6, 6},
583 {0, 0}
584 }
585 },
586 {0, 0, 3, 0, /* 0x4a */
587 {{1, 1},
588 {3, 3},
589 {6, 6},
590 {0, 0}
591 }
592 },
593 {1, 0, 3, 0, /* 0x4b */
594 {{0, 1},
595 {3, 3},
596 {6, 6},
597 {0, 0}
598 }
599 },
600 {0, 0, 2, 0, /* 0x4c */
601 {{2, 3},
602 {6, 6},
603 {0, 0},
604 {0, 0}
605 }
606 },
607 {1, 0, 3, 0, /* 0x4d */
608 {{0, 0},
609 {2, 3},
610 {6, 6},
611 {0, 0}
612 }
613 },
614 {0, 0, 2, 0, /* 0x4e */
615 {{1, 3},
616 {6, 6},
617 {0, 0},
618 {0, 0}
619 }
620 },
621 {1, 0, 2, 0, /* 0x4f */
622 {{0, 3},
623 {6, 6},
624 {0, 0},
625 {0, 0}
626 }
627 },
628 {0, 0, 2, 0, /* 0x50 */
629 {{4, 4},
630 {6, 6},
631 {0, 0},
632 {0, 0}
633 }
634 },
635 {1, 0, 3, 0, /* 0x51 */
636 {{0, 0},
637 {4, 4},
638 {6, 6},
639 {0, 0}
640 }
641 },
642 {0, 0, 3, 0, /* 0x52 */
643 {{1, 1},
644 {4, 4},
645 {6, 6},
646 {0, 0}
647 }
648 },
649 {1, 0, 3, 0, /* 0x53 */
650 {{0, 1},
651 {4, 4},
652 {6, 6},
653 {0, 0}
654 }
655 },
656 {0, 0, 3, 0, /* 0x54 */
657 {{2, 2},
658 {4, 4},
659 {6, 6},
660 {0, 0}
661 }
662 },
663 {1, 0, 4, 0, /* 0x55 */
664 {{0, 0},
665 {2, 2},
666 {4, 4},
667 {6, 6}
668 }
669 },
670 {0, 0, 3, 0, /* 0x56 */
671 {{1, 2},
672 {4, 4},
673 {6, 6},
674 {0, 0}
675 }
676 },
677 {1, 0, 3, 0, /* 0x57 */
678 {{0, 2},
679 {4, 4},
680 {6, 6},
681 {0, 0}
682 }
683 },
684 {0, 0, 2, 0, /* 0x58 */
685 {{3, 4},
686 {6, 6},
687 {0, 0},
688 {0, 0}
689 }
690 },
691 {1, 0, 3, 0, /* 0x59 */
692 {{0, 0},
693 {3, 4},
694 {6, 6},
695 {0, 0}
696 }
697 },
698 {0, 0, 3, 0, /* 0x5a */
699 {{1, 1},
700 {3, 4},
701 {6, 6},
702 {0, 0}
703 }
704 },
705 {1, 0, 3, 0, /* 0x5b */
706 {{0, 1},
707 {3, 4},
708 {6, 6},
709 {0, 0}
710 }
711 },
712 {0, 0, 2, 0, /* 0x5c */
713 {{2, 4},
714 {6, 6},
715 {0, 0},
716 {0, 0}
717 }
718 },
719 {1, 0, 3, 0, /* 0x5d */
720 {{0, 0},
721 {2, 4},
722 {6, 6},
723 {0, 0}
724 }
725 },
726 {0, 0, 2, 0, /* 0x5e */
727 {{1, 4},
728 {6, 6},
729 {0, 0},
730 {0, 0}
731 }
732 },
733 {1, 0, 2, 0, /* 0x5f */
734 {{0, 4},
735 {6, 6},
736 {0, 0},
737 {0, 0}
738 }
739 },
740 {0, 0, 1, 0, /* 0x60 */
741 {{5, 6},
742 {0, 0},
743 {0, 0},
744 {0, 0}
745 }
746 },
747 {1, 0, 2, 0, /* 0x61 */
748 {{0, 0},
749 {5, 6},
750 {0, 0},
751 {0, 0}
752 }
753 },
754 {0, 0, 2, 0, /* 0x62 */
755 {{1, 1},
756 {5, 6},
757 {0, 0},
758 {0, 0}
759 }
760 },
761 {1, 0, 2, 0, /* 0x63 */
762 {{0, 1},
763 {5, 6},
764 {0, 0},
765 {0, 0}
766 }
767 },
768 {0, 0, 2, 0, /* 0x64 */
769 {{2, 2},
770 {5, 6},
771 {0, 0},
772 {0, 0}
773 }
774 },
775 {1, 0, 3, 0, /* 0x65 */
776 {{0, 0},
777 {2, 2},
778 {5, 6},
779 {0, 0}
780 }
781 },
782 {0, 0, 2, 0, /* 0x66 */
783 {{1, 2},
784 {5, 6},
785 {0, 0},
786 {0, 0}
787 }
788 },
789 {1, 0, 2, 0, /* 0x67 */
790 {{0, 2},
791 {5, 6},
792 {0, 0},
793 {0, 0}
794 }
795 },
796 {0, 0, 2, 0, /* 0x68 */
797 {{3, 3},
798 {5, 6},
799 {0, 0},
800 {0, 0}
801 }
802 },
803 {1, 0, 3, 0, /* 0x69 */
804 {{0, 0},
805 {3, 3},
806 {5, 6},
807 {0, 0}
808 }
809 },
810 {0, 0, 3, 0, /* 0x6a */
811 {{1, 1},
812 {3, 3},
813 {5, 6},
814 {0, 0}
815 }
816 },
817 {1, 0, 3, 0, /* 0x6b */
818 {{0, 1},
819 {3, 3},
820 {5, 6},
821 {0, 0}
822 }
823 },
824 {0, 0, 2, 0, /* 0x6c */
825 {{2, 3},
826 {5, 6},
827 {0, 0},
828 {0, 0}
829 }
830 },
831 {1, 0, 3, 0, /* 0x6d */
832 {{0, 0},
833 {2, 3},
834 {5, 6},
835 {0, 0}
836 }
837 },
838 {0, 0, 2, 0, /* 0x6e */
839 {{1, 3},
840 {5, 6},
841 {0, 0},
842 {0, 0}
843 }
844 },
845 {1, 0, 2, 0, /* 0x6f */
846 {{0, 3},
847 {5, 6},
848 {0, 0},
849 {0, 0}
850 }
851 },
852 {0, 0, 1, 0, /* 0x70 */
853 {{4, 6},
854 {0, 0},
855 {0, 0},
856 {0, 0}
857 }
858 },
859 {1, 0, 2, 0, /* 0x71 */
860 {{0, 0},
861 {4, 6},
862 {0, 0},
863 {0, 0}
864 }
865 },
866 {0, 0, 2, 0, /* 0x72 */
867 {{1, 1},
868 {4, 6},
869 {0, 0},
870 {0, 0}
871 }
872 },
873 {1, 0, 2, 0, /* 0x73 */
874 {{0, 1},
875 {4, 6},
876 {0, 0},
877 {0, 0}
878 }
879 },
880 {0, 0, 2, 0, /* 0x74 */
881 {{2, 2},
882 {4, 6},
883 {0, 0},
884 {0, 0}
885 }
886 },
887 {1, 0, 3, 0, /* 0x75 */
888 {{0, 0},
889 {2, 2},
890 {4, 6},
891 {0, 0}
892 }
893 },
894 {0, 0, 2, 0, /* 0x76 */
895 {{1, 2},
896 {4, 6},
897 {0, 0},
898 {0, 0}
899 }
900 },
901 {1, 0, 2, 0, /* 0x77 */
902 {{0, 2},
903 {4, 6},
904 {0, 0},
905 {0, 0}
906 }
907 },
908 {0, 0, 1, 0, /* 0x78 */
909 {{3, 6},
910 {0, 0},
911 {0, 0},
912 {0, 0}
913 }
914 },
915 {1, 0, 2, 0, /* 0x79 */
916 {{0, 0},
917 {3, 6},
918 {0, 0},
919 {0, 0}
920 }
921 },
922 {0, 0, 2, 0, /* 0x7a */
923 {{1, 1},
924 {3, 6},
925 {0, 0},
926 {0, 0}
927 }
928 },
929 {1, 0, 2, 0, /* 0x7b */
930 {{0, 1},
931 {3, 6},
932 {0, 0},
933 {0, 0}
934 }
935 },
936 {0, 0, 1, 0, /* 0x7c */
937 {{2, 6},
938 {0, 0},
939 {0, 0},
940 {0, 0}
941 }
942 },
943 {1, 0, 2, 0, /* 0x7d */
944 {{0, 0},
945 {2, 6},
946 {0, 0},
947 {0, 0}
948 }
949 },
950 {0, 0, 1, 0, /* 0x7e */
951 {{1, 6},
952 {0, 0},
953 {0, 0},
954 {0, 0}
955 }
956 },
957 {1, 0, 1, 0, /* 0x7f */
958 {{0, 6},
959 {0, 0},
960 {0, 0},
961 {0, 0}
962 }
963 },
964 {0, 1, 1, 0, /* 0x80 */
965 {{7, 7},
966 {0, 0},
967 {0, 0},
968 {0, 0}
969 }
970 },
971 {1, 1, 2, 0, /* 0x81 */
972 {{0, 0},
973 {7, 7},
974 {0, 0},
975 {0, 0}
976 }
977 },
978 {0, 1, 2, 0, /* 0x82 */
979 {{1, 1},
980 {7, 7},
981 {0, 0},
982 {0, 0}
983 }
984 },
985 {1, 1, 2, 0, /* 0x83 */
986 {{0, 1},
987 {7, 7},
988 {0, 0},
989 {0, 0}
990 }
991 },
992 {0, 1, 2, 0, /* 0x84 */
993 {{2, 2},
994 {7, 7},
995 {0, 0},
996 {0, 0}
997 }
998 },
999 {1, 1, 3, 0, /* 0x85 */
1000 {{0, 0},
1001 {2, 2},
1002 {7, 7},
1003 {0, 0}
1004 }
1005 },
1006 {0, 1, 2, 0, /* 0x86 */
1007 {{1, 2},
1008 {7, 7},
1009 {0, 0},
1010 {0, 0}
1011 }
1012 },
1013 {1, 1, 2, 0, /* 0x87 */
1014 {{0, 2},
1015 {7, 7},
1016 {0, 0},
1017 {0, 0}
1018 }
1019 },
1020 {0, 1, 2, 0, /* 0x88 */
1021 {{3, 3},
1022 {7, 7},
1023 {0, 0},
1024 {0, 0}
1025 }
1026 },
1027 {1, 1, 3, 0, /* 0x89 */
1028 {{0, 0},
1029 {3, 3},
1030 {7, 7},
1031 {0, 0}
1032 }
1033 },
1034 {0, 1, 3, 0, /* 0x8a */
1035 {{1, 1},
1036 {3, 3},
1037 {7, 7},
1038 {0, 0}
1039 }
1040 },
1041 {1, 1, 3, 0, /* 0x8b */
1042 {{0, 1},
1043 {3, 3},
1044 {7, 7},
1045 {0, 0}
1046 }
1047 },
1048 {0, 1, 2, 0, /* 0x8c */
1049 {{2, 3},
1050 {7, 7},
1051 {0, 0},
1052 {0, 0}
1053 }
1054 },
1055 {1, 1, 3, 0, /* 0x8d */
1056 {{0, 0},
1057 {2, 3},
1058 {7, 7},
1059 {0, 0}
1060 }
1061 },
1062 {0, 1, 2, 0, /* 0x8e */
1063 {{1, 3},
1064 {7, 7},
1065 {0, 0},
1066 {0, 0}
1067 }
1068 },
1069 {1, 1, 2, 0, /* 0x8f */
1070 {{0, 3},
1071 {7, 7},
1072 {0, 0},
1073 {0, 0}
1074 }
1075 },
1076 {0, 1, 2, 0, /* 0x90 */
1077 {{4, 4},
1078 {7, 7},
1079 {0, 0},
1080 {0, 0}
1081 }
1082 },
1083 {1, 1, 3, 0, /* 0x91 */
1084 {{0, 0},
1085 {4, 4},
1086 {7, 7},
1087 {0, 0}
1088 }
1089 },
1090 {0, 1, 3, 0, /* 0x92 */
1091 {{1, 1},
1092 {4, 4},
1093 {7, 7},
1094 {0, 0}
1095 }
1096 },
1097 {1, 1, 3, 0, /* 0x93 */
1098 {{0, 1},
1099 {4, 4},
1100 {7, 7},
1101 {0, 0}
1102 }
1103 },
1104 {0, 1, 3, 0, /* 0x94 */
1105 {{2, 2},
1106 {4, 4},
1107 {7, 7},
1108 {0, 0}
1109 }
1110 },
1111 {1, 1, 4, 0, /* 0x95 */
1112 {{0, 0},
1113 {2, 2},
1114 {4, 4},
1115 {7, 7}
1116 }
1117 },
1118 {0, 1, 3, 0, /* 0x96 */
1119 {{1, 2},
1120 {4, 4},
1121 {7, 7},
1122 {0, 0}
1123 }
1124 },
1125 {1, 1, 3, 0, /* 0x97 */
1126 {{0, 2},
1127 {4, 4},
1128 {7, 7},
1129 {0, 0}
1130 }
1131 },
1132 {0, 1, 2, 0, /* 0x98 */
1133 {{3, 4},
1134 {7, 7},
1135 {0, 0},
1136 {0, 0}
1137 }
1138 },
1139 {1, 1, 3, 0, /* 0x99 */
1140 {{0, 0},
1141 {3, 4},
1142 {7, 7},
1143 {0, 0}
1144 }
1145 },
1146 {0, 1, 3, 0, /* 0x9a */
1147 {{1, 1},
1148 {3, 4},
1149 {7, 7},
1150 {0, 0}
1151 }
1152 },
1153 {1, 1, 3, 0, /* 0x9b */
1154 {{0, 1},
1155 {3, 4},
1156 {7, 7},
1157 {0, 0}
1158 }
1159 },
1160 {0, 1, 2, 0, /* 0x9c */
1161 {{2, 4},
1162 {7, 7},
1163 {0, 0},
1164 {0, 0}
1165 }
1166 },
1167 {1, 1, 3, 0, /* 0x9d */
1168 {{0, 0},
1169 {2, 4},
1170 {7, 7},
1171 {0, 0}
1172 }
1173 },
1174 {0, 1, 2, 0, /* 0x9e */
1175 {{1, 4},
1176 {7, 7},
1177 {0, 0},
1178 {0, 0}
1179 }
1180 },
1181 {1, 1, 2, 0, /* 0x9f */
1182 {{0, 4},
1183 {7, 7},
1184 {0, 0},
1185 {0, 0}
1186 }
1187 },
1188 {0, 1, 2, 0, /* 0xa0 */
1189 {{5, 5},
1190 {7, 7},
1191 {0, 0},
1192 {0, 0}
1193 }
1194 },
1195 {1, 1, 3, 0, /* 0xa1 */
1196 {{0, 0},
1197 {5, 5},
1198 {7, 7},
1199 {0, 0}
1200 }
1201 },
1202 {0, 1, 3, 0, /* 0xa2 */
1203 {{1, 1},
1204 {5, 5},
1205 {7, 7},
1206 {0, 0}
1207 }
1208 },
1209 {1, 1, 3, 0, /* 0xa3 */
1210 {{0, 1},
1211 {5, 5},
1212 {7, 7},
1213 {0, 0}
1214 }
1215 },
1216 {0, 1, 3, 0, /* 0xa4 */
1217 {{2, 2},
1218 {5, 5},
1219 {7, 7},
1220 {0, 0}
1221 }
1222 },
1223 {1, 1, 4, 0, /* 0xa5 */
1224 {{0, 0},
1225 {2, 2},
1226 {5, 5},
1227 {7, 7}
1228 }
1229 },
1230 {0, 1, 3, 0, /* 0xa6 */
1231 {{1, 2},
1232 {5, 5},
1233 {7, 7},
1234 {0, 0}
1235 }
1236 },
1237 {1, 1, 3, 0, /* 0xa7 */
1238 {{0, 2},
1239 {5, 5},
1240 {7, 7},
1241 {0, 0}
1242 }
1243 },
1244 {0, 1, 3, 0, /* 0xa8 */
1245 {{3, 3},
1246 {5, 5},
1247 {7, 7},
1248 {0, 0}
1249 }
1250 },
1251 {1, 1, 4, 0, /* 0xa9 */
1252 {{0, 0},
1253 {3, 3},
1254 {5, 5},
1255 {7, 7}
1256 }
1257 },
1258 {0, 1, 4, 0, /* 0xaa */
1259 {{1, 1},
1260 {3, 3},
1261 {5, 5},
1262 {7, 7}
1263 }
1264 },
1265 {1, 1, 4, 0, /* 0xab */
1266 {{0, 1},
1267 {3, 3},
1268 {5, 5},
1269 {7, 7}
1270 }
1271 },
1272 {0, 1, 3, 0, /* 0xac */
1273 {{2, 3},
1274 {5, 5},
1275 {7, 7},
1276 {0, 0}
1277 }
1278 },
1279 {1, 1, 4, 0, /* 0xad */
1280 {{0, 0},
1281 {2, 3},
1282 {5, 5},
1283 {7, 7}
1284 }
1285 },
1286 {0, 1, 3, 0, /* 0xae */
1287 {{1, 3},
1288 {5, 5},
1289 {7, 7},
1290 {0, 0}
1291 }
1292 },
1293 {1, 1, 3, 0, /* 0xaf */
1294 {{0, 3},
1295 {5, 5},
1296 {7, 7},
1297 {0, 0}
1298 }
1299 },
1300 {0, 1, 2, 0, /* 0xb0 */
1301 {{4, 5},
1302 {7, 7},
1303 {0, 0},
1304 {0, 0}
1305 }
1306 },
1307 {1, 1, 3, 0, /* 0xb1 */
1308 {{0, 0},
1309 {4, 5},
1310 {7, 7},
1311 {0, 0}
1312 }
1313 },
1314 {0, 1, 3, 0, /* 0xb2 */
1315 {{1, 1},
1316 {4, 5},
1317 {7, 7},
1318 {0, 0}
1319 }
1320 },
1321 {1, 1, 3, 0, /* 0xb3 */
1322 {{0, 1},
1323 {4, 5},
1324 {7, 7},
1325 {0, 0}
1326 }
1327 },
1328 {0, 1, 3, 0, /* 0xb4 */
1329 {{2, 2},
1330 {4, 5},
1331 {7, 7},
1332 {0, 0}
1333 }
1334 },
1335 {1, 1, 4, 0, /* 0xb5 */
1336 {{0, 0},
1337 {2, 2},
1338 {4, 5},
1339 {7, 7}
1340 }
1341 },
1342 {0, 1, 3, 0, /* 0xb6 */
1343 {{1, 2},
1344 {4, 5},
1345 {7, 7},
1346 {0, 0}
1347 }
1348 },
1349 {1, 1, 3, 0, /* 0xb7 */
1350 {{0, 2},
1351 {4, 5},
1352 {7, 7},
1353 {0, 0}
1354 }
1355 },
1356 {0, 1, 2, 0, /* 0xb8 */
1357 {{3, 5},
1358 {7, 7},
1359 {0, 0},
1360 {0, 0}
1361 }
1362 },
1363 {1, 1, 3, 0, /* 0xb9 */
1364 {{0, 0},
1365 {3, 5},
1366 {7, 7},
1367 {0, 0}
1368 }
1369 },
1370 {0, 1, 3, 0, /* 0xba */
1371 {{1, 1},
1372 {3, 5},
1373 {7, 7},
1374 {0, 0}
1375 }
1376 },
1377 {1, 1, 3, 0, /* 0xbb */
1378 {{0, 1},
1379 {3, 5},
1380 {7, 7},
1381 {0, 0}
1382 }
1383 },
1384 {0, 1, 2, 0, /* 0xbc */
1385 {{2, 5},
1386 {7, 7},
1387 {0, 0},
1388 {0, 0}
1389 }
1390 },
1391 {1, 1, 3, 0, /* 0xbd */
1392 {{0, 0},
1393 {2, 5},
1394 {7, 7},
1395 {0, 0}
1396 }
1397 },
1398 {0, 1, 2, 0, /* 0xbe */
1399 {{1, 5},
1400 {7, 7},
1401 {0, 0},
1402 {0, 0}
1403 }
1404 },
1405 {1, 1, 2, 0, /* 0xbf */
1406 {{0, 5},
1407 {7, 7},
1408 {0, 0},
1409 {0, 0}
1410 }
1411 },
1412 {0, 1, 1, 0, /* 0xc0 */
1413 {{6, 7},
1414 {0, 0},
1415 {0, 0},
1416 {0, 0}
1417 }
1418 },
1419 {1, 1, 2, 0, /* 0xc1 */
1420 {{0, 0},
1421 {6, 7},
1422 {0, 0},
1423 {0, 0}
1424 }
1425 },
1426 {0, 1, 2, 0, /* 0xc2 */
1427 {{1, 1},
1428 {6, 7},
1429 {0, 0},
1430 {0, 0}
1431 }
1432 },
1433 {1, 1, 2, 0, /* 0xc3 */
1434 {{0, 1},
1435 {6, 7},
1436 {0, 0},
1437 {0, 0}
1438 }
1439 },
1440 {0, 1, 2, 0, /* 0xc4 */
1441 {{2, 2},
1442 {6, 7},
1443 {0, 0},
1444 {0, 0}
1445 }
1446 },
1447 {1, 1, 3, 0, /* 0xc5 */
1448 {{0, 0},
1449 {2, 2},
1450 {6, 7},
1451 {0, 0}
1452 }
1453 },
1454 {0, 1, 2, 0, /* 0xc6 */
1455 {{1, 2},
1456 {6, 7},
1457 {0, 0},
1458 {0, 0}
1459 }
1460 },
1461 {1, 1, 2, 0, /* 0xc7 */
1462 {{0, 2},
1463 {6, 7},
1464 {0, 0},
1465 {0, 0}
1466 }
1467 },
1468 {0, 1, 2, 0, /* 0xc8 */
1469 {{3, 3},
1470 {6, 7},
1471 {0, 0},
1472 {0, 0}
1473 }
1474 },
1475 {1, 1, 3, 0, /* 0xc9 */
1476 {{0, 0},
1477 {3, 3},
1478 {6, 7},
1479 {0, 0}
1480 }
1481 },
1482 {0, 1, 3, 0, /* 0xca */
1483 {{1, 1},
1484 {3, 3},
1485 {6, 7},
1486 {0, 0}
1487 }
1488 },
1489 {1, 1, 3, 0, /* 0xcb */
1490 {{0, 1},
1491 {3, 3},
1492 {6, 7},
1493 {0, 0}
1494 }
1495 },
1496 {0, 1, 2, 0, /* 0xcc */
1497 {{2, 3},
1498 {6, 7},
1499 {0, 0},
1500 {0, 0}
1501 }
1502 },
1503 {1, 1, 3, 0, /* 0xcd */
1504 {{0, 0},
1505 {2, 3},
1506 {6, 7},
1507 {0, 0}
1508 }
1509 },
1510 {0, 1, 2, 0, /* 0xce */
1511 {{1, 3},
1512 {6, 7},
1513 {0, 0},
1514 {0, 0}
1515 }
1516 },
1517 {1, 1, 2, 0, /* 0xcf */
1518 {{0, 3},
1519 {6, 7},
1520 {0, 0},
1521 {0, 0}
1522 }
1523 },
1524 {0, 1, 2, 0, /* 0xd0 */
1525 {{4, 4},
1526 {6, 7},
1527 {0, 0},
1528 {0, 0}
1529 }
1530 },
1531 {1, 1, 3, 0, /* 0xd1 */
1532 {{0, 0},
1533 {4, 4},
1534 {6, 7},
1535 {0, 0}
1536 }
1537 },
1538 {0, 1, 3, 0, /* 0xd2 */
1539 {{1, 1},
1540 {4, 4},
1541 {6, 7},
1542 {0, 0}
1543 }
1544 },
1545 {1, 1, 3, 0, /* 0xd3 */
1546 {{0, 1},
1547 {4, 4},
1548 {6, 7},
1549 {0, 0}
1550 }
1551 },
1552 {0, 1, 3, 0, /* 0xd4 */
1553 {{2, 2},
1554 {4, 4},
1555 {6, 7},
1556 {0, 0}
1557 }
1558 },
1559 {1, 1, 4, 0, /* 0xd5 */
1560 {{0, 0},
1561 {2, 2},
1562 {4, 4},
1563 {6, 7}
1564 }
1565 },
1566 {0, 1, 3, 0, /* 0xd6 */
1567 {{1, 2},
1568 {4, 4},
1569 {6, 7},
1570 {0, 0}
1571 }
1572 },
1573 {1, 1, 3, 0, /* 0xd7 */
1574 {{0, 2},
1575 {4, 4},
1576 {6, 7},
1577 {0, 0}
1578 }
1579 },
1580 {0, 1, 2, 0, /* 0xd8 */
1581 {{3, 4},
1582 {6, 7},
1583 {0, 0},
1584 {0, 0}
1585 }
1586 },
1587 {1, 1, 3, 0, /* 0xd9 */
1588 {{0, 0},
1589 {3, 4},
1590 {6, 7},
1591 {0, 0}
1592 }
1593 },
1594 {0, 1, 3, 0, /* 0xda */
1595 {{1, 1},
1596 {3, 4},
1597 {6, 7},
1598 {0, 0}
1599 }
1600 },
1601 {1, 1, 3, 0, /* 0xdb */
1602 {{0, 1},
1603 {3, 4},
1604 {6, 7},
1605 {0, 0}
1606 }
1607 },
1608 {0, 1, 2, 0, /* 0xdc */
1609 {{2, 4},
1610 {6, 7},
1611 {0, 0},
1612 {0, 0}
1613 }
1614 },
1615 {1, 1, 3, 0, /* 0xdd */
1616 {{0, 0},
1617 {2, 4},
1618 {6, 7},
1619 {0, 0}
1620 }
1621 },
1622 {0, 1, 2, 0, /* 0xde */
1623 {{1, 4},
1624 {6, 7},
1625 {0, 0},
1626 {0, 0}
1627 }
1628 },
1629 {1, 1, 2, 0, /* 0xdf */
1630 {{0, 4},
1631 {6, 7},
1632 {0, 0},
1633 {0, 0}
1634 }
1635 },
1636 {0, 1, 1, 0, /* 0xe0 */
1637 {{5, 7},
1638 {0, 0},
1639 {0, 0},
1640 {0, 0}
1641 }
1642 },
1643 {1, 1, 2, 0, /* 0xe1 */
1644 {{0, 0},
1645 {5, 7},
1646 {0, 0},
1647 {0, 0}
1648 }
1649 },
1650 {0, 1, 2, 0, /* 0xe2 */
1651 {{1, 1},
1652 {5, 7},
1653 {0, 0},
1654 {0, 0}
1655 }
1656 },
1657 {1, 1, 2, 0, /* 0xe3 */
1658 {{0, 1},
1659 {5, 7},
1660 {0, 0},
1661 {0, 0}
1662 }
1663 },
1664 {0, 1, 2, 0, /* 0xe4 */
1665 {{2, 2},
1666 {5, 7},
1667 {0, 0},
1668 {0, 0}
1669 }
1670 },
1671 {1, 1, 3, 0, /* 0xe5 */
1672 {{0, 0},
1673 {2, 2},
1674 {5, 7},
1675 {0, 0}
1676 }
1677 },
1678 {0, 1, 2, 0, /* 0xe6 */
1679 {{1, 2},
1680 {5, 7},
1681 {0, 0},
1682 {0, 0}
1683 }
1684 },
1685 {1, 1, 2, 0, /* 0xe7 */
1686 {{0, 2},
1687 {5, 7},
1688 {0, 0},
1689 {0, 0}
1690 }
1691 },
1692 {0, 1, 2, 0, /* 0xe8 */
1693 {{3, 3},
1694 {5, 7},
1695 {0, 0},
1696 {0, 0}
1697 }
1698 },
1699 {1, 1, 3, 0, /* 0xe9 */
1700 {{0, 0},
1701 {3, 3},
1702 {5, 7},
1703 {0, 0}
1704 }
1705 },
1706 {0, 1, 3, 0, /* 0xea */
1707 {{1, 1},
1708 {3, 3},
1709 {5, 7},
1710 {0, 0}
1711 }
1712 },
1713 {1, 1, 3, 0, /* 0xeb */
1714 {{0, 1},
1715 {3, 3},
1716 {5, 7},
1717 {0, 0}
1718 }
1719 },
1720 {0, 1, 2, 0, /* 0xec */
1721 {{2, 3},
1722 {5, 7},
1723 {0, 0},
1724 {0, 0}
1725 }
1726 },
1727 {1, 1, 3, 0, /* 0xed */
1728 {{0, 0},
1729 {2, 3},
1730 {5, 7},
1731 {0, 0}
1732 }
1733 },
1734 {0, 1, 2, 0, /* 0xee */
1735 {{1, 3},
1736 {5, 7},
1737 {0, 0},
1738 {0, 0}
1739 }
1740 },
1741 {1, 1, 2, 0, /* 0xef */
1742 {{0, 3},
1743 {5, 7},
1744 {0, 0},
1745 {0, 0}
1746 }
1747 },
1748 {0, 1, 1, 0, /* 0xf0 */
1749 {{4, 7},
1750 {0, 0},
1751 {0, 0},
1752 {0, 0}
1753 }
1754 },
1755 {1, 1, 2, 0, /* 0xf1 */
1756 {{0, 0},
1757 {4, 7},
1758 {0, 0},
1759 {0, 0}
1760 }
1761 },
1762 {0, 1, 2, 0, /* 0xf2 */
1763 {{1, 1},
1764 {4, 7},
1765 {0, 0},
1766 {0, 0}
1767 }
1768 },
1769 {1, 1, 2, 0, /* 0xf3 */
1770 {{0, 1},
1771 {4, 7},
1772 {0, 0},
1773 {0, 0}
1774 }
1775 },
1776 {0, 1, 2, 0, /* 0xf4 */
1777 {{2, 2},
1778 {4, 7},
1779 {0, 0},
1780 {0, 0}
1781 }
1782 },
1783 {1, 1, 3, 0, /* 0xf5 */
1784 {{0, 0},
1785 {2, 2},
1786 {4, 7},
1787 {0, 0}
1788 }
1789 },
1790 {0, 1, 2, 0, /* 0xf6 */
1791 {{1, 2},
1792 {4, 7},
1793 {0, 0},
1794 {0, 0}
1795 }
1796 },
1797 {1, 1, 2, 0, /* 0xf7 */
1798 {{0, 2},
1799 {4, 7},
1800 {0, 0},
1801 {0, 0}
1802 }
1803 },
1804 {0, 1, 1, 0, /* 0xf8 */
1805 {{3, 7},
1806 {0, 0},
1807 {0, 0},
1808 {0, 0}
1809 }
1810 },
1811 {1, 1, 2, 0, /* 0xf9 */
1812 {{0, 0},
1813 {3, 7},
1814 {0, 0},
1815 {0, 0}
1816 }
1817 },
1818 {0, 1, 2, 0, /* 0xfa */
1819 {{1, 1},
1820 {3, 7},
1821 {0, 0},
1822 {0, 0}
1823 }
1824 },
1825 {1, 1, 2, 0, /* 0xfb */
1826 {{0, 1},
1827 {3, 7},
1828 {0, 0},
1829 {0, 0}
1830 }
1831 },
1832 {0, 1, 1, 0, /* 0xfc */
1833 {{2, 7},
1834 {0, 0},
1835 {0, 0},
1836 {0, 0}
1837 }
1838 },
1839 {1, 1, 2, 0, /* 0xfd */
1840 {{0, 0},
1841 {2, 7},
1842 {0, 0},
1843 {0, 0}
1844 }
1845 },
1846 {0, 1, 1, 0, /* 0xfe */
1847 {{1, 7},
1848 {0, 0},
1849 {0, 0},
1850 {0, 0}
1851 }
1852 },
1853 {1, 1, 1, 0, /* 0xff */
1854 {{0, 7},
1855 {0, 0},
1856 {0, 0},
1857 {0, 0}
1858 }
1859 }
1860};
1861
1862
1863int
1864sctp_is_address_in_scope(struct sctp_ifa *ifa,
1865 int ipv4_addr_legal,
1866 int ipv6_addr_legal,
1867 int loopback_scope,
1868 int ipv4_local_scope,
1869 int local_scope,
1870 int site_scope,
1871 int do_update)
1872{
1873 if ((loopback_scope == 0) &&
1874 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) {
1875 /*
1876 * skip loopback if not in scope *
1877 */
1878 return (0);
1879 }
1880 switch (ifa->address.sa.sa_family) {
1881 case AF_INET:
1882 if (ipv4_addr_legal) {
1883 struct sockaddr_in *sin;
1884
1885 sin = (struct sockaddr_in *)&ifa->address.sin;
1886 if (sin->sin_addr.s_addr == 0) {
1887 /* not in scope , unspecified */
1888 return (0);
1889 }
1890 if ((ipv4_local_scope == 0) &&
1891 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
1892 /* private address not in scope */
1893 return (0);
1894 }
1895 } else {
1896 return (0);
1897 }
1898 break;
1899#ifdef INET6
1900 case AF_INET6:
1901 if (ipv6_addr_legal) {
1902 struct sockaddr_in6 *sin6;
1903
1904 /*
1905 * Must update the flags, bummer, which means any
1906 * IFA locks must now be applied HERE <->
1907 */
1908 if (do_update) {
1909 sctp_gather_internal_ifa_flags(ifa);
1910 }
1911 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
1912 return (0);
1913 }
1914 /* ok to use deprecated addresses? */
1915 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6;
1916 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1917 /* skip unspecifed addresses */
1918 return (0);
1919 }
1920 if ( /* (local_scope == 0) && */
1921 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) {
1922 return (0);
1923 }
1924 if ((site_scope == 0) &&
1925 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
1926 return (0);
1927 }
1928 } else {
1929 return (0);
1930 }
1931 break;
1932#endif
1933 default:
1934 return (0);
1935 }
1936 return (1);
1937}
1938
1939static struct mbuf *
1940sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa)
1941{
1942 struct sctp_paramhdr *parmh;
1943 struct mbuf *mret;
1944 int len;
1945
1946 if (ifa->address.sa.sa_family == AF_INET) {
1947 len = sizeof(struct sctp_ipv4addr_param);
1948 } else if (ifa->address.sa.sa_family == AF_INET6) {
1949 len = sizeof(struct sctp_ipv6addr_param);
1950 } else {
1951 /* unknown type */
1952 return (m);
1953 }
1954 if (M_TRAILINGSPACE(m) >= len) {
1955 /* easy side we just drop it on the end */
1956 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m)));
1957 mret = m;
1958 } else {
1959 /* Need more space */
1960 mret = m;
1961 while (SCTP_BUF_NEXT(mret) != NULL) {
1962 mret = SCTP_BUF_NEXT(mret);
1963 }
1964 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA);
1965 if (SCTP_BUF_NEXT(mret) == NULL) {
1966 /* We are hosed, can't add more addresses */
1967 return (m);
1968 }
1969 mret = SCTP_BUF_NEXT(mret);
1970 parmh = mtod(mret, struct sctp_paramhdr *);
1971 }
1972 /* now add the parameter */
1973 switch (ifa->address.sa.sa_family) {
1974 case AF_INET:
1975 {
1976 struct sctp_ipv4addr_param *ipv4p;
1977 struct sockaddr_in *sin;
1978
1979 sin = (struct sockaddr_in *)&ifa->address.sin;
1980 ipv4p = (struct sctp_ipv4addr_param *)parmh;
1981 parmh->param_type = htons(SCTP_IPV4_ADDRESS);
1982 parmh->param_length = htons(len);
1983 ipv4p->addr = sin->sin_addr.s_addr;
1984 SCTP_BUF_LEN(mret) += len;
1985 break;
1986 }
1987#ifdef INET6
1988 case AF_INET6:
1989 {
1990 struct sctp_ipv6addr_param *ipv6p;
1991 struct sockaddr_in6 *sin6;
1992
1993 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6;
1994 ipv6p = (struct sctp_ipv6addr_param *)parmh;
1995 parmh->param_type = htons(SCTP_IPV6_ADDRESS);
1996 parmh->param_length = htons(len);
1997 memcpy(ipv6p->addr, &sin6->sin6_addr,
1998 sizeof(ipv6p->addr));
1999 /* clear embedded scope in the address */
2000 in6_clearscope((struct in6_addr *)ipv6p->addr);
2001 SCTP_BUF_LEN(mret) += len;
2002 break;
2003 }
2004#endif
2005 default:
2006 return (m);
2007 }
2008 return (mret);
2009}
2010
2011
2012struct mbuf *
2013sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope,
2014 struct mbuf *m_at, int cnt_inits_to)
2015{
2016 struct sctp_vrf *vrf = NULL;
2017 int cnt, limit_out = 0, total_count;
2018 uint32_t vrf_id;
2019
2020 vrf_id = inp->def_vrf_id;
2021 SCTP_IPI_ADDR_RLOCK();
2022 vrf = sctp_find_vrf(vrf_id);
2023 if (vrf == NULL) {
2024 SCTP_IPI_ADDR_RUNLOCK();
2025 return (m_at);
2026 }
2027 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
2028 struct sctp_ifa *sctp_ifap;
2029 struct sctp_ifn *sctp_ifnp;
2030
2031 cnt = cnt_inits_to;
2032 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) {
2033 limit_out = 1;
2034 cnt = SCTP_ADDRESS_LIMIT;
2035 goto skip_count;
2036 }
2037 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
2038 if ((scope->loopback_scope == 0) &&
2039 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
2040 /*
2041 * Skip loopback devices if loopback_scope
2042 * not set
2043 */
2044 continue;
2045 }
2046 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
2047 if (sctp_is_address_in_scope(sctp_ifap,
2048 scope->ipv4_addr_legal,
2049 scope->ipv6_addr_legal,
2050 scope->loopback_scope,
2051 scope->ipv4_local_scope,
2052 scope->local_scope,
2053 scope->site_scope, 1) == 0) {
2054 continue;
2055 }
2056 cnt++;
2057 if (cnt > SCTP_ADDRESS_LIMIT) {
2058 break;
2059 }
2060 }
2061 if (cnt > SCTP_ADDRESS_LIMIT) {
2062 break;
2063 }
2064 }
2065skip_count:
2066 if (cnt > 1) {
2067 total_count = 0;
2068 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
2069 cnt = 0;
2070 if ((scope->loopback_scope == 0) &&
2071 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
2072 /*
2073 * Skip loopback devices if
2074 * loopback_scope not set
2075 */
2076 continue;
2077 }
2078 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
2079 if (sctp_is_address_in_scope(sctp_ifap,
2080 scope->ipv4_addr_legal,
2081 scope->ipv6_addr_legal,
2082 scope->loopback_scope,
2083 scope->ipv4_local_scope,
2084 scope->local_scope,
2085 scope->site_scope, 0) == 0) {
2086 continue;
2087 }
2088 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap);
2089 if (limit_out) {
2090 cnt++;
2091 total_count++;
2092 if (cnt >= 2) {
2093 /*
2094 * two from each
2095 * address
2096 */
2097 break;
2098 }
2099 if (total_count > SCTP_ADDRESS_LIMIT) {
2100 /* No more addresses */
2101 break;
2102 }
2103 }
2104 }
2105 }
2106 }
2107 } else {
2108 struct sctp_laddr *laddr;
2109
2110 cnt = cnt_inits_to;
2111 /* First, how many ? */
2112 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2113 if (laddr->ifa == NULL) {
2114 continue;
2115 }
2116 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED)
2117 /*
2118 * Address being deleted by the system, dont
2119 * list.
2120 */
2121 continue;
2122 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2123 /*
2124 * Address being deleted on this ep don't
2125 * list.
2126 */
2127 continue;
2128 }
2129 if (sctp_is_address_in_scope(laddr->ifa,
2130 scope->ipv4_addr_legal,
2131 scope->ipv6_addr_legal,
2132 scope->loopback_scope,
2133 scope->ipv4_local_scope,
2134 scope->local_scope,
2135 scope->site_scope, 1) == 0) {
2136 continue;
2137 }
2138 cnt++;
2139 }
2140 if (cnt > SCTP_ADDRESS_LIMIT) {
2141 limit_out = 1;
2142 }
2143 /*
2144 * To get through a NAT we only list addresses if we have
2145 * more than one. That way if you just bind a single address
2146 * we let the source of the init dictate our address.
2147 */
2148 if (cnt > 1) {
2149 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2150 cnt = 0;
2151 if (laddr->ifa == NULL) {
2152 continue;
2153 }
2154 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED)
2155 continue;
2156
2157 if (sctp_is_address_in_scope(laddr->ifa,
2158 scope->ipv4_addr_legal,
2159 scope->ipv6_addr_legal,
2160 scope->loopback_scope,
2161 scope->ipv4_local_scope,
2162 scope->local_scope,
2163 scope->site_scope, 0) == 0) {
2164 continue;
2165 }
2166 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa);
2167 cnt++;
2168 if (cnt >= SCTP_ADDRESS_LIMIT) {
2169 break;
2170 }
2171 }
2172 }
2173 }
2174 SCTP_IPI_ADDR_RUNLOCK();
2175 return (m_at);
2176}
2177
2178static struct sctp_ifa *
2179sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa,
2180 uint8_t dest_is_loop,
2181 uint8_t dest_is_priv,
2182 sa_family_t fam)
2183{
2184 uint8_t dest_is_global = 0;
2185
2186 /* dest_is_priv is true if destination is a private address */
2187 /* dest_is_loop is true if destination is a loopback addresses */
2188
2189 /*
2190 * Here we determine if its a preferred address. A preferred address
2191 * means it is the same scope or higher scope then the destination.
2192 * L = loopback, P = private, G = global
2193 * ----------------------------------------- src | dest | result
2194 * ---------------------------------------- L | L | yes
2195 * ----------------------------------------- P | L |
2196 * yes-v4 no-v6 ----------------------------------------- G |
2197 * L | yes-v4 no-v6 ----------------------------------------- L
2198 * | P | no ----------------------------------------- P |
2199 * P | yes ----------------------------------------- G |
2200 * P | no ----------------------------------------- L | G
2201 * | no ----------------------------------------- P | G |
2202 * no ----------------------------------------- G | G |
2203 * yes -----------------------------------------
2204 */
2205
2206 if (ifa->address.sa.sa_family != fam) {
2207 /* forget mis-matched family */
2208 return (NULL);
2209 }
2210 if ((dest_is_priv == 0) && (dest_is_loop == 0)) {
2211 dest_is_global = 1;
2212 }
2213 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:");
2214 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa);
2215 /* Ok the address may be ok */
2216 if (fam == AF_INET6) {
2217 /* ok to use deprecated addresses? no lets not! */
2218 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
2219 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n");
2220 return (NULL);
2221 }
2222 if (ifa->src_is_priv && !ifa->src_is_loop) {
2223 if (dest_is_loop) {
2224 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n");
2225 return (NULL);
2226 }
2227 }
2228 if (ifa->src_is_glob) {
2229 if (dest_is_loop) {
2230 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n");
2231 return (NULL);
2232 }
2233 }
2234 }
2235 /*
2236 * Now that we know what is what, implement or table this could in
2237 * theory be done slicker (it used to be), but this is
2238 * straightforward and easier to validate :-)
2239 */
2240 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n",
2241 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob);
2242 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n",
2243 dest_is_loop, dest_is_priv, dest_is_global);
2244
2245 if ((ifa->src_is_loop) && (dest_is_priv)) {
2246 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n");
2247 return (NULL);
2248 }
2249 if ((ifa->src_is_glob) && (dest_is_priv)) {
2250 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n");
2251 return (NULL);
2252 }
2253 if ((ifa->src_is_loop) && (dest_is_global)) {
2254 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n");
2255 return (NULL);
2256 }
2257 if ((ifa->src_is_priv) && (dest_is_global)) {
2258 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n");
2259 return (NULL);
2260 }
2261 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n");
2262 /* its a preferred address */
2263 return (ifa);
2264}
2265
2266static struct sctp_ifa *
2267sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa,
2268 uint8_t dest_is_loop,
2269 uint8_t dest_is_priv,
2270 sa_family_t fam)
2271{
2272 uint8_t dest_is_global = 0;
2273
2274 /*
2275 * Here we determine if its a acceptable address. A acceptable
2276 * address means it is the same scope or higher scope but we can
2277 * allow for NAT which means its ok to have a global dest and a
2278 * private src.
2279 *
2280 * L = loopback, P = private, G = global
2281 * ----------------------------------------- src | dest | result
2282 * ----------------------------------------- L | L | yes
2283 * ----------------------------------------- P | L |
2284 * yes-v4 no-v6 ----------------------------------------- G |
2285 * L | yes ----------------------------------------- L |
2286 * P | no ----------------------------------------- P | P
2287 * | yes ----------------------------------------- G | P
2288 * | yes - May not work -----------------------------------------
2289 * L | G | no ----------------------------------------- P
2290 * | G | yes - May not work
2291 * ----------------------------------------- G | G | yes
2292 * -----------------------------------------
2293 */
2294
2295 if (ifa->address.sa.sa_family != fam) {
2296 /* forget non matching family */
2297 return (NULL);
2298 }
2299 /* Ok the address may be ok */
2300 if ((dest_is_loop == 0) && (dest_is_priv == 0)) {
2301 dest_is_global = 1;
2302 }
2303 if (fam == AF_INET6) {
2304 /* ok to use deprecated addresses? */
2305 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
2306 return (NULL);
2307 }
2308 if (ifa->src_is_priv) {
2309 /* Special case, linklocal to loop */
2310 if (dest_is_loop)
2311 return (NULL);
2312 }
2313 }
2314 /*
2315 * Now that we know what is what, implement our table. This could in
2316 * theory be done slicker (it used to be), but this is
2317 * straightforward and easier to validate :-)
2318 */
2319 if ((ifa->src_is_loop == 1) && (dest_is_priv)) {
2320 return (NULL);
2321 }
2322 if ((ifa->src_is_loop == 1) && (dest_is_global)) {
2323 return (NULL);
2324 }
2325 /* its an acceptable address */
2326 return (ifa);
2327}
2328
2329int
2330sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
2331{
2332 struct sctp_laddr *laddr;
2333
2334 if (stcb == NULL) {
2335 /* There are no restrictions, no TCB :-) */
2336 return (0);
2337 }
2338 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
2339 if (laddr->ifa == NULL) {
2340 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
2341 __FUNCTION__);
2342 continue;
2343 }
2344 if (laddr->ifa == ifa) {
2345 /* Yes it is on the list */
2346 return (1);
2347 }
2348 }
2349 return (0);
2350}
2351
2352
2353int
2354sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
2355{
2356 struct sctp_laddr *laddr;
2357
2358 if (ifa == NULL)
2359 return (0);
2360 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2361 if (laddr->ifa == NULL) {
2362 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
2363 __FUNCTION__);
2364 continue;
2365 }
2366 if ((laddr->ifa == ifa) && laddr->action == 0)
2367 /* same pointer */
2368 return (1);
2369 }
2370 return (0);
2371}
2372
2373
2374
2375static struct sctp_ifa *
2376sctp_choose_boundspecific_inp(struct sctp_inpcb *inp,
2377 sctp_route_t * ro,
2378 uint32_t vrf_id,
2379 int non_asoc_addr_ok,
2380 uint8_t dest_is_priv,
2381 uint8_t dest_is_loop,
2382 sa_family_t fam)
2383{
2384 struct sctp_laddr *laddr, *starting_point;
2385 void *ifn;
2386 int resettotop = 0;
2387 struct sctp_ifn *sctp_ifn;
2388 struct sctp_ifa *sctp_ifa, *sifa;
2389 struct sctp_vrf *vrf;
2390 uint32_t ifn_index;
2391
2392 vrf = sctp_find_vrf(vrf_id);
2393 if (vrf == NULL)
2394 return (NULL);
2395
2396 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
2397 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
2398 sctp_ifn = sctp_find_ifn(ifn, ifn_index);
2399 /*
2400 * first question, is the ifn we will emit on in our list, if so, we
2401 * want such an address. Note that we first looked for a preferred
2402 * address.
2403 */
2404 if (sctp_ifn) {
2405 /* is a preferred one on the interface we route out? */
2406 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2407 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2408 (non_asoc_addr_ok == 0))
2409 continue;
2410 sifa = sctp_is_ifa_addr_preferred(sctp_ifa,
2411 dest_is_loop,
2412 dest_is_priv, fam);
2413 if (sifa == NULL)
2414 continue;
2415 if (sctp_is_addr_in_ep(inp, sifa)) {
2416 atomic_add_int(&sifa->refcount, 1);
2417 return (sifa);
2418 }
2419 }
2420 }
2421 /*
2422 * ok, now we now need to find one on the list of the addresses. We
2423 * can't get one on the emitting interface so let's find first a
2424 * preferred one. If not that an acceptable one otherwise... we
2425 * return NULL.
2426 */
2427 starting_point = inp->next_addr_touse;
2428once_again:
2429 if (inp->next_addr_touse == NULL) {
2430 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
2431 resettotop = 1;
2432 }
2433 for (laddr = inp->next_addr_touse; laddr;
2434 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2435 if (laddr->ifa == NULL) {
2436 /* address has been removed */
2437 continue;
2438 }
2439 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2440 /* address is being deleted */
2441 continue;
2442 }
2443 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop,
2444 dest_is_priv, fam);
2445 if (sifa == NULL)
2446 continue;
2447 atomic_add_int(&sifa->refcount, 1);
2448 return (sifa);
2449 }
2450 if (resettotop == 0) {
2451 inp->next_addr_touse = NULL;
2452 goto once_again;
2453 }
2454 inp->next_addr_touse = starting_point;
2455 resettotop = 0;
2456once_again_too:
2457 if (inp->next_addr_touse == NULL) {
2458 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
2459 resettotop = 1;
2460 }
2461 /* ok, what about an acceptable address in the inp */
2462 for (laddr = inp->next_addr_touse; laddr;
2463 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2464 if (laddr->ifa == NULL) {
2465 /* address has been removed */
2466 continue;
2467 }
2468 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2469 /* address is being deleted */
2470 continue;
2471 }
2472 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
2473 dest_is_priv, fam);
2474 if (sifa == NULL)
2475 continue;
2476 atomic_add_int(&sifa->refcount, 1);
2477 return (sifa);
2478 }
2479 if (resettotop == 0) {
2480 inp->next_addr_touse = NULL;
2481 goto once_again_too;
2482 }
2483 /*
2484 * no address bound can be a source for the destination we are in
2485 * trouble
2486 */
2487 return (NULL);
2488}
2489
2490
2491
2492static struct sctp_ifa *
2493sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp,
2494 struct sctp_tcb *stcb,
2495 struct sctp_nets *net,
2496 sctp_route_t * ro,
2497 uint32_t vrf_id,
2498 uint8_t dest_is_priv,
2499 uint8_t dest_is_loop,
2500 int non_asoc_addr_ok,
2501 sa_family_t fam)
2502{
2503 struct sctp_laddr *laddr, *starting_point;
2504 void *ifn;
2505 struct sctp_ifn *sctp_ifn;
2506 struct sctp_ifa *sctp_ifa, *sifa;
2507 uint8_t start_at_beginning = 0;
2508 struct sctp_vrf *vrf;
2509 uint32_t ifn_index;
2510
2511 /*
2512 * first question, is the ifn we will emit on in our list, if so, we
2513 * want that one.
2514 */
2515 vrf = sctp_find_vrf(vrf_id);
2516 if (vrf == NULL)
2517 return (NULL);
2518
2519 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
2520 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
2521 sctp_ifn = sctp_find_ifn(ifn, ifn_index);
2522
2523 /*
2524 * first question, is the ifn we will emit on in our list? If so,
2525 * we want that one. First we look for a preferred. Second, we go
2526 * for an acceptable.
2527 */
2528 if (sctp_ifn) {
2529 /* first try for a preferred address on the ep */
2530 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2531 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
2532 continue;
2533 if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
2534 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam);
2535 if (sifa == NULL)
2536 continue;
2537 if (((non_asoc_addr_ok == 0) &&
2538 (sctp_is_addr_restricted(stcb, sifa))) ||
2539 (non_asoc_addr_ok &&
2540 (sctp_is_addr_restricted(stcb, sifa)) &&
2541 (!sctp_is_addr_pending(stcb, sifa)))) {
2542 /* on the no-no list */
2543 continue;
2544 }
2545 atomic_add_int(&sifa->refcount, 1);
2546 return (sifa);
2547 }
2548 }
2549 /* next try for an acceptable address on the ep */
2550 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2551 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
2552 continue;
2553 if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
2554 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam);
2555 if (sifa == NULL)
2556 continue;
2557 if (((non_asoc_addr_ok == 0) &&
2558 (sctp_is_addr_restricted(stcb, sifa))) ||
2559 (non_asoc_addr_ok &&
2560 (sctp_is_addr_restricted(stcb, sifa)) &&
2561 (!sctp_is_addr_pending(stcb, sifa)))) {
2562 /* on the no-no list */
2563 continue;
2564 }
2565 atomic_add_int(&sifa->refcount, 1);
2566 return (sifa);
2567 }
2568 }
2569
2570 }
2571 /*
2572 * if we can't find one like that then we must look at all addresses
2573 * bound to pick one at first preferable then secondly acceptable.
2574 */
2575 starting_point = stcb->asoc.last_used_address;
2576sctp_from_the_top:
2577 if (stcb->asoc.last_used_address == NULL) {
2578 start_at_beginning = 1;
2579 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
2580 }
2581 /* search beginning with the last used address */
2582 for (laddr = stcb->asoc.last_used_address; laddr;
2583 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2584 if (laddr->ifa == NULL) {
2585 /* address has been removed */
2586 continue;
2587 }
2588 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2589 /* address is being deleted */
2590 continue;
2591 }
2592 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam);
2593 if (sifa == NULL)
2594 continue;
2595 if (((non_asoc_addr_ok == 0) &&
2596 (sctp_is_addr_restricted(stcb, sifa))) ||
2597 (non_asoc_addr_ok &&
2598 (sctp_is_addr_restricted(stcb, sifa)) &&
2599 (!sctp_is_addr_pending(stcb, sifa)))) {
2600 /* on the no-no list */
2601 continue;
2602 }
2603 stcb->asoc.last_used_address = laddr;
2604 atomic_add_int(&sifa->refcount, 1);
2605 return (sifa);
2606 }
2607 if (start_at_beginning == 0) {
2608 stcb->asoc.last_used_address = NULL;
2609 goto sctp_from_the_top;
2610 }
2611 /* now try for any higher scope than the destination */
2612 stcb->asoc.last_used_address = starting_point;
2613 start_at_beginning = 0;
2614sctp_from_the_top2:
2615 if (stcb->asoc.last_used_address == NULL) {
2616 start_at_beginning = 1;
2617 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
2618 }
2619 /* search beginning with the last used address */
2620 for (laddr = stcb->asoc.last_used_address; laddr;
2621 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2622 if (laddr->ifa == NULL) {
2623 /* address has been removed */
2624 continue;
2625 }
2626 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2627 /* address is being deleted */
2628 continue;
2629 }
2630 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
2631 dest_is_priv, fam);
2632 if (sifa == NULL)
2633 continue;
2634 if (((non_asoc_addr_ok == 0) &&
2635 (sctp_is_addr_restricted(stcb, sifa))) ||
2636 (non_asoc_addr_ok &&
2637 (sctp_is_addr_restricted(stcb, sifa)) &&
2638 (!sctp_is_addr_pending(stcb, sifa)))) {
2639 /* on the no-no list */
2640 continue;
2641 }
2642 stcb->asoc.last_used_address = laddr;
2643 atomic_add_int(&sifa->refcount, 1);
2644 return (sifa);
2645 }
2646 if (start_at_beginning == 0) {
2647 stcb->asoc.last_used_address = NULL;
2648 goto sctp_from_the_top2;
2649 }
2650 return (NULL);
2651}
2652
2653static struct sctp_ifa *
2654sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn,
2655 struct sctp_tcb *stcb,
2656 int non_asoc_addr_ok,
2657 uint8_t dest_is_loop,
2658 uint8_t dest_is_priv,
2659 int addr_wanted,
2660 sa_family_t fam,
2661 sctp_route_t * ro
2662)
2663{
2664 struct sctp_ifa *ifa, *sifa;
2665 int num_eligible_addr = 0;
2666
2667#ifdef INET6
2668 struct sockaddr_in6 sin6, lsa6;
2669
2670 if (fam == AF_INET6) {
2671 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6));
2672 (void)sa6_recoverscope(&sin6);
2673 }
2674#endif /* INET6 */
2675 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
2676 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2677 (non_asoc_addr_ok == 0))
2678 continue;
2679 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
2680 dest_is_priv, fam);
2681 if (sifa == NULL)
2682 continue;
2683#ifdef INET6
2684 if (fam == AF_INET6 &&
2685 dest_is_loop &&
2686 sifa->src_is_loop && sifa->src_is_priv) {
2687 /*
2688 * don't allow fe80::1 to be a src on loop ::1, we
2689 * don't list it to the peer so we will get an
2690 * abort.
2691 */
2692 continue;
2693 }
2694 if (fam == AF_INET6 &&
2695 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) &&
2696 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
2697 /*
2698 * link-local <-> link-local must belong to the same
2699 * scope.
2700 */
2701 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6));
2702 (void)sa6_recoverscope(&lsa6);
2703 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) {
2704 continue;
2705 }
2706 }
2707#endif /* INET6 */
2708
2709 /*
2710 * Check if the IPv6 address matches to next-hop. In the
2711 * mobile case, old IPv6 address may be not deleted from the
2712 * interface. Then, the interface has previous and new
2713 * addresses. We should use one corresponding to the
2714 * next-hop. (by micchie)
2715 */
2716#ifdef INET6
2717 if (stcb && fam == AF_INET6 &&
2718 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
2719 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro)
2720 == 0) {
2721 continue;
2722 }
2723 }
2724#endif
2725 /* Avoid topologically incorrect IPv4 address */
2726 if (stcb && fam == AF_INET &&
2727 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
2728 if (sctp_v4src_match_nexthop(sifa, ro) == 0) {
2729 continue;
2730 }
2731 }
2732 if (stcb) {
2733 if (((non_asoc_addr_ok == 0) &&
2734 (sctp_is_addr_restricted(stcb, sifa))) ||
2735 (non_asoc_addr_ok &&
2736 (sctp_is_addr_restricted(stcb, sifa)) &&
2737 (!sctp_is_addr_pending(stcb, sifa)))) {
2738 /*
2739 * It is restricted for some reason..
2740 * probably not yet added.
2741 */
2742 continue;
2743 }
2744 }
2745 if (num_eligible_addr >= addr_wanted) {
2746 return (sifa);
2747 }
2748 num_eligible_addr++;
2749 }
2750 return (NULL);
2751}
2752
2753
2754static int
2755sctp_count_num_preferred_boundall(struct sctp_ifn *ifn,
2756 struct sctp_tcb *stcb,
2757 int non_asoc_addr_ok,
2758 uint8_t dest_is_loop,
2759 uint8_t dest_is_priv,
2760 sa_family_t fam)
2761{
2762 struct sctp_ifa *ifa, *sifa;
2763 int num_eligible_addr = 0;
2764
2765 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
2766 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2767 (non_asoc_addr_ok == 0)) {
2768 continue;
2769 }
2770 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
2771 dest_is_priv, fam);
2772 if (sifa == NULL) {
2773 continue;
2774 }
2775 if (stcb) {
2776 if (((non_asoc_addr_ok == 0) &&
2777 (sctp_is_addr_restricted(stcb, sifa))) ||
2778 (non_asoc_addr_ok &&
2779 (sctp_is_addr_restricted(stcb, sifa)) &&
2780 (!sctp_is_addr_pending(stcb, sifa)))) {
2781 /*
2782 * It is restricted for some reason..
2783 * probably not yet added.
2784 */
2785 continue;
2786 }
2787 }
2788 num_eligible_addr++;
2789 }
2790 return (num_eligible_addr);
2791}
2792
2793static struct sctp_ifa *
2794sctp_choose_boundall(struct sctp_inpcb *inp,
2795 struct sctp_tcb *stcb,
2796 struct sctp_nets *net,
2797 sctp_route_t * ro,
2798 uint32_t vrf_id,
2799 uint8_t dest_is_priv,
2800 uint8_t dest_is_loop,
2801 int non_asoc_addr_ok,
2802 sa_family_t fam)
2803{
2804 int cur_addr_num = 0, num_preferred = 0;
2805 void *ifn;
2806 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn;
2807 struct sctp_ifa *sctp_ifa, *sifa;
2808 uint32_t ifn_index;
2809 struct sctp_vrf *vrf;
2810
2811 /*-
2812 * For boundall we can use any address in the association.
2813 * If non_asoc_addr_ok is set we can use any address (at least in
2814 * theory). So we look for preferred addresses first. If we find one,
2815 * we use it. Otherwise we next try to get an address on the
2816 * interface, which we should be able to do (unless non_asoc_addr_ok
2817 * is false and we are routed out that way). In these cases where we
2818 * can't use the address of the interface we go through all the
2819 * ifn's looking for an address we can use and fill that in. Punting
2820 * means we send back address 0, which will probably cause problems
2821 * actually since then IP will fill in the address of the route ifn,
2822 * which means we probably already rejected it.. i.e. here comes an
2823 * abort :-<.
2824 */
2825 vrf = sctp_find_vrf(vrf_id);
2826 if (vrf == NULL)
2827 return (NULL);
2828
2829 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
2830 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
2831 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index);
2832 if (sctp_ifn == NULL) {
2833 /* ?? We don't have this guy ?? */
2834 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No ifn emit interface?\n");
2835 goto bound_all_plan_b;
2836 }
2837 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn_index:%d name:%s is emit interface\n",
2838 ifn_index, sctp_ifn->ifn_name);
2839
2840 if (net) {
2841 cur_addr_num = net->indx_of_eligible_next_to_use;
2842 }
2843 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn,
2844 stcb,
2845 non_asoc_addr_ok,
2846 dest_is_loop,
2847 dest_is_priv, fam);
2848 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n",
2849 num_preferred, sctp_ifn->ifn_name);
2850 if (num_preferred == 0) {
2851 /*
2852 * no eligible addresses, we must use some other interface
2853 * address if we can find one.
2854 */
2855 goto bound_all_plan_b;
2856 }
2857 /*
2858 * Ok we have num_eligible_addr set with how many we can use, this
2859 * may vary from call to call due to addresses being deprecated
2860 * etc..
2861 */
2862 if (cur_addr_num >= num_preferred) {
2863 cur_addr_num = 0;
2864 }
2865 /*
2866 * select the nth address from the list (where cur_addr_num is the
2867 * nth) and 0 is the first one, 1 is the second one etc...
2868 */
2869 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num);
2870
2871 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop,
2872 dest_is_priv, cur_addr_num, fam, ro);
2873
2874 /* if sctp_ifa is NULL something changed??, fall to plan b. */
2875 if (sctp_ifa) {
2876 atomic_add_int(&sctp_ifa->refcount, 1);
2877 if (net) {
2878 /* save off where the next one we will want */
2879 net->indx_of_eligible_next_to_use = cur_addr_num + 1;
2880 }
2881 return (sctp_ifa);
2882 }
2883 /*
2884 * plan_b: Look at all interfaces and find a preferred address. If
2885 * no preferred fall through to plan_c.
2886 */
2887bound_all_plan_b:
2888 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n");
2889 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
2890 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n",
2891 sctp_ifn->ifn_name);
2892 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
2893 /* wrong base scope */
2894 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n");
2895 continue;
2896 }
2897 if ((sctp_ifn == looked_at) && looked_at) {
2898 /* already looked at this guy */
2899 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n");
2900 continue;
2901 }
2902 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, stcb, non_asoc_addr_ok,
2903 dest_is_loop, dest_is_priv, fam);
2904 SCTPDBG(SCTP_DEBUG_OUTPUT2,
2905 "Found ifn:%p %d preferred source addresses\n",
2906 ifn, num_preferred);
2907 if (num_preferred == 0) {
2908 /* None on this interface. */
2909 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n");
2910 continue;
2911 }
2912 SCTPDBG(SCTP_DEBUG_OUTPUT2,
2913 "num preferred:%d on interface:%p cur_addr_num:%d\n",
2914 num_preferred, sctp_ifn, cur_addr_num);
2915
2916 /*
2917 * Ok we have num_eligible_addr set with how many we can
2918 * use, this may vary from call to call due to addresses
2919 * being deprecated etc..
2920 */
2921 if (cur_addr_num >= num_preferred) {
2922 cur_addr_num = 0;
2923 }
2924 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop,
2925 dest_is_priv, cur_addr_num, fam, ro);
2926 if (sifa == NULL)
2927 continue;
2928 if (net) {
2929 net->indx_of_eligible_next_to_use = cur_addr_num + 1;
2930 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n",
2931 cur_addr_num);
2932 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:");
2933 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
2934 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:");
2935 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa);
2936 }
2937 atomic_add_int(&sifa->refcount, 1);
2938 return (sifa);
2939
2940 }
2941
2942 /* plan_c: do we have an acceptable address on the emit interface */
2943 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan C: find acceptable on interface\n");
2944 if (emit_ifn == NULL) {
2945 goto plan_d;
2946 }
2947 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) {
2948 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2949 (non_asoc_addr_ok == 0))
2950 continue;
2951 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop,
2952 dest_is_priv, fam);
2953 if (sifa == NULL)
2954 continue;
2955 if (stcb) {
2956 if (((non_asoc_addr_ok == 0) &&
2957 (sctp_is_addr_restricted(stcb, sifa))) ||
2958 (non_asoc_addr_ok &&
2959 (sctp_is_addr_restricted(stcb, sifa)) &&
2960 (!sctp_is_addr_pending(stcb, sifa)))) {
2961 /*
2962 * It is restricted for some reason..
2963 * probably not yet added.
2964 */
2965 continue;
2966 }
2967 }
2968 atomic_add_int(&sifa->refcount, 1);
2969 return (sifa);
2970 }
2971plan_d:
2972 /*
2973 * plan_d: We are in trouble. No preferred address on the emit
2974 * interface. And not even a preferred address on all interfaces. Go
2975 * out and see if we can find an acceptable address somewhere
2976 * amongst all interfaces.
2977 */
2978 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D\n");
2979 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
2980 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
2981 /* wrong base scope */
2982 continue;
2983 }
2984 if ((sctp_ifn == looked_at) && looked_at)
2985 /* already looked at this guy */
2986 continue;
2987
2988 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2989 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2990 (non_asoc_addr_ok == 0))
2991 continue;
2992 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa,
2993 dest_is_loop,
2994 dest_is_priv, fam);
2995 if (sifa == NULL)
2996 continue;
2997 if (stcb) {
2998 if (((non_asoc_addr_ok == 0) &&
2999 (sctp_is_addr_restricted(stcb, sifa))) ||
3000 (non_asoc_addr_ok &&
3001 (sctp_is_addr_restricted(stcb, sifa)) &&
3002 (!sctp_is_addr_pending(stcb, sifa)))) {
3003 /*
3004 * It is restricted for some
3005 * reason.. probably not yet added.
3006 */
3007 continue;
3008 }
3009 }
3010 atomic_add_int(&sifa->refcount, 1);
3011 return (sifa);
3012 }
3013 }
3014 /*
3015 * Ok we can find NO address to source from that is not on our
3016 * restricted list and non_asoc_address is NOT ok, or it is on our
3017 * restricted list. We can't source to it :-(
3018 */
3019 return (NULL);
3020}
3021
3022
3023
3024/* tcb may be NULL */
3025struct sctp_ifa *
3026sctp_source_address_selection(struct sctp_inpcb *inp,
3027 struct sctp_tcb *stcb,
3028 sctp_route_t * ro,
3029 struct sctp_nets *net,
3030 int non_asoc_addr_ok, uint32_t vrf_id)
3031{
3032 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst;
3033
3034#ifdef INET6
3035 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst;
3036
3037#endif
3038 struct sctp_ifa *answer;
3039 uint8_t dest_is_priv, dest_is_loop;
3040 sa_family_t fam;
3041
3042 /*-
3043 * Rules: - Find the route if needed, cache if I can. - Look at
3044 * interface address in route, Is it in the bound list. If so we
3045 * have the best source. - If not we must rotate amongst the
3046 * addresses.
3047 *
3048 * Cavets and issues
3049 *
3050 * Do we need to pay attention to scope. We can have a private address
3051 * or a global address we are sourcing or sending to. So if we draw
3052 * it out
3053 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
3054 * For V4
3055 * ------------------------------------------
3056 * source * dest * result
3057 * -----------------------------------------
3058 * <a> Private * Global * NAT
3059 * -----------------------------------------
3060 * <b> Private * Private * No problem
3061 * -----------------------------------------
3062 * <c> Global * Private * Huh, How will this work?
3063 * -----------------------------------------
3064 * <d> Global * Global * No Problem
3065 *------------------------------------------
3066 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
3067 * For V6
3068 *------------------------------------------
3069 * source * dest * result
3070 * -----------------------------------------
3071 * <a> Linklocal * Global *
3072 * -----------------------------------------
3073 * <b> Linklocal * Linklocal * No problem
3074 * -----------------------------------------
3075 * <c> Global * Linklocal * Huh, How will this work?
3076 * -----------------------------------------
3077 * <d> Global * Global * No Problem
3078 *------------------------------------------
3079 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
3080 *
3081 * And then we add to that what happens if there are multiple addresses
3082 * assigned to an interface. Remember the ifa on a ifn is a linked
3083 * list of addresses. So one interface can have more than one IP
3084 * address. What happens if we have both a private and a global
3085 * address? Do we then use context of destination to sort out which
3086 * one is best? And what about NAT's sending P->G may get you a NAT
3087 * translation, or should you select the G thats on the interface in
3088 * preference.
3089 *
3090 * Decisions:
3091 *
3092 * - count the number of addresses on the interface.
3093 * - if it is one, no problem except case <c>.
3094 * For <a> we will assume a NAT out there.
3095 * - if there are more than one, then we need to worry about scope P
3096 * or G. We should prefer G -> G and P -> P if possible.
3097 * Then as a secondary fall back to mixed types G->P being a last
3098 * ditch one.
3099 * - The above all works for bound all, but bound specific we need to
3100 * use the same concept but instead only consider the bound
3101 * addresses. If the bound set is NOT assigned to the interface then
3102 * we must use rotation amongst the bound addresses..
3103 */
3104 if (ro->ro_rt == NULL) {
3105 /*
3106 * Need a route to cache.
3107 */
3108 SCTP_RTALLOC(ro, vrf_id);
3109 }
3110 if (ro->ro_rt == NULL) {
3111 return (NULL);
3112 }
3113 fam = to->sin_family;
3114 dest_is_priv = dest_is_loop = 0;
3115 /* Setup our scopes for the destination */
3116 switch (fam) {
3117 case AF_INET:
3118 /* Scope based on outbound address */
3119 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) {
3120 dest_is_loop = 1;
3121 if (net != NULL) {
3122 /* mark it as local */
3123 net->addr_is_local = 1;
3124 }
3125 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) {
3126 dest_is_priv = 1;
3127 }
3128 break;
3129#ifdef INET6
3130 case AF_INET6:
3131 /* Scope based on outbound address */
3132 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) ||
3133 SCTP_ROUTE_IS_REAL_LOOP(ro)) {
3134 /*
3135 * If the address is a loopback address, which
3136 * consists of "::1" OR "fe80::1%lo0", we are
3137 * loopback scope. But we don't use dest_is_priv
3138 * (link local addresses).
3139 */
3140 dest_is_loop = 1;
3141 if (net != NULL) {
3142 /* mark it as local */
3143 net->addr_is_local = 1;
3144 }
3145 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) {
3146 dest_is_priv = 1;
3147 }
3148 break;
3149#endif
3150 }
3151 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:");
3152 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)to);
3153 SCTP_IPI_ADDR_RLOCK();
3154 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
3155 /*
3156 * Bound all case
3157 */
3158 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id,
3159 dest_is_priv, dest_is_loop,
3160 non_asoc_addr_ok, fam);
3161 SCTP_IPI_ADDR_RUNLOCK();
3162 return (answer);
3163 }
3164 /*
3165 * Subset bound case
3166 */
3167 if (stcb) {
3168 answer = sctp_choose_boundspecific_stcb(inp, stcb, net, ro,
3169 vrf_id, dest_is_priv,
3170 dest_is_loop,
3171 non_asoc_addr_ok, fam);
3172 } else {
3173 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id,
3174 non_asoc_addr_ok,
3175 dest_is_priv,
3176 dest_is_loop, fam);
3177 }
3178 SCTP_IPI_ADDR_RUNLOCK();
3179 return (answer);
3180}
3181
3182static int
3183sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize)
3184{
3185 struct cmsghdr cmh;
3186 int tlen, at;
3187
3188 tlen = SCTP_BUF_LEN(control);
3189 at = 0;
3190 /*
3191 * Independent of how many mbufs, find the c_type inside the control
3192 * structure and copy out the data.
3193 */
3194 while (at < tlen) {
3195 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) {
3196 /* not enough room for one more we are done. */
3197 return (0);
3198 }
3199 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh);
3200 if (((int)cmh.cmsg_len + at) > tlen) {
3201 /*
3202 * this is real messed up since there is not enough
3203 * data here to cover the cmsg header. We are done.
3204 */
3205 return (0);
3206 }
3207 if ((cmh.cmsg_level == IPPROTO_SCTP) &&
3208 (c_type == cmh.cmsg_type)) {
3209 /* found the one we want, copy it out */
3210 at += CMSG_ALIGN(sizeof(struct cmsghdr));
3211 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) {
3212 /*
3213 * space of cmsg_len after header not big
3214 * enough
3215 */
3216 return (0);
3217 }
3218 m_copydata(control, at, cpsize, data);
3219 return (1);
3220 } else {
3221 at += CMSG_ALIGN(cmh.cmsg_len);
3222 if (cmh.cmsg_len == 0) {
3223 break;
3224 }
3225 }
3226 }
3227 /* not found */
3228 return (0);
3229}
3230
3231static struct mbuf *
3232sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset,
3233 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t ** signature)
3234{
3235 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret;
3236 struct sctp_state_cookie *stc;
3237 struct sctp_paramhdr *ph;
3238 uint8_t *foo;
3239 int sig_offset;
3240 uint16_t cookie_sz;
3241
3242 mret = NULL;
3243 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) +
3244 sizeof(struct sctp_paramhdr)), 0,
3245 M_DONTWAIT, 1, MT_DATA);
3246 if (mret == NULL) {
3247 return (NULL);
3248 }
3249 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_DONTWAIT);
3250 if (copy_init == NULL) {
3251 sctp_m_freem(mret);
3252 return (NULL);
3253 }
3254#ifdef SCTP_MBUF_LOGGING
3255 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
3256 struct mbuf *mat;
3257
3258 mat = copy_init;
3259 while (mat) {
3260 if (SCTP_BUF_IS_EXTENDED(mat)) {
3261 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
3262 }
3263 mat = SCTP_BUF_NEXT(mat);
3264 }
3265 }
3266#endif
3267 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL,
3268 M_DONTWAIT);
3269 if (copy_initack == NULL) {
3270 sctp_m_freem(mret);
3271 sctp_m_freem(copy_init);
3272 return (NULL);
3273 }
3274#ifdef SCTP_MBUF_LOGGING
3275 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
3276 struct mbuf *mat;
3277
3278 mat = copy_initack;
3279 while (mat) {
3280 if (SCTP_BUF_IS_EXTENDED(mat)) {
3281 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
3282 }
3283 mat = SCTP_BUF_NEXT(mat);
3284 }
3285 }
3286#endif
3287 /* easy side we just drop it on the end */
3288 ph = mtod(mret, struct sctp_paramhdr *);
3289 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) +
3290 sizeof(struct sctp_paramhdr);
3291 stc = (struct sctp_state_cookie *)((caddr_t)ph +
3292 sizeof(struct sctp_paramhdr));
3293 ph->param_type = htons(SCTP_STATE_COOKIE);
3294 ph->param_length = 0; /* fill in at the end */
3295 /* Fill in the stc cookie data */
3296 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie));
3297
3298 /* tack the INIT and then the INIT-ACK onto the chain */
3299 cookie_sz = 0;
3300 m_at = mret;
3301 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3302 cookie_sz += SCTP_BUF_LEN(m_at);
3303 if (SCTP_BUF_NEXT(m_at) == NULL) {
3304 SCTP_BUF_NEXT(m_at) = copy_init;
3305 break;
3306 }
3307 }
3308
3309 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3310 cookie_sz += SCTP_BUF_LEN(m_at);
3311 if (SCTP_BUF_NEXT(m_at) == NULL) {
3312 SCTP_BUF_NEXT(m_at) = copy_initack;
3313 break;
3314 }
3315 }
3316
3317 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3318 cookie_sz += SCTP_BUF_LEN(m_at);
3319 if (SCTP_BUF_NEXT(m_at) == NULL) {
3320 break;
3321 }
3322 }
3323 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_DONTWAIT, 1, MT_DATA);
3324 if (sig == NULL) {
3325 /* no space, so free the entire chain */
3326 sctp_m_freem(mret);
3327 return (NULL);
3328 }
3329 SCTP_BUF_LEN(sig) = 0;
3330 SCTP_BUF_NEXT(m_at) = sig;
3331 sig_offset = 0;
3332 foo = (uint8_t *) (mtod(sig, caddr_t)+sig_offset);
3333 memset(foo, 0, SCTP_SIGNATURE_SIZE);
3334 *signature = foo;
3335 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE;
3336 cookie_sz += SCTP_SIGNATURE_SIZE;
3337 ph->param_length = htons(cookie_sz);
3338 return (mret);
3339}
3340
3341
3342static uint8_t
3343sctp_get_ect(struct sctp_tcb *stcb,
3344 struct sctp_tmit_chunk *chk)
3345{
3346 uint8_t this_random;
3347
3348 /* Huh? */
3349 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 0)
3350 return (0);
3351
3352 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce) == 0)
3353 /* no nonce, always return ECT0 */
3354 return (SCTP_ECT0_BIT);
3355
3356 if (stcb->asoc.peer_supports_ecn_nonce == 0) {
3357 /* Peer does NOT support it, so we send a ECT0 only */
3358 return (SCTP_ECT0_BIT);
3359 }
3360 if (chk == NULL)
3361 return (SCTP_ECT0_BIT);
3362
3363 if ((stcb->asoc.hb_random_idx > 3) ||
3364 ((stcb->asoc.hb_random_idx == 3) &&
3365 (stcb->asoc.hb_ect_randombit > 7))) {
3366 uint32_t rndval;
3367
3368warp_drive_sa:
3369 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
3370 memcpy(stcb->asoc.hb_random_values, &rndval,
3371 sizeof(stcb->asoc.hb_random_values));
3372 this_random = stcb->asoc.hb_random_values[0];
3373 stcb->asoc.hb_random_idx = 0;
3374 stcb->asoc.hb_ect_randombit = 0;
3375 } else {
3376 if (stcb->asoc.hb_ect_randombit > 7) {
3377 stcb->asoc.hb_ect_randombit = 0;
3378 stcb->asoc.hb_random_idx++;
3379 if (stcb->asoc.hb_random_idx > 3) {
3380 goto warp_drive_sa;
3381 }
3382 }
3383 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
3384 }
3385 if ((this_random >> stcb->asoc.hb_ect_randombit) & 0x01) {
3386 if (chk != NULL)
3387 /* ECN Nonce stuff */
3388 chk->rec.data.ect_nonce = SCTP_ECT1_BIT;
3389 stcb->asoc.hb_ect_randombit++;
3390 return (SCTP_ECT1_BIT);
3391 } else {
3392 stcb->asoc.hb_ect_randombit++;
3393 return (SCTP_ECT0_BIT);
3394 }
3395}
3396
3397static int
3398sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
3399 struct sctp_tcb *stcb, /* may be NULL */
3400 struct sctp_nets *net,
3401 struct sockaddr *to,
3402 struct mbuf *m,
3403 uint32_t auth_offset,
3404 struct sctp_auth_chunk *auth,
3405 uint16_t auth_keyid,
3406 int nofragment_flag,
3407 int ecn_ok,
3408 struct sctp_tmit_chunk *chk,
3409 int out_of_asoc_ok,
3410 uint16_t src_port,
3411 uint16_t dest_port,
3412 uint32_t v_tag,
3413 uint16_t port,
3414 int so_locked,
3415#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
3416 SCTP_UNUSED
3417#endif
3418 union sctp_sockstore *over_addr
3419)
3420/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */
3421{
3422 /*
3423 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet
3424 * header WITH an SCTPHDR but no IP header, endpoint inp and sa
3425 * structure: - fill in the HMAC digest of any AUTH chunk in the
3426 * packet. - calculate and fill in the SCTP checksum. - prepend an
3427 * IP address header. - if boundall use INADDR_ANY. - if
3428 * boundspecific do source address selection. - set fragmentation
3429 * option for ipV4. - On return from IP output, check/adjust mtu
3430 * size of output interface and smallest_mtu size as well.
3431 */
3432 /* Will need ifdefs around this */
3433 struct mbuf *o_pak;
3434 struct mbuf *newm;
3435 struct sctphdr *sctphdr;
3436 int packet_length;
3437 int ret;
3438 uint32_t vrf_id;
3439 sctp_route_t *ro = NULL;
3440 struct udphdr *udp = NULL;
3441
3442#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3443 struct socket *so = NULL;
3444
3445#endif
3446
3447 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) {
3448 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
3449 sctp_m_freem(m);
3450 return (EFAULT);
3451 }
3452 if (stcb) {
3453 vrf_id = stcb->asoc.vrf_id;
3454 } else {
3455 vrf_id = inp->def_vrf_id;
3456 }
3457
3458 /* fill in the HMAC digest for any AUTH chunk in the packet */
3459 if ((auth != NULL) && (stcb != NULL)) {
3460 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid);
3461 }
3462 if (to->sa_family == AF_INET) {
3463 struct ip *ip = NULL;
3464 sctp_route_t iproute;
3465 uint8_t tos_value;
3466 int len;
3467
3468 len = sizeof(struct ip) + sizeof(struct sctphdr);
3469 if (port) {
3470 len += sizeof(struct udphdr);
3471 }
3472 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA);
3473 if (newm == NULL) {
3474 sctp_m_freem(m);
3475 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3476 return (ENOMEM);
3477 }
3478 SCTP_ALIGN_TO_END(newm, len);
3479 SCTP_BUF_LEN(newm) = len;
3480 SCTP_BUF_NEXT(newm) = m;
3481 m = newm;
3482 packet_length = sctp_calculate_len(m);
3483 ip = mtod(m, struct ip *);
3484 ip->ip_v = IPVERSION;
3485 ip->ip_hl = (sizeof(struct ip) >> 2);
3486 if (net) {
3487 tos_value = net->tos_flowlabel & 0x000000ff;
3488 } else {
3489 tos_value = inp->ip_inp.inp.inp_ip_tos;
3490 }
3491 if ((nofragment_flag) && (port == 0)) {
3492 ip->ip_off = IP_DF;
3493 } else
3494 ip->ip_off = 0;
3495
3496 /* FreeBSD has a function for ip_id's */
3497 ip->ip_id = ip_newid();
3498
3499 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl;
3500 ip->ip_len = packet_length;
3501 if (stcb) {
3502 if ((stcb->asoc.ecn_allowed) && ecn_ok) {
3503 /* Enable ECN */
3504 ip->ip_tos = ((u_char)(tos_value & 0xfc) | sctp_get_ect(stcb, chk));
3505 } else {
3506 /* No ECN */
3507 ip->ip_tos = (u_char)(tos_value & 0xfc);
3508 }
3509 } else {
3510 /* no association at all */
3511 ip->ip_tos = (tos_value & 0xfc);
3512 }
3513 if (port) {
3514 ip->ip_p = IPPROTO_UDP;
3515 } else {
3516 ip->ip_p = IPPROTO_SCTP;
3517 }
3518 ip->ip_sum = 0;
3519 if (net == NULL) {
3520 ro = &iproute;
3521 memset(&iproute, 0, sizeof(iproute));
3522 memcpy(&ro->ro_dst, to, to->sa_len);
3523 } else {
3524 ro = (sctp_route_t *) & net->ro;
3525 }
3526 /* Now the address selection part */
3527 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr;
3528
3529 /* call the routine to select the src address */
3530 if (net && out_of_asoc_ok == 0) {
3531 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) {
3532 sctp_free_ifa(net->ro._s_addr);
3533 net->ro._s_addr = NULL;
3534 net->src_addr_selected = 0;
3535 if (ro->ro_rt) {
3536 RTFREE(ro->ro_rt);
3537 ro->ro_rt = NULL;
3538 }
3539 }
3540 if (net->src_addr_selected == 0) {
3541 /* Cache the source address */
3542 net->ro._s_addr = sctp_source_address_selection(inp, stcb,
3543 ro, net, 0,
3544 vrf_id);
3545 net->src_addr_selected = 1;
3546 }
3547 if (net->ro._s_addr == NULL) {
3548 /* No route to host */
3549 net->src_addr_selected = 0;
3550 goto no_route;
3551 }
3552 ip->ip_src = net->ro._s_addr->address.sin.sin_addr;
3553 } else {
3554 if (over_addr == NULL) {
3555 struct sctp_ifa *_lsrc;
3556
3557 _lsrc = sctp_source_address_selection(inp, stcb, ro,
3558 net,
3559 out_of_asoc_ok,
3560 vrf_id);
3561 if (_lsrc == NULL) {
3562 goto no_route;
3563 }
3564 ip->ip_src = _lsrc->address.sin.sin_addr;
3565 sctp_free_ifa(_lsrc);
3566 } else {
3567 ip->ip_src = over_addr->sin.sin_addr;
3568 SCTP_RTALLOC(ro, vrf_id);
3569 }
3570 }
3571 if (port) {
3572 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip));
3573 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
3574 udp->uh_dport = port;
3575 udp->uh_ulen = htons(packet_length - sizeof(struct ip));
3576 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
3577 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
3578 } else {
3579 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip));
3580 }
3581
3582 sctphdr->src_port = src_port;
3583 sctphdr->dest_port = dest_port;
3584 sctphdr->v_tag = v_tag;
3585 sctphdr->checksum = 0;
3586
3587 /*
3588 * If source address selection fails and we find no route
3589 * then the ip_output should fail as well with a
3590 * NO_ROUTE_TO_HOST type error. We probably should catch
3591 * that somewhere and abort the association right away
3592 * (assuming this is an INIT being sent).
3593 */
3594 if ((ro->ro_rt == NULL)) {
3595 /*
3596 * src addr selection failed to find a route (or
3597 * valid source addr), so we can't get there from
3598 * here (yet)!
3599 */
3600 no_route:
3601 SCTPDBG(SCTP_DEBUG_OUTPUT1,
3602 "%s: dropped packet - no valid source addr\n",
3603 __FUNCTION__);
3604 if (net) {
3605 SCTPDBG(SCTP_DEBUG_OUTPUT1,
3606 "Destination was ");
3607 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1,
3608 &net->ro._l_addr.sa);
3609 if (net->dest_state & SCTP_ADDR_CONFIRMED) {
3610 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) {
3611 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", net);
3612 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
3613 stcb,
3614 SCTP_FAILED_THRESHOLD,
3615 (void *)net,
3616 so_locked);
3617 net->dest_state &= ~SCTP_ADDR_REACHABLE;
3618 net->dest_state |= SCTP_ADDR_NOT_REACHABLE;
3619 /*
3620 * JRS 5/14/07 - If a
3621 * destination is
3622 * unreachable, the PF bit
3623 * is turned off. This
3624 * allows an unambiguous use
3625 * of the PF bit for
3626 * destinations that are
3627 * reachable but potentially
3628 * failed. If the
3629 * destination is set to the
3630 * unreachable state, also
3631 * set the destination to
3632 * the PF state.
3633 */
3634 /*
3635 * Add debug message here if
3636 * destination is not in PF
3637 * state.
3638 */
3639 /*
3640 * Stop any running T3
3641 * timers here?
3642 */
3643 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_pf)) {
3644 net->dest_state &= ~SCTP_ADDR_PF;
3645 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination %p moved from PF to unreachable.\n",
3646 net);
3647 }
3648 }
3649 }
3650 if (stcb) {
3651 if (net == stcb->asoc.primary_destination) {
3652 /* need a new primary */
3653 struct sctp_nets *alt;
3654
3655 alt = sctp_find_alternate_net(stcb, net, 0);
3656 if (alt != net) {
3657 if (sctp_set_primary_addr(stcb,
3658 (struct sockaddr *)NULL,
3659 alt) == 0) {
3660 net->dest_state |= SCTP_ADDR_WAS_PRIMARY;
3661 if (net->ro._s_addr) {
3662 sctp_free_ifa(net->ro._s_addr);
3663 net->ro._s_addr = NULL;
3664 }
3665 net->src_addr_selected = 0;
3666 }
3667 }
3668 }
3669 }
3670 }
3671 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
3672 sctp_m_freem(m);
3673 return (EHOSTUNREACH);
3674 }
3675 if (ro != &iproute) {
3676 memcpy(&iproute, ro, sizeof(*ro));
3677 }
3678 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n",
3679 (uint32_t) (ntohl(ip->ip_src.s_addr)));
3680 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n",
3681 (uint32_t) (ntohl(ip->ip_dst.s_addr)));
3682 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n",
3683 ro->ro_rt);
3684
3685 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
3686 /* failed to prepend data, give up */
3687 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3688 sctp_m_freem(m);
3689 return (ENOMEM);
3690 }
3691#ifdef SCTP_PACKET_LOGGING
3692 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
3693 sctp_packet_log(m, packet_length);
3694#endif
3695 SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
3696 if (port) {
3697 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
3698 (stcb) &&
3699 (stcb->asoc.loopback_scope))) {
3700 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr));
3701 SCTP_STAT_INCR(sctps_sendswcrc);
3702 } else {
3703 SCTP_STAT_INCR(sctps_sendnocrc);
3704 }
3705 SCTP_ENABLE_UDP_CSUM(o_pak);
3706 } else {
3707 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
3708 (stcb) &&
3709 (stcb->asoc.loopback_scope))) {
3710 m->m_pkthdr.csum_flags = CSUM_SCTP;
3711 m->m_pkthdr.csum_data = 0;
3712 SCTP_STAT_INCR(sctps_sendhwcrc);
3713 } else {
3714 SCTP_STAT_INCR(sctps_sendnocrc);
3715 }
3716 }
3717 /* send it out. table id is taken from stcb */
3718#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3719 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
3720 so = SCTP_INP_SO(inp);
3721 SCTP_SOCKET_UNLOCK(so, 0);
3722 }
3723#endif
3724 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id);
3725#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3726 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
3727 atomic_add_int(&stcb->asoc.refcnt, 1);
3728 SCTP_TCB_UNLOCK(stcb);
3729 SCTP_SOCKET_LOCK(so, 0);
3730 SCTP_TCB_LOCK(stcb);
3731 atomic_subtract_int(&stcb->asoc.refcnt, 1);
3732 }
3733#endif
3734 SCTP_STAT_INCR(sctps_sendpackets);
3735 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
3736 if (ret)
3737 SCTP_STAT_INCR(sctps_senderrors);
3738
3739 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret);
3740 if (net == NULL) {
3741 /* free tempy routes */
3742 if (ro->ro_rt) {
3743 RTFREE(ro->ro_rt);
3744 ro->ro_rt = NULL;
3745 }
3746 } else {
3747 /* PMTU check versus smallest asoc MTU goes here */
3748 if ((ro->ro_rt != NULL) &&
3749 (net->ro._s_addr)) {
3750 uint32_t mtu;
3751
3752 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
3753 if (net->port) {
3754 mtu -= sizeof(struct udphdr);
3755 }
3756 if (mtu && (stcb->asoc.smallest_mtu > mtu)) {
3757#ifdef SCTP_PRINT_FOR_B_AND_M
3758 SCTP_PRINTF("sctp_mtu_size_reset called after ip_output mtu-change:%d\n", mtu);
3759#endif
3760 sctp_mtu_size_reset(inp, &stcb->asoc, mtu);
3761 net->mtu = mtu;
3762 }
3763 } else if (ro->ro_rt == NULL) {
3764 /* route was freed */
3765 if (net->ro._s_addr &&
3766 net->src_addr_selected) {
3767 sctp_free_ifa(net->ro._s_addr);
3768 net->ro._s_addr = NULL;
3769 }
3770 net->src_addr_selected = 0;
3771 }
3772 }
3773 return (ret);
3774 }
3775#ifdef INET6
3776 else if (to->sa_family == AF_INET6) {
3777 uint32_t flowlabel;
3778 struct ip6_hdr *ip6h;
3779 struct route_in6 ip6route;
3780 struct ifnet *ifp;
3781 u_char flowTop;
3782 uint16_t flowBottom;
3783 u_char tosBottom, tosTop;
3784 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp;
3785 int prev_scope = 0;
3786 struct sockaddr_in6 lsa6_storage;
3787 int error;
3788 u_short prev_port = 0;
3789 int len;
3790
3791 if (net != NULL) {
3792 flowlabel = net->tos_flowlabel;
3793 } else {
3794 flowlabel = ((struct in6pcb *)inp)->in6p_flowinfo;
3795 }
3796
3797 len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr);
3798 if (port) {
3799 len += sizeof(struct udphdr);
3800 }
3801 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA);
3802 if (newm == NULL) {
3803 sctp_m_freem(m);
3804 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3805 return (ENOMEM);
3806 }
3807 SCTP_ALIGN_TO_END(newm, len);
3808 SCTP_BUF_LEN(newm) = len;
3809 SCTP_BUF_NEXT(newm) = m;
3810 m = newm;
3811 packet_length = sctp_calculate_len(m);
3812
3813 ip6h = mtod(m, struct ip6_hdr *);
3814 /*
3815 * We assume here that inp_flow is in host byte order within
3816 * the TCB!
3817 */
3818 flowBottom = flowlabel & 0x0000ffff;
3819 flowTop = ((flowlabel & 0x000f0000) >> 16);
3820 tosTop = (((flowlabel & 0xf0) >> 4) | IPV6_VERSION);
3821 /* protect *sin6 from overwrite */
3822 sin6 = (struct sockaddr_in6 *)to;
3823 tmp = *sin6;
3824 sin6 = &tmp;
3825
3826 /* KAME hack: embed scopeid */
3827 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3828 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
3829 return (EINVAL);
3830 }
3831 if (net == NULL) {
3832 memset(&ip6route, 0, sizeof(ip6route));
3833 ro = (sctp_route_t *) & ip6route;
3834 memcpy(&ro->ro_dst, sin6, sin6->sin6_len);
3835 } else {
3836 ro = (sctp_route_t *) & net->ro;
3837 }
3838 if (stcb != NULL) {
3839 if ((stcb->asoc.ecn_allowed) && ecn_ok) {
3840 /* Enable ECN */
3841 tosBottom = (((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) | sctp_get_ect(stcb, chk)) << 4);
3842 } else {
3843 /* No ECN */
3844 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4);
3845 }
3846 } else {
3847 /* we could get no asoc if it is a O-O-T-B packet */
3848 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4);
3849 }
3850 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom | flowTop) << 16) | flowBottom));
3851 if (port) {
3852 ip6h->ip6_nxt = IPPROTO_UDP;
3853 } else {
3854 ip6h->ip6_nxt = IPPROTO_SCTP;
3855 }
3856 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr));
3857 ip6h->ip6_dst = sin6->sin6_addr;
3858
3859 /*
3860 * Add SRC address selection here: we can only reuse to a
3861 * limited degree the kame src-addr-sel, since we can try
3862 * their selection but it may not be bound.
3863 */
3864 bzero(&lsa6_tmp, sizeof(lsa6_tmp));
3865 lsa6_tmp.sin6_family = AF_INET6;
3866 lsa6_tmp.sin6_len = sizeof(lsa6_tmp);
3867 lsa6 = &lsa6_tmp;
3868 if (net && out_of_asoc_ok == 0) {
3869 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) {
3870 sctp_free_ifa(net->ro._s_addr);
3871 net->ro._s_addr = NULL;
3872 net->src_addr_selected = 0;
3873 if (ro->ro_rt) {
3874 RTFREE(ro->ro_rt);
3875 ro->ro_rt = NULL;
3876 }
3877 }
3878 if (net->src_addr_selected == 0) {
3879 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3880 /* KAME hack: embed scopeid */
3881 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3882 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
3883 return (EINVAL);
3884 }
3885 /* Cache the source address */
3886 net->ro._s_addr = sctp_source_address_selection(inp,
3887 stcb,
3888 ro,
3889 net,
3890 0,
3891 vrf_id);
3892 (void)sa6_recoverscope(sin6);
3893 net->src_addr_selected = 1;
3894 }
3895 if (net->ro._s_addr == NULL) {
3896 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n");
3897 net->src_addr_selected = 0;
3898 goto no_route;
3899 }
3900 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr;
3901 } else {
3902 sin6 = (struct sockaddr_in6 *)&ro->ro_dst;
3903 /* KAME hack: embed scopeid */
3904 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3905 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
3906 return (EINVAL);
3907 }
3908 if (over_addr == NULL) {
3909 struct sctp_ifa *_lsrc;
3910
3911 _lsrc = sctp_source_address_selection(inp, stcb, ro,
3912 net,
3913 out_of_asoc_ok,
3914 vrf_id);
3915 if (_lsrc == NULL) {
3916 goto no_route;
3917 }
3918 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr;
3919 sctp_free_ifa(_lsrc);
3920 } else {
3921 lsa6->sin6_addr = over_addr->sin6.sin6_addr;
3922 SCTP_RTALLOC(ro, vrf_id);
3923 }
3924 (void)sa6_recoverscope(sin6);
3925 }
3926 lsa6->sin6_port = inp->sctp_lport;
3927
3928 if (ro->ro_rt == NULL) {
3929 /*
3930 * src addr selection failed to find a route (or
3931 * valid source addr), so we can't get there from
3932 * here!
3933 */
3934 goto no_route;
3935 }
3936 /*
3937 * XXX: sa6 may not have a valid sin6_scope_id in the
3938 * non-SCOPEDROUTING case.
3939 */
3940 bzero(&lsa6_storage, sizeof(lsa6_storage));
3941 lsa6_storage.sin6_family = AF_INET6;
3942 lsa6_storage.sin6_len = sizeof(lsa6_storage);
3943 lsa6_storage.sin6_addr = lsa6->sin6_addr;
3944 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) {
3945 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error);
3946 sctp_m_freem(m);
3947 return (error);
3948 }
3949 /* XXX */
3950 lsa6_storage.sin6_addr = lsa6->sin6_addr;
3951 lsa6_storage.sin6_port = inp->sctp_lport;
3952 lsa6 = &lsa6_storage;
3953 ip6h->ip6_src = lsa6->sin6_addr;
3954
3955 if (port) {
3956 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
3957 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
3958 udp->uh_dport = port;
3959 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr));
3960 udp->uh_sum = 0;
3961 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
3962 } else {
3963 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
3964 }
3965
3966 sctphdr->src_port = src_port;
3967 sctphdr->dest_port = dest_port;
3968 sctphdr->v_tag = v_tag;
3969 sctphdr->checksum = 0;
3970
3971 /*
3972 * We set the hop limit now since there is a good chance
3973 * that our ro pointer is now filled
3974 */
3975 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro);
3976 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
3977
3978#ifdef SCTP_DEBUG
3979 /* Copy to be sure something bad is not happening */
3980 sin6->sin6_addr = ip6h->ip6_dst;
3981 lsa6->sin6_addr = ip6h->ip6_src;
3982#endif
3983
3984 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n");
3985 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: ");
3986 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6);
3987 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: ");
3988 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6);
3989 if (net) {
3990 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3991 /* preserve the port and scope for link local send */
3992 prev_scope = sin6->sin6_scope_id;
3993 prev_port = sin6->sin6_port;
3994 }
3995 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
3996 /* failed to prepend data, give up */
3997 sctp_m_freem(m);
3998 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3999 return (ENOMEM);
4000 }
4001#ifdef SCTP_PACKET_LOGGING
4002 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
4003 sctp_packet_log(m, packet_length);
4004#endif
4005 SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
4006 if (port) {
4007 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
4008 (stcb) &&
4009 (stcb->asoc.loopback_scope))) {
4010 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
4011 SCTP_STAT_INCR(sctps_sendswcrc);
4012 } else {
4013 SCTP_STAT_INCR(sctps_sendnocrc);
4014 }
4015 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) {
4016 udp->uh_sum = 0xffff;
4017 }
4018 } else {
4019 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
4020 (stcb) &&
4021 (stcb->asoc.loopback_scope))) {
4022 m->m_pkthdr.csum_flags = CSUM_SCTP;
4023 m->m_pkthdr.csum_data = 0;
4024 SCTP_STAT_INCR(sctps_sendhwcrc);
4025 } else {
4026 SCTP_STAT_INCR(sctps_sendnocrc);
4027 }
4028 }
4029 /* send it out. table id is taken from stcb */
4030#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4031 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
4032 so = SCTP_INP_SO(inp);
4033 SCTP_SOCKET_UNLOCK(so, 0);
4034 }
4035#endif
4036 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id);
4037#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4038 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
4039 atomic_add_int(&stcb->asoc.refcnt, 1);
4040 SCTP_TCB_UNLOCK(stcb);
4041 SCTP_SOCKET_LOCK(so, 0);
4042 SCTP_TCB_LOCK(stcb);
4043 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4044 }
4045#endif
4046 if (net) {
4047 /* for link local this must be done */
4048 sin6->sin6_scope_id = prev_scope;
4049 sin6->sin6_port = prev_port;
4050 }
4051 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
4052 SCTP_STAT_INCR(sctps_sendpackets);
4053 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
4054 if (ret) {
4055 SCTP_STAT_INCR(sctps_senderrors);
4056 }
4057 if (net == NULL) {
4058 /* Now if we had a temp route free it */
4059 if (ro->ro_rt) {
4060 RTFREE(ro->ro_rt);
4061 }
4062 } else {
4063 /* PMTU check versus smallest asoc MTU goes here */
4064 if (ro->ro_rt == NULL) {
4065 /* Route was freed */
4066 if (net->ro._s_addr &&
4067 net->src_addr_selected) {
4068 sctp_free_ifa(net->ro._s_addr);
4069 net->ro._s_addr = NULL;
4070 }
4071 net->src_addr_selected = 0;
4072 }
4073 if ((ro->ro_rt != NULL) &&
4074 (net->ro._s_addr)) {
4075 uint32_t mtu;
4076
4077 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
4078 if (mtu &&
4079 (stcb->asoc.smallest_mtu > mtu)) {
4080#ifdef SCTP_PRINT_FOR_B_AND_M
4081 SCTP_PRINTF("sctp_mtu_size_reset called after ip6_output mtu-change:%d\n",
4082 mtu);
4083#endif
4084 sctp_mtu_size_reset(inp, &stcb->asoc, mtu);
4085 net->mtu = mtu;
4086 if (net->port) {
4087 net->mtu -= sizeof(struct udphdr);
4088 }
4089 }
4090 } else if (ifp) {
4091 if (ND_IFINFO(ifp)->linkmtu &&
4092 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) {
4093#ifdef SCTP_PRINT_FOR_B_AND_M
4094 SCTP_PRINTF("sctp_mtu_size_reset called via ifp ND_IFINFO() linkmtu:%d\n",
4095 ND_IFINFO(ifp)->linkmtu);
4096#endif
4097 sctp_mtu_size_reset(inp,
4098 &stcb->asoc,
4099 ND_IFINFO(ifp)->linkmtu);
4100 }
4101 }
4102 }
4103 return (ret);
4104 }
4105#endif
4106 else {
4107 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n",
4108 ((struct sockaddr *)to)->sa_family);
4109 sctp_m_freem(m);
4110 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
4111 return (EFAULT);
4112 }
4113}
4114
4115
4116void
4117sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked
4118#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
4119 SCTP_UNUSED
4120#endif
4121)
4122{
4123 struct mbuf *m, *m_at, *mp_last;
4124 struct sctp_nets *net;
4125 struct sctp_init_chunk *init;
4126 struct sctp_supported_addr_param *sup_addr;
4127 struct sctp_adaptation_layer_indication *ali;
4128 struct sctp_ecn_supported_param *ecn;
4129 struct sctp_prsctp_supported_param *prsctp;
4130 struct sctp_ecn_nonce_supported_param *ecn_nonce;
4131 struct sctp_supported_chunk_types_param *pr_supported;
4132 int cnt_inits_to = 0;
4133 int padval, ret;
4134 int num_ext;
4135 int p_len;
4136
4137 /* INIT's always go to the primary (and usually ONLY address) */
4138 mp_last = NULL;
4139 net = stcb->asoc.primary_destination;
4140 if (net == NULL) {
4141 net = TAILQ_FIRST(&stcb->asoc.nets);
4142 if (net == NULL) {
4143 /* TSNH */
4144 return;
4145 }
4146 /* we confirm any address we send an INIT to */
4147 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
4148 (void)sctp_set_primary_addr(stcb, NULL, net);
4149 } else {
4150 /* we confirm any address we send an INIT to */
4151 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
4152 }
4153 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n");
4154#ifdef INET6
4155 if (((struct sockaddr *)&(net->ro._l_addr))->sa_family == AF_INET6) {
4156 /*
4157 * special hook, if we are sending to link local it will not
4158 * show up in our private address count.
4159 */
4160 struct sockaddr_in6 *sin6l;
4161
4162 sin6l = &net->ro._l_addr.sin6;
4163 if (IN6_IS_ADDR_LINKLOCAL(&sin6l->sin6_addr))
4164 cnt_inits_to = 1;
4165 }
4166#endif
4167 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4168 /* This case should not happen */
4169 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n");
4170 return;
4171 }
4172 /* start the INIT timer */
4173 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net);
4174
4175 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA);
4176 if (m == NULL) {
4177 /* No memory, INIT timer will re-attempt. */
4178 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n");
4179 return;
4180 }
4181 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
4182 /*
4183 * assume peer supports asconf in order to be able to queue local
4184 * address changes while an INIT is in flight and before the assoc
4185 * is established.
4186 */
4187 stcb->asoc.peer_supports_asconf = 1;
4188 /* Now lets put the SCTP header in place */
4189 init = mtod(m, struct sctp_init_chunk *);
4190 /* now the chunk header */
4191 init->ch.chunk_type = SCTP_INITIATION;
4192 init->ch.chunk_flags = 0;
4193 /* fill in later from mbuf we build */
4194 init->ch.chunk_length = 0;
4195 /* place in my tag */
4196 init->init.initiate_tag = htonl(stcb->asoc.my_vtag);
4197 /* set up some of the credits. */
4198 init->init.a_rwnd = htonl(max(inp->sctp_socket ? SCTP_SB_LIMIT_RCV(inp->sctp_socket) : 0,
4199 SCTP_MINIMAL_RWND));
4200
4201 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams);
4202 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams);
4203 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number);
4204 /* now the address restriction */
4205 sup_addr = (struct sctp_supported_addr_param *)((caddr_t)init +
4206 sizeof(*init));
4207 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE);
4208#ifdef INET6
4209 /* we support 2 types: IPv6/IPv4 */
4210 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint16_t));
4211 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS);
4212 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS);
4213#else
4214 /* we support 1 type: IPv4 */
4215 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint8_t));
4216 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS);
4217 sup_addr->addr_type[1] = htons(0); /* this is the padding */
4218#endif
4219 SCTP_BUF_LEN(m) += sizeof(*sup_addr) + sizeof(uint16_t);
4220 /* adaptation layer indication parameter */
4221 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t));
4222 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
4223 ali->ph.param_length = htons(sizeof(*ali));
4224 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator);
4225 SCTP_BUF_LEN(m) += sizeof(*ali);
4226 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali));
4227
4228 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) {
4229 /* Add NAT friendly parameter */
4230 struct sctp_paramhdr *ph;
4231
4232 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4233 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
4234 ph->param_length = htons(sizeof(struct sctp_paramhdr));
4235 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr);
4236 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ph + sizeof(*ph));
4237 }
4238 /* now any cookie time extensions */
4239 if (stcb->asoc.cookie_preserve_req) {
4240 struct sctp_cookie_perserve_param *cookie_preserve;
4241
4242 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn);
4243 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE);
4244 cookie_preserve->ph.param_length = htons(
4245 sizeof(*cookie_preserve));
4246 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req);
4247 SCTP_BUF_LEN(m) += sizeof(*cookie_preserve);
4248 ecn = (struct sctp_ecn_supported_param *)(
4249 (caddr_t)cookie_preserve + sizeof(*cookie_preserve));
4250 stcb->asoc.cookie_preserve_req = 0;
4251 }
4252 /* ECN parameter */
4253 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) {
4254 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE);
4255 ecn->ph.param_length = htons(sizeof(*ecn));
4256 SCTP_BUF_LEN(m) += sizeof(*ecn);
4257 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn +
4258 sizeof(*ecn));
4259 } else {
4260 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn);
4261 }
4262 /* And now tell the peer we do pr-sctp */
4263 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED);
4264 prsctp->ph.param_length = htons(sizeof(*prsctp));
4265 SCTP_BUF_LEN(m) += sizeof(*prsctp);
4266
4267 /* And now tell the peer we do all the extensions */
4268 pr_supported = (struct sctp_supported_chunk_types_param *)
4269 ((caddr_t)prsctp + sizeof(*prsctp));
4270 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
4271 num_ext = 0;
4272 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
4273 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
4274 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
4275 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
4276 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
4277 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) {
4278 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
4279 }
4280 /*
4281 * EY if the initiator supports nr_sacks, need to report that to
4282 * responder in INIT chunk
4283 */
4284 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) {
4285 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
4286 }
4287 p_len = sizeof(*pr_supported) + num_ext;
4288 pr_supported->ph.param_length = htons(p_len);
4289 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len);
4290 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4291
4292
4293 /* ECN nonce: And now tell the peer we support ECN nonce */
4294 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) {
4295 ecn_nonce = (struct sctp_ecn_nonce_supported_param *)
4296 ((caddr_t)pr_supported + SCTP_SIZE32(p_len));
4297 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED);
4298 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce));
4299 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce);
4300 }
4301 /* add authentication parameters */
4302 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) {
4303 struct sctp_auth_random *randp;
4304 struct sctp_auth_hmac_algo *hmacs;
4305 struct sctp_auth_chunk_list *chunks;
4306
4307 /* attach RANDOM parameter, if available */
4308 if (stcb->asoc.authinfo.random != NULL) {
4309 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4310 p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len;
4311 /* random key already contains the header */
4312 bcopy(stcb->asoc.authinfo.random->key, randp, p_len);
4313 /* zero out any padding required */
4314 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
4315 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4316 }
4317 /* add HMAC_ALGO parameter */
4318 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4319 p_len = sctp_serialize_hmaclist(stcb->asoc.local_hmacs,
4320 (uint8_t *) hmacs->hmac_ids);
4321 if (p_len > 0) {
4322 p_len += sizeof(*hmacs);
4323 hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
4324 hmacs->ph.param_length = htons(p_len);
4325 /* zero out any padding required */
4326 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len);
4327 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4328 }
4329 /* add CHUNKS parameter */
4330 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4331 p_len = sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks,
4332 chunks->chunk_types);
4333 if (p_len > 0) {
4334 p_len += sizeof(*chunks);
4335 chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
4336 chunks->ph.param_length = htons(p_len);
4337 /* zero out any padding required */
4338 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len);
4339 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4340 }
4341 }
4342 m_at = m;
4343 /* now the addresses */
4344 {
4345 struct sctp_scoping scp;
4346
4347 /*
4348 * To optimize this we could put the scoping stuff into a
4349 * structure and remove the individual uint8's from the
4350 * assoc structure. Then we could just sifa in the address
4351 * within the stcb.. but for now this is a quick hack to get
4352 * the address stuff teased apart.
4353 */
4354 scp.ipv4_addr_legal = stcb->asoc.ipv4_addr_legal;
4355 scp.ipv6_addr_legal = stcb->asoc.ipv6_addr_legal;
4356 scp.loopback_scope = stcb->asoc.loopback_scope;
4357 scp.ipv4_local_scope = stcb->asoc.ipv4_local_scope;
4358 scp.local_scope = stcb->asoc.local_scope;
4359 scp.site_scope = stcb->asoc.site_scope;
4360
4361 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to);
4362 }
4363
4364 /* calulate the size and update pkt header and chunk header */
4365 p_len = 0;
4366 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
4367 if (SCTP_BUF_NEXT(m_at) == NULL)
4368 mp_last = m_at;
4369 p_len += SCTP_BUF_LEN(m_at);
4370 }
4371 init->ch.chunk_length = htons(p_len);
4372 /*
4373 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return
4374 * here since the timer will drive a retranmission.
4375 */
4376
4377 /* I don't expect this to execute but we will be safe here */
4378 padval = p_len % 4;
4379 if ((padval) && (mp_last)) {
4380 /*
4381 * The compiler worries that mp_last may not be set even
4382 * though I think it is impossible :-> however we add
4383 * mp_last here just in case.
4384 */
4385 ret = sctp_add_pad_tombuf(mp_last, (4 - padval));
4386 if (ret) {
4387 /* Houston we have a problem, no space */
4388 sctp_m_freem(m);
4389 return;
4390 }
4391 p_len += padval;
4392 }
4393 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n");
4394 ret = sctp_lowlevel_chunk_output(inp, stcb, net,
4395 (struct sockaddr *)&net->ro._l_addr,
4396 m, 0, NULL, 0, 0, 0, NULL, 0,
4397 inp->sctp_lport, stcb->rport, htonl(0),
4398 net->port, so_locked, NULL);
4399 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret);
4400 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
4401 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time);
4402}
4403
4404struct mbuf *
4405sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
4406 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly)
4407{
4408 /*
4409 * Given a mbuf containing an INIT or INIT-ACK with the param_offset
4410 * being equal to the beginning of the params i.e. (iphlen +
4411 * sizeof(struct sctp_init_msg) parse through the parameters to the
4412 * end of the mbuf verifying that all parameters are known.
4413 *
4414 * For unknown parameters build and return a mbuf with
4415 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop
4416 * processing this chunk stop, and set *abort_processing to 1.
4417 *
4418 * By having param_offset be pre-set to where parameters begin it is
4419 * hoped that this routine may be reused in the future by new
4420 * features.
4421 */
4422 struct sctp_paramhdr *phdr, params;
4423
4424 struct mbuf *mat, *op_err;
4425 char tempbuf[SCTP_PARAM_BUFFER_SIZE];
4426 int at, limit, pad_needed;
4427 uint16_t ptype, plen, padded_size;
4428 int err_at;
4429
4430 *abort_processing = 0;
4431 mat = in_initpkt;
4432 err_at = 0;
4433 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk);
4434 at = param_offset;
4435 op_err = NULL;
4436 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n");
4437 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params));
4438 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) {
4439 ptype = ntohs(phdr->param_type);
4440 plen = ntohs(phdr->param_length);
4441 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) {
4442 /* wacked parameter */
4443 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen);
4444 goto invalid_size;
4445 }
4446 limit -= SCTP_SIZE32(plen);
4447 /*-
4448 * All parameters for all chunks that we know/understand are
4449 * listed here. We process them other places and make
4450 * appropriate stop actions per the upper bits. However this
4451 * is the generic routine processor's can call to get back
4452 * an operr.. to either incorporate (init-ack) or send.
4453 */
4454 padded_size = SCTP_SIZE32(plen);
4455 switch (ptype) {
4456 /* Param's with variable size */
4457 case SCTP_HEARTBEAT_INFO:
4458 case SCTP_STATE_COOKIE:
4459 case SCTP_UNRECOG_PARAM:
4460 case SCTP_ERROR_CAUSE_IND:
4461 /* ok skip fwd */
4462 at += padded_size;
4463 break;
4464 /* Param's with variable size within a range */
4465 case SCTP_CHUNK_LIST:
4466 case SCTP_SUPPORTED_CHUNK_EXT:
4467 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) {
4468 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen);
4469 goto invalid_size;
4470 }
4471 at += padded_size;
4472 break;
4473 case SCTP_SUPPORTED_ADDRTYPE:
4474 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) {
4475 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen);
4476 goto invalid_size;
4477 }
4478 at += padded_size;
4479 break;
4480 case SCTP_RANDOM:
4481 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) {
4482 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen);
4483 goto invalid_size;
4484 }
4485 at += padded_size;
4486 break;
4487 case SCTP_SET_PRIM_ADDR:
4488 case SCTP_DEL_IP_ADDRESS:
4489 case SCTP_ADD_IP_ADDRESS:
4490 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) &&
4491 (padded_size != sizeof(struct sctp_asconf_addr_param))) {
4492 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen);
4493 goto invalid_size;
4494 }
4495 at += padded_size;
4496 break;
4497 /* Param's with a fixed size */
4498 case SCTP_IPV4_ADDRESS:
4499 if (padded_size != sizeof(struct sctp_ipv4addr_param)) {
4500 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen);
4501 goto invalid_size;
4502 }
4503 at += padded_size;
4504 break;
4505 case SCTP_IPV6_ADDRESS:
4506 if (padded_size != sizeof(struct sctp_ipv6addr_param)) {
4507 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen);
4508 goto invalid_size;
4509 }
4510 at += padded_size;
4511 break;
4512 case SCTP_COOKIE_PRESERVE:
4513 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) {
4514 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen);
4515 goto invalid_size;
4516 }
4517 at += padded_size;
4518 break;
4519 case SCTP_HAS_NAT_SUPPORT:
4520 *nat_friendly = 1;
4521 /* fall through */
4522 case SCTP_ECN_NONCE_SUPPORTED:
4523 case SCTP_PRSCTP_SUPPORTED:
4524
4525 if (padded_size != sizeof(struct sctp_paramhdr)) {
4526 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecnnonce/prsctp/nat support %d\n", plen);
4527 goto invalid_size;
4528 }
4529 at += padded_size;
4530 break;
4531 case SCTP_ECN_CAPABLE:
4532 if (padded_size != sizeof(struct sctp_ecn_supported_param)) {
4533 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen);
4534 goto invalid_size;
4535 }
4536 at += padded_size;
4537 break;
4538 case SCTP_ULP_ADAPTATION:
4539 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) {
4540 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen);
4541 goto invalid_size;
4542 }
4543 at += padded_size;
4544 break;
4545 case SCTP_SUCCESS_REPORT:
4546 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) {
4547 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen);
4548 goto invalid_size;
4549 }
4550 at += padded_size;
4551 break;
4552 case SCTP_HOSTNAME_ADDRESS:
4553 {
4554 /* We can NOT handle HOST NAME addresses!! */
4555 int l_len;
4556
4557 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n");
4558 *abort_processing = 1;
4559 if (op_err == NULL) {
4560 /* Ok need to try to get a mbuf */
4561#ifdef INET6
4562 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4563#else
4564 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4565#endif
4566 l_len += plen;
4567 l_len += sizeof(struct sctp_paramhdr);
4568 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA);
4569 if (op_err) {
4570 SCTP_BUF_LEN(op_err) = 0;
4571 /*
4572 * pre-reserve space for ip
4573 * and sctp header and
4574 * chunk hdr
4575 */
4576#ifdef INET6
4577 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
4578#else
4579 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
4580#endif
4581 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
4582 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
4583 }
4584 }
4585 if (op_err) {
4586 /* If we have space */
4587 struct sctp_paramhdr s;
4588
4589 if (err_at % 4) {
4590 uint32_t cpthis = 0;
4591
4592 pad_needed = 4 - (err_at % 4);
4593 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
4594 err_at += pad_needed;
4595 }
4596 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
4597 s.param_length = htons(sizeof(s) + plen);
4598 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
4599 err_at += sizeof(s);
4600 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen));
4601 if (phdr == NULL) {
4602 sctp_m_freem(op_err);
4603 /*
4604 * we are out of memory but
4605 * we still need to have a
4606 * look at what to do (the
4607 * system is in trouble
4608 * though).
4609 */
4610 return (NULL);
4611 }
4612 m_copyback(op_err, err_at, plen, (caddr_t)phdr);
4613 err_at += plen;
4614 }
4615 return (op_err);
4616 break;
4617 }
4618 default:
4619 /*
4620 * we do not recognize the parameter figure out what
4621 * we do.
4622 */
4623 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype);
4624 if ((ptype & 0x4000) == 0x4000) {
4625 /* Report bit is set?? */
4626 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n");
4627 if (op_err == NULL) {
4628 int l_len;
4629
4630 /* Ok need to try to get an mbuf */
4631#ifdef INET6
4632 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4633#else
4634 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4635#endif
4636 l_len += plen;
4637 l_len += sizeof(struct sctp_paramhdr);
4638 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA);
4639 if (op_err) {
4640 SCTP_BUF_LEN(op_err) = 0;
4641#ifdef INET6
4642 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
4643#else
4644 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
4645#endif
4646 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
4647 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
4648 }
4649 }
4650 if (op_err) {
4651 /* If we have space */
4652 struct sctp_paramhdr s;
4653
4654 if (err_at % 4) {
4655 uint32_t cpthis = 0;
4656
4657 pad_needed = 4 - (err_at % 4);
4658 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
4659 err_at += pad_needed;
4660 }
4661 s.param_type = htons(SCTP_UNRECOG_PARAM);
4662 s.param_length = htons(sizeof(s) + plen);
4663 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
4664 err_at += sizeof(s);
4665 if (plen > sizeof(tempbuf)) {
4666 plen = sizeof(tempbuf);
4667 }
4668 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen));
4669 if (phdr == NULL) {
4670 sctp_m_freem(op_err);
4671 /*
4672 * we are out of memory but
4673 * we still need to have a
4674 * look at what to do (the
4675 * system is in trouble
4676 * though).
4677 */
4678 op_err = NULL;
4679 goto more_processing;
4680 }
4681 m_copyback(op_err, err_at, plen, (caddr_t)phdr);
4682 err_at += plen;
4683 }
4684 }
4685 more_processing:
4686 if ((ptype & 0x8000) == 0x0000) {
4687 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n");
4688 return (op_err);
4689 } else {
4690 /* skip this chunk and continue processing */
4691 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n");
4692 at += SCTP_SIZE32(plen);
4693 }
4694 break;
4695
4696 }
4697 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params));
4698 }
4699 return (op_err);
4700invalid_size:
4701 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n");
4702 *abort_processing = 1;
4703 if ((op_err == NULL) && phdr) {
4704 int l_len;
4705
4706#ifdef INET6
4707 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4708#else
4709 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4710#endif
4711 l_len += (2 * sizeof(struct sctp_paramhdr));
4712 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA);
4713 if (op_err) {
4714 SCTP_BUF_LEN(op_err) = 0;
4715#ifdef INET6
4716 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
4717#else
4718 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
4719#endif
4720 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
4721 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
4722 }
4723 }
4724 if ((op_err) && phdr) {
4725 struct sctp_paramhdr s;
4726
4727 if (err_at % 4) {
4728 uint32_t cpthis = 0;
4729
4730 pad_needed = 4 - (err_at % 4);
4731 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
4732 err_at += pad_needed;
4733 }
4734 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
4735 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr));
4736 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
4737 err_at += sizeof(s);
4738 /* Only copy back the p-hdr that caused the issue */
4739 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr);
4740 }
4741 return (op_err);
4742}
4743
4744static int
4745sctp_are_there_new_addresses(struct sctp_association *asoc,
4746 struct mbuf *in_initpkt, int iphlen, int offset)
4747{
4748 /*
4749 * Given a INIT packet, look through the packet to verify that there
4750 * are NO new addresses. As we go through the parameters add reports
4751 * of any un-understood parameters that require an error. Also we
4752 * must return (1) to drop the packet if we see a un-understood
4753 * parameter that tells us to drop the chunk.
4754 */
4755 struct sockaddr_in sin4, *sa4;
4756
4757#ifdef INET6
4758 struct sockaddr_in6 sin6, *sa6;
4759
4760#endif
4761 struct sockaddr *sa_touse;
4762 struct sockaddr *sa;
4763 struct sctp_paramhdr *phdr, params;
4764 struct ip *iph;
4765
4766#ifdef INET6
4767 struct ip6_hdr *ip6h;
4768
4769#endif
4770 struct mbuf *mat;
4771 uint16_t ptype, plen;
4772 int err_at;
4773 uint8_t fnd;
4774 struct sctp_nets *net;
4775
4776 memset(&sin4, 0, sizeof(sin4));
4777#ifdef INET6
4778 memset(&sin6, 0, sizeof(sin6));
4779#endif
4780 sin4.sin_family = AF_INET;
4781 sin4.sin_len = sizeof(sin4);
4782#ifdef INET6
4783 sin6.sin6_family = AF_INET6;
4784 sin6.sin6_len = sizeof(sin6);
4785#endif
4786 sa_touse = NULL;
4787 /* First what about the src address of the pkt ? */
4788 iph = mtod(in_initpkt, struct ip *);
4789 switch (iph->ip_v) {
4790 case IPVERSION:
4791 /* source addr is IPv4 */
4792 sin4.sin_addr = iph->ip_src;
4793 sa_touse = (struct sockaddr *)&sin4;
4794 break;
4795#ifdef INET6
4796 case IPV6_VERSION >> 4:
4797 /* source addr is IPv6 */
4798 ip6h = mtod(in_initpkt, struct ip6_hdr *);
4799 sin6.sin6_addr = ip6h->ip6_src;
4800 sa_touse = (struct sockaddr *)&sin6;
4801 break;
4802#endif
4803 default:
4804 return (1);
4805 }
4806
4807 fnd = 0;
4808 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4809 sa = (struct sockaddr *)&net->ro._l_addr;
4810 if (sa->sa_family == sa_touse->sa_family) {
4811 if (sa->sa_family == AF_INET) {
4812 sa4 = (struct sockaddr_in *)sa;
4813 if (sa4->sin_addr.s_addr ==
4814 sin4.sin_addr.s_addr) {
4815 fnd = 1;
4816 break;
4817 }
4818 }
4819#ifdef INET6
4820 if (sa->sa_family == AF_INET6) {
4821 sa6 = (struct sockaddr_in6 *)sa;
4822 if (SCTP6_ARE_ADDR_EQUAL(sa6,
4823 &sin6)) {
4824 fnd = 1;
4825 break;
4826 }
4827 }
4828#endif
4829 }
4830 }
4831 if (fnd == 0) {
4832 /* New address added! no need to look futher. */
4833 return (1);
4834 }
4835 /* Ok so far lets munge through the rest of the packet */
4836 mat = in_initpkt;
4837 err_at = 0;
4838 sa_touse = NULL;
4839 offset += sizeof(struct sctp_init_chunk);
4840 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params));
4841 while (phdr) {
4842 ptype = ntohs(phdr->param_type);
4843 plen = ntohs(phdr->param_length);
4844 if (ptype == SCTP_IPV4_ADDRESS) {
4845 struct sctp_ipv4addr_param *p4, p4_buf;
4846
4847 phdr = sctp_get_next_param(mat, offset,
4848 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf));
4849 if (plen != sizeof(struct sctp_ipv4addr_param) ||
4850 phdr == NULL) {
4851 return (1);
4852 }
4853 p4 = (struct sctp_ipv4addr_param *)phdr;
4854 sin4.sin_addr.s_addr = p4->addr;
4855 sa_touse = (struct sockaddr *)&sin4;
4856 } else if (ptype == SCTP_IPV6_ADDRESS) {
4857 struct sctp_ipv6addr_param *p6, p6_buf;
4858
4859 phdr = sctp_get_next_param(mat, offset,
4860 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf));
4861 if (plen != sizeof(struct sctp_ipv6addr_param) ||
4862 phdr == NULL) {
4863 return (1);
4864 }
4865 p6 = (struct sctp_ipv6addr_param *)phdr;
4866#ifdef INET6
4867 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
4868 sizeof(p6->addr));
4869#endif
4870 sa_touse = (struct sockaddr *)&sin4;
4871 }
4872 if (sa_touse) {
4873 /* ok, sa_touse points to one to check */
4874 fnd = 0;
4875 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4876 sa = (struct sockaddr *)&net->ro._l_addr;
4877 if (sa->sa_family != sa_touse->sa_family) {
4878 continue;
4879 }
4880 if (sa->sa_family == AF_INET) {
4881 sa4 = (struct sockaddr_in *)sa;
4882 if (sa4->sin_addr.s_addr ==
4883 sin4.sin_addr.s_addr) {
4884 fnd = 1;
4885 break;
4886 }
4887 }
4888#ifdef INET6
4889 if (sa->sa_family == AF_INET6) {
4890 sa6 = (struct sockaddr_in6 *)sa;
4891 if (SCTP6_ARE_ADDR_EQUAL(
4892 sa6, &sin6)) {
4893 fnd = 1;
4894 break;
4895 }
4896 }
4897#endif
4898 }
4899 if (!fnd) {
4900 /* New addr added! no need to look further */
4901 return (1);
4902 }
4903 }
4904 offset += SCTP_SIZE32(plen);
4905 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params));
4906 }
4907 return (0);
4908}
4909
4910/*
4911 * Given a MBUF chain that was sent into us containing an INIT. Build a
4912 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done
4913 * a pullup to include IPv6/4header, SCTP header and initial part of INIT
4914 * message (i.e. the struct sctp_init_msg).
4915 */
4916void
4917sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
4918 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh,
4919 struct sctp_init_chunk *init_chk, uint32_t vrf_id, uint16_t port, int hold_inp_lock)
4920{
4921 struct sctp_association *asoc;
4922 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *mp_last;
4923 struct sctp_init_ack_chunk *initack;
4924 struct sctp_adaptation_layer_indication *ali;
4925 struct sctp_ecn_supported_param *ecn;
4926 struct sctp_prsctp_supported_param *prsctp;
4927 struct sctp_ecn_nonce_supported_param *ecn_nonce;
4928 struct sctp_supported_chunk_types_param *pr_supported;
4929 union sctp_sockstore store, store1, *over_addr;
4930 struct sockaddr_in *sin, *to_sin;
4931
4932#ifdef INET6
4933 struct sockaddr_in6 *sin6, *to_sin6;
4934
4935#endif
4936 struct ip *iph;
4937
4938#ifdef INET6
4939 struct ip6_hdr *ip6;
4940
4941#endif
4942 struct sockaddr *to;
4943 struct sctp_state_cookie stc;
4944 struct sctp_nets *net = NULL;
4945 uint8_t *signature = NULL;
4946 int cnt_inits_to = 0;
4947 uint16_t his_limit, i_want;
4948 int abort_flag, padval;
4949 int num_ext;
4950 int p_len;
4951 int nat_friendly = 0;
4952 struct socket *so;
4953
4954 if (stcb)
4955 asoc = &stcb->asoc;
4956 else
4957 asoc = NULL;
4958 mp_last = NULL;
4959 if ((asoc != NULL) &&
4960 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) &&
4961 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) {
4962 /* new addresses, out of here in non-cookie-wait states */
4963 /*
4964 * Send a ABORT, we don't add the new address error clause
4965 * though we even set the T bit and copy in the 0 tag.. this
4966 * looks no different than if no listener was present.
4967 */
4968 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL, vrf_id, port);
4969 return;
4970 }
4971 abort_flag = 0;
4972 op_err = sctp_arethere_unrecognized_parameters(init_pkt,
4973 (offset + sizeof(struct sctp_init_chunk)),
4974 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly);
4975 if (abort_flag) {
4976do_a_abort:
4977 sctp_send_abort(init_pkt, iphlen, sh,
4978 init_chk->init.initiate_tag, op_err, vrf_id, port);
4979 return;
4980 }
4981 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
4982 if (m == NULL) {
4983 /* No memory, INIT timer will re-attempt. */
4984 if (op_err)
4985 sctp_m_freem(op_err);
4986 return;
4987 }
4988 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
4989
4990 /* the time I built cookie */
4991 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);
4992
4993 /* populate any tie tags */
4994 if (asoc != NULL) {
4995 /* unlock before tag selections */
4996 stc.tie_tag_my_vtag = asoc->my_vtag_nonce;
4997 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce;
4998 stc.cookie_life = asoc->cookie_life;
4999 net = asoc->primary_destination;
5000 } else {
5001 stc.tie_tag_my_vtag = 0;
5002 stc.tie_tag_peer_vtag = 0;
5003 /* life I will award this cookie */
5004 stc.cookie_life = inp->sctp_ep.def_cookie_life;
5005 }
5006
5007 /* copy in the ports for later check */
5008 stc.myport = sh->dest_port;
5009 stc.peerport = sh->src_port;
5010
5011 /*
5012 * If we wanted to honor cookie life extentions, we would add to
5013 * stc.cookie_life. For now we should NOT honor any extension
5014 */
5015 stc.site_scope = stc.local_scope = stc.loopback_scope = 0;
5016 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
5017 struct inpcb *in_inp;
5018
5019 /* Its a V6 socket */
5020 in_inp = (struct inpcb *)inp;
5021 stc.ipv6_addr_legal = 1;
5022 /* Now look at the binding flag to see if V4 will be legal */
5023 if (SCTP_IPV6_V6ONLY(in_inp) == 0) {
5024 stc.ipv4_addr_legal = 1;
5025 } else {
5026 /* V4 addresses are NOT legal on the association */
5027 stc.ipv4_addr_legal = 0;
5028 }
5029 } else {
5030 /* Its a V4 socket, no - V6 */
5031 stc.ipv4_addr_legal = 1;
5032 stc.ipv6_addr_legal = 0;
5033 }
5034
5035#ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
5036 stc.ipv4_scope = 1;
5037#else
5038 stc.ipv4_scope = 0;
5039#endif
5040 /* now for scope setup */
5041 memset((caddr_t)&store, 0, sizeof(store));
5042 memset((caddr_t)&store1, 0, sizeof(store1));
5043 sin = &store.sin;
5044 to_sin = &store1.sin;
5045#ifdef INET6
5046 sin6 = &store.sin6;
5047 to_sin6 = &store1.sin6;
5048#endif
5049 iph = mtod(init_pkt, struct ip *);
5050 /* establish the to_addr's */
5051 switch (iph->ip_v) {
5052 case IPVERSION:
5053 to_sin->sin_port = sh->dest_port;
5054 to_sin->sin_family = AF_INET;
5055 to_sin->sin_len = sizeof(struct sockaddr_in);
5056 to_sin->sin_addr = iph->ip_dst;
5057 break;
5058#ifdef INET6
5059 case IPV6_VERSION >> 4:
5060 ip6 = mtod(init_pkt, struct ip6_hdr *);
5061 to_sin6->sin6_addr = ip6->ip6_dst;
5062 to_sin6->sin6_scope_id = 0;
5063 to_sin6->sin6_port = sh->dest_port;
5064 to_sin6->sin6_family = AF_INET6;
5065 to_sin6->sin6_len = sizeof(struct sockaddr_in6);
5066 break;
5067#endif
5068 default:
5069 goto do_a_abort;
5070 break;
5071 };
5072
5073 if (net == NULL) {
5074 to = (struct sockaddr *)&store;
5075 switch (iph->ip_v) {
5076 case IPVERSION:
5077 {
5078 sin->sin_family = AF_INET;
5079 sin->sin_len = sizeof(struct sockaddr_in);
5080 sin->sin_port = sh->src_port;
5081 sin->sin_addr = iph->ip_src;
5082 /* lookup address */
5083 stc.address[0] = sin->sin_addr.s_addr;
5084 stc.address[1] = 0;
5085 stc.address[2] = 0;
5086 stc.address[3] = 0;
5087 stc.addr_type = SCTP_IPV4_ADDRESS;
5088 /* local from address */
5089 stc.laddress[0] = to_sin->sin_addr.s_addr;
5090 stc.laddress[1] = 0;
5091 stc.laddress[2] = 0;
5092 stc.laddress[3] = 0;
5093 stc.laddr_type = SCTP_IPV4_ADDRESS;
5094 /* scope_id is only for v6 */
5095 stc.scope_id = 0;
5096#ifndef SCTP_DONT_DO_PRIVADDR_SCOPE
5097 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
5098 stc.ipv4_scope = 1;
5099 }
5100#else
5101 stc.ipv4_scope = 1;
5102#endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */
5103 /* Must use the address in this case */
5104 if (sctp_is_address_on_local_host((struct sockaddr *)sin, vrf_id)) {
5105 stc.loopback_scope = 1;
5106 stc.ipv4_scope = 1;
5107 stc.site_scope = 1;
5108 stc.local_scope = 0;
5109 }
5110 break;
5111 }
5112#ifdef INET6
5113 case IPV6_VERSION >> 4:
5114 {
5115 ip6 = mtod(init_pkt, struct ip6_hdr *);
5116 sin6->sin6_family = AF_INET6;
5117 sin6->sin6_len = sizeof(struct sockaddr_in6);
5118 sin6->sin6_port = sh->src_port;
5119 sin6->sin6_addr = ip6->ip6_src;
5120 /* lookup address */
5121 memcpy(&stc.address, &sin6->sin6_addr,
5122 sizeof(struct in6_addr));
5123 sin6->sin6_scope_id = 0;
5124 stc.addr_type = SCTP_IPV6_ADDRESS;
5125 stc.scope_id = 0;
5126 if (sctp_is_address_on_local_host((struct sockaddr *)sin6, vrf_id)) {
5127 /*
5128 * FIX ME: does this have scope from
5129 * rcvif?
5130 */
5131 (void)sa6_recoverscope(sin6);
5132 stc.scope_id = sin6->sin6_scope_id;
5133 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
5134 stc.loopback_scope = 1;
5135 stc.local_scope = 0;
5136 stc.site_scope = 1;
5137 stc.ipv4_scope = 1;
5138 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
5139 /*
5140 * If the new destination is a
5141 * LINK_LOCAL we must have common
5142 * both site and local scope. Don't
5143 * set local scope though since we
5144 * must depend on the source to be
5145 * added implicitly. We cannot
5146 * assure just because we share one
5147 * link that all links are common.
5148 */
5149 stc.local_scope = 0;
5150 stc.site_scope = 1;
5151 stc.ipv4_scope = 1;
5152 /*
5153 * we start counting for the private
5154 * address stuff at 1. since the
5155 * link local we source from won't
5156 * show up in our scoped count.
5157 */
5158 cnt_inits_to = 1;
5159 /*
5160 * pull out the scope_id from
5161 * incoming pkt
5162 */
5163 /*
5164 * FIX ME: does this have scope from
5165 * rcvif?
5166 */
5167 (void)sa6_recoverscope(sin6);
5168 stc.scope_id = sin6->sin6_scope_id;
5169 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
5170 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
5171 /*
5172 * If the new destination is
5173 * SITE_LOCAL then we must have site
5174 * scope in common.
5175 */
5176 stc.site_scope = 1;
5177 }
5178 memcpy(&stc.laddress, &to_sin6->sin6_addr, sizeof(struct in6_addr));
5179 stc.laddr_type = SCTP_IPV6_ADDRESS;
5180 break;
5181 }
5182#endif
5183 default:
5184 /* TSNH */
5185 goto do_a_abort;
5186 break;
5187 }
5188 } else {
5189 /* set the scope per the existing tcb */
5190
5191#ifdef INET6
5192 struct sctp_nets *lnet;
5193
5194#endif
5195
5196 stc.loopback_scope = asoc->loopback_scope;
5197 stc.ipv4_scope = asoc->ipv4_local_scope;
5198 stc.site_scope = asoc->site_scope;
5199 stc.local_scope = asoc->local_scope;
5200#ifdef INET6
5201 /* Why do we not consider IPv4 LL addresses? */
5202 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
5203 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) {
5204 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) {
5205 /*
5206 * if we have a LL address, start
5207 * counting at 1.
5208 */
5209 cnt_inits_to = 1;
5210 }
5211 }
5212 }
5213#endif
5214 /* use the net pointer */
5215 to = (struct sockaddr *)&net->ro._l_addr;
5216 switch (to->sa_family) {
5217 case AF_INET:
5218 sin = (struct sockaddr_in *)to;
5219 stc.address[0] = sin->sin_addr.s_addr;
5220 stc.address[1] = 0;
5221 stc.address[2] = 0;
5222 stc.address[3] = 0;
5223 stc.addr_type = SCTP_IPV4_ADDRESS;
5224 if (net->src_addr_selected == 0) {
5225 /*
5226 * strange case here, the INIT should have
5227 * did the selection.
5228 */
5229 net->ro._s_addr = sctp_source_address_selection(inp,
5230 stcb, (sctp_route_t *) & net->ro,
5231 net, 0, vrf_id);
5232 if (net->ro._s_addr == NULL)
5233 return;
5234
5235 net->src_addr_selected = 1;
5236
5237 }
5238 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr;
5239 stc.laddress[1] = 0;
5240 stc.laddress[2] = 0;
5241 stc.laddress[3] = 0;
5242 stc.laddr_type = SCTP_IPV4_ADDRESS;
5243 break;
5244#ifdef INET6
5245 case AF_INET6:
5246 sin6 = (struct sockaddr_in6 *)to;
5247 memcpy(&stc.address, &sin6->sin6_addr,
5248 sizeof(struct in6_addr));
5249 stc.addr_type = SCTP_IPV6_ADDRESS;
5250 if (net->src_addr_selected == 0) {
5251 /*
5252 * strange case here, the INIT should have
5253 * did the selection.
5254 */
5255 net->ro._s_addr = sctp_source_address_selection(inp,
5256 stcb, (sctp_route_t *) & net->ro,
5257 net, 0, vrf_id);
5258 if (net->ro._s_addr == NULL)
5259 return;
5260
5261 net->src_addr_selected = 1;
5262 }
5263 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr,
5264 sizeof(struct in6_addr));
5265 stc.laddr_type = SCTP_IPV6_ADDRESS;
5266 break;
5267#endif
5268 }
5269 }
5270 /* Now lets put the SCTP header in place */
5271 initack = mtod(m, struct sctp_init_ack_chunk *);
5272 /* Save it off for quick ref */
5273 stc.peers_vtag = init_chk->init.initiate_tag;
5274 /* who are we */
5275 memcpy(stc.identification, SCTP_VERSION_STRING,
5276 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification)));
5277 /* now the chunk header */
5278 initack->ch.chunk_type = SCTP_INITIATION_ACK;
5279 initack->ch.chunk_flags = 0;
5280 /* fill in later from mbuf we build */
5281 initack->ch.chunk_length = 0;
5282 /* place in my tag */
5283 if ((asoc != NULL) &&
5284 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
5285 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) ||
5286 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) {
5287 /* re-use the v-tags and init-seq here */
5288 initack->init.initiate_tag = htonl(asoc->my_vtag);
5289 initack->init.initial_tsn = htonl(asoc->init_seq_number);
5290 } else {
5291 uint32_t vtag, itsn;
5292
5293 if (hold_inp_lock) {
5294 SCTP_INP_INCR_REF(inp);
5295 SCTP_INP_RUNLOCK(inp);
5296 }
5297 if (asoc) {
5298 atomic_add_int(&asoc->refcnt, 1);
5299 SCTP_TCB_UNLOCK(stcb);
5300 new_tag:
5301 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1);
5302 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) {
5303 /*
5304 * Got a duplicate vtag on some guy behind a
5305 * nat make sure we don't use it.
5306 */
5307 goto new_tag;
5308 }
5309 initack->init.initiate_tag = htonl(vtag);
5310 /* get a TSN to use too */
5311 itsn = sctp_select_initial_TSN(&inp->sctp_ep);
5312 initack->init.initial_tsn = htonl(itsn);
5313 SCTP_TCB_LOCK(stcb);
5314 atomic_add_int(&asoc->refcnt, -1);
5315 } else {
5316 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1);
5317 initack->init.initiate_tag = htonl(vtag);
5318 /* get a TSN to use too */
5319 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep));
5320 }
5321 if (hold_inp_lock) {
5322 SCTP_INP_RLOCK(inp);
5323 SCTP_INP_DECR_REF(inp);
5324 }
5325 }
5326 /* save away my tag to */
5327 stc.my_vtag = initack->init.initiate_tag;
5328
5329 /* set up some of the credits. */
5330 so = inp->sctp_socket;
5331 if (so == NULL) {
5332 /* memory problem */
5333 sctp_m_freem(m);
5334 return;
5335 } else {
5336 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND));
5337 }
5338 /* set what I want */
5339 his_limit = ntohs(init_chk->init.num_inbound_streams);
5340 /* choose what I want */
5341 if (asoc != NULL) {
5342 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) {
5343 i_want = asoc->streamoutcnt;
5344 } else {
5345 i_want = inp->sctp_ep.pre_open_stream_count;
5346 }
5347 } else {
5348 i_want = inp->sctp_ep.pre_open_stream_count;
5349 }
5350 if (his_limit < i_want) {
5351 /* I Want more :< */
5352 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams;
5353 } else {
5354 /* I can have what I want :> */
5355 initack->init.num_outbound_streams = htons(i_want);
5356 }
5357 /* tell him his limt. */
5358 initack->init.num_inbound_streams =
5359 htons(inp->sctp_ep.max_open_streams_intome);
5360
5361 /* adaptation layer indication parameter */
5362 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)initack + sizeof(*initack));
5363 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
5364 ali->ph.param_length = htons(sizeof(*ali));
5365 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator);
5366 SCTP_BUF_LEN(m) += sizeof(*ali);
5367 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali));
5368
5369 /* ECN parameter */
5370 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) {
5371 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE);
5372 ecn->ph.param_length = htons(sizeof(*ecn));
5373 SCTP_BUF_LEN(m) += sizeof(*ecn);
5374
5375 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn +
5376 sizeof(*ecn));
5377 } else {
5378 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn);
5379 }
5380 /* And now tell the peer we do pr-sctp */
5381 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED);
5382 prsctp->ph.param_length = htons(sizeof(*prsctp));
5383 SCTP_BUF_LEN(m) += sizeof(*prsctp);
5384 if (nat_friendly) {
5385 /* Add NAT friendly parameter */
5386 struct sctp_paramhdr *ph;
5387
5388 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5389 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
5390 ph->param_length = htons(sizeof(struct sctp_paramhdr));
5391 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr);
5392 }
5393 /* And now tell the peer we do all the extensions */
5394 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5395 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
5396 num_ext = 0;
5397 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
5398 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
5399 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
5400 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
5401 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
5402 if (!SCTP_BASE_SYSCTL(sctp_auth_disable))
5403 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
5404 /*
5405 * EY if the sysctl variable is set, tell the assoc. initiator that
5406 * we do nr_sack
5407 */
5408 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off))
5409 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
5410 p_len = sizeof(*pr_supported) + num_ext;
5411 pr_supported->ph.param_length = htons(p_len);
5412 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len);
5413 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5414
5415 /* ECN nonce: And now tell the peer we support ECN nonce */
5416 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) {
5417 ecn_nonce = (struct sctp_ecn_nonce_supported_param *)
5418 ((caddr_t)pr_supported + SCTP_SIZE32(p_len));
5419 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED);
5420 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce));
5421 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce);
5422 }
5423 /* add authentication parameters */
5424 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) {
5425 struct sctp_auth_random *randp;
5426 struct sctp_auth_hmac_algo *hmacs;
5427 struct sctp_auth_chunk_list *chunks;
5428 uint16_t random_len;
5429
5430 /* generate and add RANDOM parameter */
5431 random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT;
5432 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5433 randp->ph.param_type = htons(SCTP_RANDOM);
5434 p_len = sizeof(*randp) + random_len;
5435 randp->ph.param_length = htons(p_len);
5436 SCTP_READ_RANDOM(randp->random_data, random_len);
5437 /* zero out any padding required */
5438 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
5439 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5440
5441 /* add HMAC_ALGO parameter */
5442 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5443 p_len = sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs,
5444 (uint8_t *) hmacs->hmac_ids);
5445 if (p_len > 0) {
5446 p_len += sizeof(*hmacs);
5447 hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
5448 hmacs->ph.param_length = htons(p_len);
5449 /* zero out any padding required */
5450 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len);
5451 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5452 }
5453 /* add CHUNKS parameter */
5454 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5455 p_len = sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks,
5456 chunks->chunk_types);
5457 if (p_len > 0) {
5458 p_len += sizeof(*chunks);
5459 chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
5460 chunks->ph.param_length = htons(p_len);
5461 /* zero out any padding required */
5462 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len);
5463 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5464 }
5465 }
5466 m_at = m;
5467 /* now the addresses */
5468 {
5469 struct sctp_scoping scp;
5470
5471 /*
5472 * To optimize this we could put the scoping stuff into a
5473 * structure and remove the individual uint8's from the stc
5474 * structure. Then we could just sifa in the address within
5475 * the stc.. but for now this is a quick hack to get the
5476 * address stuff teased apart.
5477 */
5478 scp.ipv4_addr_legal = stc.ipv4_addr_legal;
5479 scp.ipv6_addr_legal = stc.ipv6_addr_legal;
5480 scp.loopback_scope = stc.loopback_scope;
5481 scp.ipv4_local_scope = stc.ipv4_scope;
5482 scp.local_scope = stc.local_scope;
5483 scp.site_scope = stc.site_scope;
5484 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to);
5485 }
5486
5487 /* tack on the operational error if present */
5488 if (op_err) {
5489 struct mbuf *ol;
5490 int llen;
5491
5492 llen = 0;
5493 ol = op_err;
5494 while (ol) {
5495 llen += SCTP_BUF_LEN(ol);
5496 ol = SCTP_BUF_NEXT(ol);
5497 }
5498 if (llen % 4) {
5499 /* must add a pad to the param */
5500 uint32_t cpthis = 0;
5501 int padlen;
5502
5503 padlen = 4 - (llen % 4);
5504 m_copyback(op_err, llen, padlen, (caddr_t)&cpthis);
5505 }
5506 while (SCTP_BUF_NEXT(m_at) != NULL) {
5507 m_at = SCTP_BUF_NEXT(m_at);
5508 }
5509 SCTP_BUF_NEXT(m_at) = op_err;
5510 while (SCTP_BUF_NEXT(m_at) != NULL) {
5511 m_at = SCTP_BUF_NEXT(m_at);
5512 }
5513 }
5514 /* pre-calulate the size and update pkt header and chunk header */
5515 p_len = 0;
5516 for (m_tmp = m; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) {
5517 p_len += SCTP_BUF_LEN(m_tmp);
5518 if (SCTP_BUF_NEXT(m_tmp) == NULL) {
5519 /* m_tmp should now point to last one */
5520 break;
5521 }
5522 }
5523
5524 /* Now we must build a cookie */
5525 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 0, &stc, &signature);
5526 if (m_cookie == NULL) {
5527 /* memory problem */
5528 sctp_m_freem(m);
5529 return;
5530 }
5531 /* Now append the cookie to the end and update the space/size */
5532 SCTP_BUF_NEXT(m_tmp) = m_cookie;
5533
5534 for (m_tmp = m_cookie; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) {
5535 p_len += SCTP_BUF_LEN(m_tmp);
5536 if (SCTP_BUF_NEXT(m_tmp) == NULL) {
5537 /* m_tmp should now point to last one */
5538 mp_last = m_tmp;
5539 break;
5540 }
5541 }
5542 /*
5543 * Place in the size, but we don't include the last pad (if any) in
5544 * the INIT-ACK.
5545 */
5546 initack->ch.chunk_length = htons(p_len);
5547
5548 /*
5549 * Time to sign the cookie, we don't sign over the cookie signature
5550 * though thus we set trailer.
5551 */
5552 (void)sctp_hmac_m(SCTP_HMAC,
5553 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)],
5554 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr),
5555 (uint8_t *) signature, SCTP_SIGNATURE_SIZE);
5556 /*
5557 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return
5558 * here since the timer will drive a retranmission.
5559 */
5560 padval = p_len % 4;
5561 if ((padval) && (mp_last)) {
5562 /* see my previous comments on mp_last */
5563 int ret;
5564
5565 ret = sctp_add_pad_tombuf(mp_last, (4 - padval));
5566 if (ret) {
5567 /* Houston we have a problem, no space */
5568 sctp_m_freem(m);
5569 return;
5570 }
5571 p_len += padval;
5572 }
5573 if (stc.loopback_scope) {
5574 over_addr = &store1;
5575 } else {
5576 over_addr = NULL;
5577 }
5578
5579 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0,
5580 0, NULL, 0,
5581 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag,
5582 port, SCTP_SO_NOT_LOCKED, over_addr);
5583 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
5584}
5585
5586
5587void
5588sctp_insert_on_wheel(struct sctp_tcb *stcb,
5589 struct sctp_association *asoc,
5590 struct sctp_stream_out *strq, int holds_lock)
5591{
5592 if (holds_lock == 0) {
5593 SCTP_TCB_SEND_LOCK(stcb);
5594 }
5595 if ((strq->next_spoke.tqe_next == NULL) &&
5596 (strq->next_spoke.tqe_prev == NULL)) {
5597 TAILQ_INSERT_TAIL(&asoc->out_wheel, strq, next_spoke);
5598 }
5599 if (holds_lock == 0) {
5600 SCTP_TCB_SEND_UNLOCK(stcb);
5601 }
5602}
5603
5604void
5605sctp_remove_from_wheel(struct sctp_tcb *stcb,
5606 struct sctp_association *asoc,
5607 struct sctp_stream_out *strq,
5608 int holds_lock)
5609{
5610 /* take off and then setup so we know it is not on the wheel */
5611 if (holds_lock == 0) {
5612 SCTP_TCB_SEND_LOCK(stcb);
5613 }
5614 if (TAILQ_EMPTY(&strq->outqueue)) {
5615 if (asoc->last_out_stream == strq) {
5616 asoc->last_out_stream = TAILQ_PREV(asoc->last_out_stream, sctpwheel_listhead, next_spoke);
5617 if (asoc->last_out_stream == NULL) {
5618 asoc->last_out_stream = TAILQ_LAST(&asoc->out_wheel, sctpwheel_listhead);
5619 }
5620 if (asoc->last_out_stream == strq) {
5621 asoc->last_out_stream = NULL;
5622 }
5623 }
5624 TAILQ_REMOVE(&asoc->out_wheel, strq, next_spoke);
5625 strq->next_spoke.tqe_next = NULL;
5626 strq->next_spoke.tqe_prev = NULL;
5627 }
5628 if (holds_lock == 0) {
5629 SCTP_TCB_SEND_UNLOCK(stcb);
5630 }
5631}
5632
5633static void
5634sctp_prune_prsctp(struct sctp_tcb *stcb,
5635 struct sctp_association *asoc,
5636 struct sctp_sndrcvinfo *srcv,
5637 int dataout)
5638{
5639 int freed_spc = 0;
5640 struct sctp_tmit_chunk *chk, *nchk;
5641
5642 SCTP_TCB_LOCK_ASSERT(stcb);
5643 if ((asoc->peer_supports_prsctp) &&
5644 (asoc->sent_queue_cnt_removeable > 0)) {
5645 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
5646 /*
5647 * Look for chunks marked with the PR_SCTP flag AND
5648 * the buffer space flag. If the one being sent is
5649 * equal or greater priority then purge the old one
5650 * and free some space.
5651 */
5652 if (PR_SCTP_BUF_ENABLED(chk->flags)) {
5653 /*
5654 * This one is PR-SCTP AND buffer space
5655 * limited type
5656 */
5657 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) {
5658 /*
5659 * Lower numbers equates to higher
5660 * priority so if the one we are
5661 * looking at has a larger or equal
5662 * priority we want to drop the data
5663 * and NOT retransmit it.
5664 */
5665 if (chk->data) {
5666 /*
5667 * We release the book_size
5668 * if the mbuf is here
5669 */
5670 int ret_spc;
5671 int cause;
5672
5673 if (chk->sent > SCTP_DATAGRAM_UNSENT)
5674 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT;
5675 else
5676 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT;
5677 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk,
5678 cause,
5679 SCTP_SO_LOCKED);
5680 freed_spc += ret_spc;
5681 if (freed_spc >= dataout) {
5682 return;
5683 }
5684 } /* if chunk was present */
5685 } /* if of sufficent priority */
5686 } /* if chunk has enabled */
5687 } /* tailqforeach */
5688
5689 chk = TAILQ_FIRST(&asoc->send_queue);
5690 while (chk) {
5691 nchk = TAILQ_NEXT(chk, sctp_next);
5692 /* Here we must move to the sent queue and mark */
5693 if (PR_SCTP_TTL_ENABLED(chk->flags)) {
5694 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) {
5695 if (chk->data) {
5696 /*
5697 * We release the book_size
5698 * if the mbuf is here
5699 */
5700 int ret_spc;
5701
5702 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk,
5703 SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT,
5704 SCTP_SO_LOCKED);
5705
5706 freed_spc += ret_spc;
5707 if (freed_spc >= dataout) {
5708 return;
5709 }
5710 } /* end if chk->data */
5711 } /* end if right class */
5712 } /* end if chk pr-sctp */
5713 chk = nchk;
5714 } /* end while (chk) */
5715 } /* if enabled in asoc */
5716}
5717
5718int
5719sctp_get_frag_point(struct sctp_tcb *stcb,
5720 struct sctp_association *asoc)
5721{
5722 int siz, ovh;
5723
5724 /*
5725 * For endpoints that have both v6 and v4 addresses we must reserve
5726 * room for the ipv6 header, for those that are only dealing with V4
5727 * we use a larger frag point.
5728 */
5729 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
5730 ovh = SCTP_MED_OVERHEAD;
5731 } else {
5732 ovh = SCTP_MED_V4_OVERHEAD;
5733 }
5734
5735 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu)
5736 siz = asoc->smallest_mtu - ovh;
5737 else
5738 siz = (stcb->asoc.sctp_frag_point - ovh);
5739 /*
5740 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) {
5741 */
5742 /* A data chunk MUST fit in a cluster */
5743 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */
5744 /* } */
5745
5746 /* adjust for an AUTH chunk if DATA requires auth */
5747 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks))
5748 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
5749
5750 if (siz % 4) {
5751 /* make it an even word boundary please */
5752 siz -= (siz % 4);
5753 }
5754 return (siz);
5755}
5756
5757static void
5758sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp)
5759{
5760 sp->pr_sctp_on = 0;
5761 /*
5762 * We assume that the user wants PR_SCTP_TTL if the user provides a
5763 * positive lifetime but does not specify any PR_SCTP policy. This
5764 * is a BAD assumption and causes problems at least with the
5765 * U-Vancovers MPI folks. I will change this to be no policy means
5766 * NO PR-SCTP.
5767 */
5768 if (PR_SCTP_ENABLED(sp->sinfo_flags)) {
5769 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags);
5770 sp->pr_sctp_on = 1;
5771 } else {
5772 return;
5773 }
5774 switch (PR_SCTP_POLICY(sp->sinfo_flags)) {
5775 case CHUNK_FLAGS_PR_SCTP_BUF:
5776 /*
5777 * Time to live is a priority stored in tv_sec when doing
5778 * the buffer drop thing.
5779 */
5780 sp->ts.tv_sec = sp->timetolive;
5781 sp->ts.tv_usec = 0;
5782 break;
5783 case CHUNK_FLAGS_PR_SCTP_TTL:
5784 {
5785 struct timeval tv;
5786
5787 (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
5788 tv.tv_sec = sp->timetolive / 1000;
5789 tv.tv_usec = (sp->timetolive * 1000) % 1000000;
5790 /*
5791 * TODO sctp_constants.h needs alternative time
5792 * macros when _KERNEL is undefined.
5793 */
5794 timevaladd(&sp->ts, &tv);
5795 }
5796 break;
5797 case CHUNK_FLAGS_PR_SCTP_RTX:
5798 /*
5799 * Time to live is a the number or retransmissions stored in
5800 * tv_sec.
5801 */
5802 sp->ts.tv_sec = sp->timetolive;
5803 sp->ts.tv_usec = 0;
5804 break;
5805 default:
5806 SCTPDBG(SCTP_DEBUG_USRREQ1,
5807 "Unknown PR_SCTP policy %u.\n",
5808 PR_SCTP_POLICY(sp->sinfo_flags));
5809 break;
5810 }
5811}
5812
5813static int
5814sctp_msg_append(struct sctp_tcb *stcb,
5815 struct sctp_nets *net,
5816 struct mbuf *m,
5817 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock)
5818{
5819 int error = 0, holds_lock;
5820 struct mbuf *at;
5821 struct sctp_stream_queue_pending *sp = NULL;
5822 struct sctp_stream_out *strm;
5823
5824 /*
5825 * Given an mbuf chain, put it into the association send queue and
5826 * place it on the wheel
5827 */
5828 holds_lock = hold_stcb_lock;
5829 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) {
5830 /* Invalid stream number */
5831 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
5832 error = EINVAL;
5833 goto out_now;
5834 }
5835 if ((stcb->asoc.stream_locked) &&
5836 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) {
5837 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
5838 error = EINVAL;
5839 goto out_now;
5840 }
5841 strm = &stcb->asoc.strmout[srcv->sinfo_stream];
5842 /* Now can we send this? */
5843 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) ||
5844 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
5845 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
5846 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) {
5847 /* got data while shutting down */
5848 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
5849 error = ECONNRESET;
5850 goto out_now;
5851 }
5852 sctp_alloc_a_strmoq(stcb, sp);
5853 if (sp == NULL) {
5854 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
5855 error = ENOMEM;
5856 goto out_now;
5857 }
5858 sp->sinfo_flags = srcv->sinfo_flags;
5859 sp->timetolive = srcv->sinfo_timetolive;
5860 sp->ppid = srcv->sinfo_ppid;
5861 sp->context = srcv->sinfo_context;
5862 sp->strseq = 0;
5863 if (sp->sinfo_flags & SCTP_ADDR_OVER) {
5864 sp->net = net;
5865 } else {
5866 sp->net = stcb->asoc.primary_destination;
5867 }
5868 atomic_add_int(&sp->net->ref_count, 1);
5869 (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
5870 sp->stream = srcv->sinfo_stream;
5871 sp->msg_is_complete = 1;
5872 sp->sender_all_done = 1;
5873 sp->some_taken = 0;
5874 sp->data = m;
5875 sp->tail_mbuf = NULL;
5876 sp->length = 0;
5877 at = m;
5878 sctp_set_prsctp_policy(sp);
5879 /*
5880 * We could in theory (for sendall) sifa the length in, but we would
5881 * still have to hunt through the chain since we need to setup the
5882 * tail_mbuf
5883 */
5884 while (at) {
5885 if (SCTP_BUF_NEXT(at) == NULL)
5886 sp->tail_mbuf = at;
5887 sp->length += SCTP_BUF_LEN(at);
5888 at = SCTP_BUF_NEXT(at);
5889 }
5890 SCTP_TCB_SEND_LOCK(stcb);
5891 sctp_snd_sb_alloc(stcb, sp->length);
5892 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1);
5893 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
5894 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) {
5895 sp->strseq = strm->next_sequence_sent;
5896 strm->next_sequence_sent++;
5897 }
5898 if ((strm->next_spoke.tqe_next == NULL) &&
5899 (strm->next_spoke.tqe_prev == NULL)) {
5900 /* Not on wheel, insert */
5901 sctp_insert_on_wheel(stcb, &stcb->asoc, strm, 1);
5902 }
5903 m = NULL;
5904 SCTP_TCB_SEND_UNLOCK(stcb);
5905out_now:
5906 if (m) {
5907 sctp_m_freem(m);
5908 }
5909 return (error);
5910}
5911
5912
5913static struct mbuf *
5914sctp_copy_mbufchain(struct mbuf *clonechain,
5915 struct mbuf *outchain,
5916 struct mbuf **endofchain,
5917 int can_take_mbuf,
5918 int sizeofcpy,
5919 uint8_t copy_by_ref)
5920{
5921 struct mbuf *m;
5922 struct mbuf *appendchain;
5923 caddr_t cp;
5924 int len;
5925
5926 if (endofchain == NULL) {
5927 /* error */
5928error_out:
5929 if (outchain)
5930 sctp_m_freem(outchain);
5931 return (NULL);
5932 }
5933 if (can_take_mbuf) {
5934 appendchain = clonechain;
5935 } else {
5936 if (!copy_by_ref &&
5937 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN)))
5938 ) {
5939 /* Its not in a cluster */
5940 if (*endofchain == NULL) {
5941 /* lets get a mbuf cluster */
5942 if (outchain == NULL) {
5943 /* This is the general case */
5944 new_mbuf:
5945 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER);
5946 if (outchain == NULL) {
5947 goto error_out;
5948 }
5949 SCTP_BUF_LEN(outchain) = 0;
5950 *endofchain = outchain;
5951 /* get the prepend space */
5952 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4));
5953 } else {
5954 /*
5955 * We really should not get a NULL
5956 * in endofchain
5957 */
5958 /* find end */
5959 m = outchain;
5960 while (m) {
5961 if (SCTP_BUF_NEXT(m) == NULL) {
5962 *endofchain = m;
5963 break;
5964 }
5965 m = SCTP_BUF_NEXT(m);
5966 }
5967 /* sanity */
5968 if (*endofchain == NULL) {
5969 /*
5970 * huh, TSNH XXX maybe we
5971 * should panic
5972 */
5973 sctp_m_freem(outchain);
5974 goto new_mbuf;
5975 }
5976 }
5977 /* get the new end of length */
5978 len = M_TRAILINGSPACE(*endofchain);
5979 } else {
5980 /* how much is left at the end? */
5981 len = M_TRAILINGSPACE(*endofchain);
5982 }
5983 /* Find the end of the data, for appending */
5984 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain)));
5985
5986 /* Now lets copy it out */
5987 if (len >= sizeofcpy) {
5988 /* It all fits, copy it in */
5989 m_copydata(clonechain, 0, sizeofcpy, cp);
5990 SCTP_BUF_LEN((*endofchain)) += sizeofcpy;
5991 } else {
5992 /* fill up the end of the chain */
5993 if (len > 0) {
5994 m_copydata(clonechain, 0, len, cp);
5995 SCTP_BUF_LEN((*endofchain)) += len;
5996 /* now we need another one */
5997 sizeofcpy -= len;
5998 }
5999 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER);
6000 if (m == NULL) {
6001 /* We failed */
6002 goto error_out;
6003 }
6004 SCTP_BUF_NEXT((*endofchain)) = m;
6005 *endofchain = m;
6006 cp = mtod((*endofchain), caddr_t);
6007 m_copydata(clonechain, len, sizeofcpy, cp);
6008 SCTP_BUF_LEN((*endofchain)) += sizeofcpy;
6009 }
6010 return (outchain);
6011 } else {
6012 /* copy the old fashion way */
6013 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_DONTWAIT);
6014#ifdef SCTP_MBUF_LOGGING
6015 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
6016 struct mbuf *mat;
6017
6018 mat = appendchain;
6019 while (mat) {
6020 if (SCTP_BUF_IS_EXTENDED(mat)) {
6021 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
6022 }
6023 mat = SCTP_BUF_NEXT(mat);
6024 }
6025 }
6026#endif
6027 }
6028 }
6029 if (appendchain == NULL) {
6030 /* error */
6031 if (outchain)
6032 sctp_m_freem(outchain);
6033 return (NULL);
6034 }
6035 if (outchain) {
6036 /* tack on to the end */
6037 if (*endofchain != NULL) {
6038 SCTP_BUF_NEXT(((*endofchain))) = appendchain;
6039 } else {
6040 m = outchain;
6041 while (m) {
6042 if (SCTP_BUF_NEXT(m) == NULL) {
6043 SCTP_BUF_NEXT(m) = appendchain;
6044 break;
6045 }
6046 m = SCTP_BUF_NEXT(m);
6047 }
6048 }
6049 /*
6050 * save off the end and update the end-chain postion
6051 */
6052 m = appendchain;
6053 while (m) {
6054 if (SCTP_BUF_NEXT(m) == NULL) {
6055 *endofchain = m;
6056 break;
6057 }
6058 m = SCTP_BUF_NEXT(m);
6059 }
6060 return (outchain);
6061 } else {
6062 /* save off the end and update the end-chain postion */
6063 m = appendchain;
6064 while (m) {
6065 if (SCTP_BUF_NEXT(m) == NULL) {
6066 *endofchain = m;
6067 break;
6068 }
6069 m = SCTP_BUF_NEXT(m);
6070 }
6071 return (appendchain);
6072 }
6073}
6074
6075int
6076sctp_med_chunk_output(struct sctp_inpcb *inp,
6077 struct sctp_tcb *stcb,
6078 struct sctp_association *asoc,
6079 int *num_out,
6080 int *reason_code,
6081 int control_only, int from_where,
6082 struct timeval *now, int *now_filled, int frag_point, int so_locked
6083#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
6084 SCTP_UNUSED
6085#endif
6086);
6087
6088static void
6089sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr,
6090 uint32_t val)
6091{
6092 struct sctp_copy_all *ca;
6093 struct mbuf *m;
6094 int ret = 0;
6095 int added_control = 0;
6096 int un_sent, do_chunk_output = 1;
6097 struct sctp_association *asoc;
6098
6099 ca = (struct sctp_copy_all *)ptr;
6100 if (ca->m == NULL) {
6101 return;
6102 }
6103 if (ca->inp != inp) {
6104 /* TSNH */
6105 return;
6106 }
6107 if ((ca->m) && ca->sndlen) {
6108 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_DONTWAIT);
6109 if (m == NULL) {
6110 /* can't copy so we are done */
6111 ca->cnt_failed++;
6112 return;
6113 }
6114#ifdef SCTP_MBUF_LOGGING
6115 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
6116 struct mbuf *mat;
6117
6118 mat = m;
6119 while (mat) {
6120 if (SCTP_BUF_IS_EXTENDED(mat)) {
6121 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
6122 }
6123 mat = SCTP_BUF_NEXT(mat);
6124 }
6125 }
6126#endif
6127 } else {
6128 m = NULL;
6129 }
6130 SCTP_TCB_LOCK_ASSERT(stcb);
6131 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) {
6132 /* Abort this assoc with m as the user defined reason */
6133 if (m) {
6134 struct sctp_paramhdr *ph;
6135
6136 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT);
6137 if (m) {
6138 ph = mtod(m, struct sctp_paramhdr *);
6139 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
6140 ph->param_length = htons(ca->sndlen);
6141 }
6142 /*
6143 * We add one here to keep the assoc from
6144 * dis-appearing on us.
6145 */
6146 atomic_add_int(&stcb->asoc.refcnt, 1);
6147 sctp_abort_an_association(inp, stcb,
6148 SCTP_RESPONSE_TO_USER_REQ,
6149 m, SCTP_SO_NOT_LOCKED);
6150 /*
6151 * sctp_abort_an_association calls sctp_free_asoc()
6152 * free association will NOT free it since we
6153 * incremented the refcnt .. we do this to prevent
6154 * it being freed and things getting tricky since we
6155 * could end up (from free_asoc) calling inpcb_free
6156 * which would get a recursive lock call to the
6157 * iterator lock.. But as a consequence of that the
6158 * stcb will return to us un-locked.. since
6159 * free_asoc returns with either no TCB or the TCB
6160 * unlocked, we must relock.. to unlock in the
6161 * iterator timer :-0
6162 */
6163 SCTP_TCB_LOCK(stcb);
6164 atomic_add_int(&stcb->asoc.refcnt, -1);
6165 goto no_chunk_output;
6166 }
6167 } else {
6168 if (m) {
6169 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m,
6170 &ca->sndrcv, 1);
6171 }
6172 asoc = &stcb->asoc;
6173 if (ca->sndrcv.sinfo_flags & SCTP_EOF) {
6174 /* shutdown this assoc */
6175 int cnt;
6176
6177 cnt = sctp_is_there_unsent_data(stcb);
6178
6179 if (TAILQ_EMPTY(&asoc->send_queue) &&
6180 TAILQ_EMPTY(&asoc->sent_queue) &&
6181 (cnt == 0)) {
6182 if (asoc->locked_on_sending) {
6183 goto abort_anyway;
6184 }
6185 /*
6186 * there is nothing queued to send, so I'm
6187 * done...
6188 */
6189 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
6190 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
6191 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
6192 /*
6193 * only send SHUTDOWN the first time
6194 * through
6195 */
6196 sctp_send_shutdown(stcb, stcb->asoc.primary_destination);
6197 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
6198 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
6199 }
6200 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
6201 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
6202 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
6203 asoc->primary_destination);
6204 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
6205 asoc->primary_destination);
6206 added_control = 1;
6207 do_chunk_output = 0;
6208 }
6209 } else {
6210 /*
6211 * we still got (or just got) data to send,
6212 * so set SHUTDOWN_PENDING
6213 */
6214 /*
6215 * XXX sockets draft says that SCTP_EOF
6216 * should be sent with no data. currently,
6217 * we will allow user data to be sent first
6218 * and move to SHUTDOWN-PENDING
6219 */
6220 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
6221 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
6222 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
6223 if (asoc->locked_on_sending) {
6224 /*
6225 * Locked to send out the
6226 * data
6227 */
6228 struct sctp_stream_queue_pending *sp;
6229
6230 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead);
6231 if (sp) {
6232 if ((sp->length == 0) && (sp->msg_is_complete == 0))
6233 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
6234 }
6235 }
6236 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING;
6237 if (TAILQ_EMPTY(&asoc->send_queue) &&
6238 TAILQ_EMPTY(&asoc->sent_queue) &&
6239 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
6240 abort_anyway:
6241 atomic_add_int(&stcb->asoc.refcnt, 1);
6242 sctp_abort_an_association(stcb->sctp_ep, stcb,
6243 SCTP_RESPONSE_TO_USER_REQ,
6244 NULL, SCTP_SO_NOT_LOCKED);
6245 atomic_add_int(&stcb->asoc.refcnt, -1);
6246 goto no_chunk_output;
6247 }
6248 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
6249 asoc->primary_destination);
6250 }
6251 }
6252
6253 }
6254 }
6255 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
6256 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
6257
6258 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
6259 (stcb->asoc.total_flight > 0) &&
6260 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))
6261 ) {
6262 do_chunk_output = 0;
6263 }
6264 if (do_chunk_output)
6265 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED);
6266 else if (added_control) {
6267 int num_out = 0, reason = 0, now_filled = 0;
6268 struct timeval now;
6269 int frag_point;
6270
6271 frag_point = sctp_get_frag_point(stcb, &stcb->asoc);
6272 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out,
6273 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED);
6274 }
6275no_chunk_output:
6276 if (ret) {
6277 ca->cnt_failed++;
6278 } else {
6279 ca->cnt_sent++;
6280 }
6281}
6282
6283static void
6284sctp_sendall_completes(void *ptr, uint32_t val)
6285{
6286 struct sctp_copy_all *ca;
6287
6288 ca = (struct sctp_copy_all *)ptr;
6289 /*
6290 * Do a notify here? Kacheong suggests that the notify be done at
6291 * the send time.. so you would push up a notification if any send
6292 * failed. Don't know if this is feasable since the only failures we
6293 * have is "memory" related and if you cannot get an mbuf to send
6294 * the data you surely can't get an mbuf to send up to notify the
6295 * user you can't send the data :->
6296 */
6297
6298 /* now free everything */
6299 sctp_m_freem(ca->m);
6300 SCTP_FREE(ca, SCTP_M_COPYAL);
6301}
6302
6303
6304#define MC_ALIGN(m, len) do { \
6305 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \
6306} while (0)
6307
6308
6309
6310static struct mbuf *
6311sctp_copy_out_all(struct uio *uio, int len)
6312{
6313 struct mbuf *ret, *at;
6314 int left, willcpy, cancpy, error;
6315
6316 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAIT, 1, MT_DATA);
6317 if (ret == NULL) {
6318 /* TSNH */
6319 return (NULL);
6320 }
6321 left = len;
6322 SCTP_BUF_LEN(ret) = 0;
6323 /* save space for the data chunk header */
6324 cancpy = M_TRAILINGSPACE(ret);
6325 willcpy = min(cancpy, left);
6326 at = ret;
6327 while (left > 0) {
6328 /* Align data to the end */
6329 error = uiomove(mtod(at, caddr_t), willcpy, uio);
6330 if (error) {
6331 err_out_now:
6332 sctp_m_freem(at);
6333 return (NULL);
6334 }
6335 SCTP_BUF_LEN(at) = willcpy;
6336 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0;
6337 left -= willcpy;
6338 if (left > 0) {
6339 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 1, MT_DATA);
6340 if (SCTP_BUF_NEXT(at) == NULL) {
6341 goto err_out_now;
6342 }
6343 at = SCTP_BUF_NEXT(at);
6344 SCTP_BUF_LEN(at) = 0;
6345 cancpy = M_TRAILINGSPACE(at);
6346 willcpy = min(cancpy, left);
6347 }
6348 }
6349 return (ret);
6350}
6351
6352static int
6353sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
6354 struct sctp_sndrcvinfo *srcv)
6355{
6356 int ret;
6357 struct sctp_copy_all *ca;
6358
6359 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all),
6360 SCTP_M_COPYAL);
6361 if (ca == NULL) {
6362 sctp_m_freem(m);
6363 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
6364 return (ENOMEM);
6365 }
6366 memset(ca, 0, sizeof(struct sctp_copy_all));
6367
6368 ca->inp = inp;
6369 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo));
6370 /*
6371 * take off the sendall flag, it would be bad if we failed to do
6372 * this :-0
6373 */
6374 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL;
6375 /* get length and mbuf chain */
6376 if (uio) {
6377 ca->sndlen = uio->uio_resid;
6378 ca->m = sctp_copy_out_all(uio, ca->sndlen);
6379 if (ca->m == NULL) {
6380 SCTP_FREE(ca, SCTP_M_COPYAL);
6381 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
6382 return (ENOMEM);
6383 }
6384 } else {
6385 /* Gather the length of the send */
6386 struct mbuf *mat;
6387
6388 mat = m;
6389 ca->sndlen = 0;
6390 while (m) {
6391 ca->sndlen += SCTP_BUF_LEN(m);
6392 m = SCTP_BUF_NEXT(m);
6393 }
6394 ca->m = mat;
6395 }
6396 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL,
6397 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES,
6398 SCTP_ASOC_ANY_STATE,
6399 (void *)ca, 0,
6400 sctp_sendall_completes, inp, 1);
6401 if (ret) {
6402 SCTP_PRINTF("Failed to initiate iterator for sendall\n");
6403 SCTP_FREE(ca, SCTP_M_COPYAL);
6404 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT);
6405 return (EFAULT);
6406 }
6407 return (0);
6408}
6409
6410
6411void
6412sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc)
6413{
6414 struct sctp_tmit_chunk *chk, *nchk;
6415
6416 chk = TAILQ_FIRST(&asoc->control_send_queue);
6417 while (chk) {
6418 nchk = TAILQ_NEXT(chk, sctp_next);
6419 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
6420 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
6421 if (chk->data) {
6422 sctp_m_freem(chk->data);
6423 chk->data = NULL;
6424 }
6425 asoc->ctrl_queue_cnt--;
6426 sctp_free_a_chunk(stcb, chk);
6427 }
6428 chk = nchk;
6429 }
6430}
6431
6432void
6433sctp_toss_old_asconf(struct sctp_tcb *stcb)
6434{
6435 struct sctp_association *asoc;
6436 struct sctp_tmit_chunk *chk, *chk_tmp;
6437 struct sctp_asconf_chunk *acp;
6438
6439 asoc = &stcb->asoc;
6440 for (chk = TAILQ_FIRST(&asoc->asconf_send_queue); chk != NULL;
6441 chk = chk_tmp) {
6442 /* get next chk */
6443 chk_tmp = TAILQ_NEXT(chk, sctp_next);
6444 /* find SCTP_ASCONF chunk in queue */
6445 if (chk->rec.chunk_id.id == SCTP_ASCONF) {
6446 if (chk->data) {
6447 acp = mtod(chk->data, struct sctp_asconf_chunk *);
6448 if (compare_with_wrap(ntohl(acp->serial_number), stcb->asoc.asconf_seq_out_acked, MAX_SEQ)) {
6449 /* Not Acked yet */
6450 break;
6451 }
6452 }
6453 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
6454 if (chk->data) {
6455 sctp_m_freem(chk->data);
6456 chk->data = NULL;
6457 }
6458 asoc->ctrl_queue_cnt--;
6459 sctp_free_a_chunk(stcb, chk);
6460 }
6461 }
6462}
6463
6464
6465static void
6466sctp_clean_up_datalist(struct sctp_tcb *stcb,
6467
6468 struct sctp_association *asoc,
6469 struct sctp_tmit_chunk **data_list,
6470 int bundle_at,
6471 struct sctp_nets *net)
6472{
6473 int i;
6474 struct sctp_tmit_chunk *tp1;
6475
6476 for (i = 0; i < bundle_at; i++) {
6477 /* off of the send queue */
6478 if (i) {
6479 /*
6480 * Any chunk NOT 0 you zap the time chunk 0 gets
6481 * zapped or set based on if a RTO measurment is
6482 * needed.
6483 */
6484 data_list[i]->do_rtt = 0;
6485 }
6486 /* record time */
6487 data_list[i]->sent_rcv_time = net->last_sent_time;
6488 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq;
6489 TAILQ_REMOVE(&asoc->send_queue,
6490 data_list[i],
6491 sctp_next);
6492 /* on to the sent queue */
6493 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead);
6494 if ((tp1) && (compare_with_wrap(tp1->rec.data.TSN_seq,
6495 data_list[i]->rec.data.TSN_seq, MAX_TSN))) {
6496 struct sctp_tmit_chunk *tpp;
6497
6498 /* need to move back */
6499 back_up_more:
6500 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next);
6501 if (tpp == NULL) {
6502 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next);
6503 goto all_done;
6504 }
6505 tp1 = tpp;
6506 if (compare_with_wrap(tp1->rec.data.TSN_seq,
6507 data_list[i]->rec.data.TSN_seq, MAX_TSN)) {
6508 goto back_up_more;
6509 }
6510 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next);
6511 } else {
6512 TAILQ_INSERT_TAIL(&asoc->sent_queue,
6513 data_list[i],
6514 sctp_next);
6515 }
6516all_done:
6517 /* This does not lower until the cum-ack passes it */
6518 asoc->sent_queue_cnt++;
6519 asoc->send_queue_cnt--;
6520 if ((asoc->peers_rwnd <= 0) &&
6521 (asoc->total_flight == 0) &&
6522 (bundle_at == 1)) {
6523 /* Mark the chunk as being a window probe */
6524 SCTP_STAT_INCR(sctps_windowprobed);
6525 }
6526#ifdef SCTP_AUDITING_ENABLED
6527 sctp_audit_log(0xC2, 3);
6528#endif
6529 data_list[i]->sent = SCTP_DATAGRAM_SENT;
6530 data_list[i]->snd_count = 1;
6531 data_list[i]->rec.data.chunk_was_revoked = 0;
6532 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
6533 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
6534 data_list[i]->whoTo->flight_size,
6535 data_list[i]->book_size,
6536 (uintptr_t) data_list[i]->whoTo,
6537 data_list[i]->rec.data.TSN_seq);
6538 }
6539 sctp_flight_size_increase(data_list[i]);
6540 sctp_total_flight_increase(stcb, data_list[i]);
6541 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
6542 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND,
6543 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
6544 }
6545 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd,
6546 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)));
6547 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
6548 /* SWS sender side engages */
6549 asoc->peers_rwnd = 0;
6550 }
6551 }
6552}
6553
6554static void
6555sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc)
6556{
6557 struct sctp_tmit_chunk *chk, *nchk;
6558
6559 for (chk = TAILQ_FIRST(&asoc->control_send_queue);
6560 chk; chk = nchk) {
6561 nchk = TAILQ_NEXT(chk, sctp_next);
6562 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) ||
6563 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */
6564 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) ||
6565 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) ||
6566 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) ||
6567 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) ||
6568 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) ||
6569 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) ||
6570 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) ||
6571 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) ||
6572 (chk->rec.chunk_id.id == SCTP_ECN_CWR) ||
6573 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) {
6574 /* Stray chunks must be cleaned up */
6575 clean_up_anyway:
6576 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
6577 if (chk->data) {
6578 sctp_m_freem(chk->data);
6579 chk->data = NULL;
6580 }
6581 asoc->ctrl_queue_cnt--;
| 35
36#include <netinet/sctp_os.h>
37#include <sys/proc.h>
38#include <netinet/sctp_var.h>
39#include <netinet/sctp_sysctl.h>
40#include <netinet/sctp_header.h>
41#include <netinet/sctp_pcb.h>
42#include <netinet/sctputil.h>
43#include <netinet/sctp_output.h>
44#include <netinet/sctp_uio.h>
45#include <netinet/sctputil.h>
46#include <netinet/sctp_auth.h>
47#include <netinet/sctp_timer.h>
48#include <netinet/sctp_asconf.h>
49#include <netinet/sctp_indata.h>
50#include <netinet/sctp_bsd_addr.h>
51#include <netinet/sctp_input.h>
52#include <netinet/sctp_crc32.h>
53#include <netinet/udp.h>
54#include <machine/in_cksum.h>
55
56
57
58#define SCTP_MAX_GAPS_INARRAY 4
59struct sack_track {
60 uint8_t right_edge; /* mergable on the right edge */
61 uint8_t left_edge; /* mergable on the left edge */
62 uint8_t num_entries;
63 uint8_t spare;
64 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY];
65};
66
67struct sack_track sack_array[256] = {
68 {0, 0, 0, 0, /* 0x00 */
69 {{0, 0},
70 {0, 0},
71 {0, 0},
72 {0, 0}
73 }
74 },
75 {1, 0, 1, 0, /* 0x01 */
76 {{0, 0},
77 {0, 0},
78 {0, 0},
79 {0, 0}
80 }
81 },
82 {0, 0, 1, 0, /* 0x02 */
83 {{1, 1},
84 {0, 0},
85 {0, 0},
86 {0, 0}
87 }
88 },
89 {1, 0, 1, 0, /* 0x03 */
90 {{0, 1},
91 {0, 0},
92 {0, 0},
93 {0, 0}
94 }
95 },
96 {0, 0, 1, 0, /* 0x04 */
97 {{2, 2},
98 {0, 0},
99 {0, 0},
100 {0, 0}
101 }
102 },
103 {1, 0, 2, 0, /* 0x05 */
104 {{0, 0},
105 {2, 2},
106 {0, 0},
107 {0, 0}
108 }
109 },
110 {0, 0, 1, 0, /* 0x06 */
111 {{1, 2},
112 {0, 0},
113 {0, 0},
114 {0, 0}
115 }
116 },
117 {1, 0, 1, 0, /* 0x07 */
118 {{0, 2},
119 {0, 0},
120 {0, 0},
121 {0, 0}
122 }
123 },
124 {0, 0, 1, 0, /* 0x08 */
125 {{3, 3},
126 {0, 0},
127 {0, 0},
128 {0, 0}
129 }
130 },
131 {1, 0, 2, 0, /* 0x09 */
132 {{0, 0},
133 {3, 3},
134 {0, 0},
135 {0, 0}
136 }
137 },
138 {0, 0, 2, 0, /* 0x0a */
139 {{1, 1},
140 {3, 3},
141 {0, 0},
142 {0, 0}
143 }
144 },
145 {1, 0, 2, 0, /* 0x0b */
146 {{0, 1},
147 {3, 3},
148 {0, 0},
149 {0, 0}
150 }
151 },
152 {0, 0, 1, 0, /* 0x0c */
153 {{2, 3},
154 {0, 0},
155 {0, 0},
156 {0, 0}
157 }
158 },
159 {1, 0, 2, 0, /* 0x0d */
160 {{0, 0},
161 {2, 3},
162 {0, 0},
163 {0, 0}
164 }
165 },
166 {0, 0, 1, 0, /* 0x0e */
167 {{1, 3},
168 {0, 0},
169 {0, 0},
170 {0, 0}
171 }
172 },
173 {1, 0, 1, 0, /* 0x0f */
174 {{0, 3},
175 {0, 0},
176 {0, 0},
177 {0, 0}
178 }
179 },
180 {0, 0, 1, 0, /* 0x10 */
181 {{4, 4},
182 {0, 0},
183 {0, 0},
184 {0, 0}
185 }
186 },
187 {1, 0, 2, 0, /* 0x11 */
188 {{0, 0},
189 {4, 4},
190 {0, 0},
191 {0, 0}
192 }
193 },
194 {0, 0, 2, 0, /* 0x12 */
195 {{1, 1},
196 {4, 4},
197 {0, 0},
198 {0, 0}
199 }
200 },
201 {1, 0, 2, 0, /* 0x13 */
202 {{0, 1},
203 {4, 4},
204 {0, 0},
205 {0, 0}
206 }
207 },
208 {0, 0, 2, 0, /* 0x14 */
209 {{2, 2},
210 {4, 4},
211 {0, 0},
212 {0, 0}
213 }
214 },
215 {1, 0, 3, 0, /* 0x15 */
216 {{0, 0},
217 {2, 2},
218 {4, 4},
219 {0, 0}
220 }
221 },
222 {0, 0, 2, 0, /* 0x16 */
223 {{1, 2},
224 {4, 4},
225 {0, 0},
226 {0, 0}
227 }
228 },
229 {1, 0, 2, 0, /* 0x17 */
230 {{0, 2},
231 {4, 4},
232 {0, 0},
233 {0, 0}
234 }
235 },
236 {0, 0, 1, 0, /* 0x18 */
237 {{3, 4},
238 {0, 0},
239 {0, 0},
240 {0, 0}
241 }
242 },
243 {1, 0, 2, 0, /* 0x19 */
244 {{0, 0},
245 {3, 4},
246 {0, 0},
247 {0, 0}
248 }
249 },
250 {0, 0, 2, 0, /* 0x1a */
251 {{1, 1},
252 {3, 4},
253 {0, 0},
254 {0, 0}
255 }
256 },
257 {1, 0, 2, 0, /* 0x1b */
258 {{0, 1},
259 {3, 4},
260 {0, 0},
261 {0, 0}
262 }
263 },
264 {0, 0, 1, 0, /* 0x1c */
265 {{2, 4},
266 {0, 0},
267 {0, 0},
268 {0, 0}
269 }
270 },
271 {1, 0, 2, 0, /* 0x1d */
272 {{0, 0},
273 {2, 4},
274 {0, 0},
275 {0, 0}
276 }
277 },
278 {0, 0, 1, 0, /* 0x1e */
279 {{1, 4},
280 {0, 0},
281 {0, 0},
282 {0, 0}
283 }
284 },
285 {1, 0, 1, 0, /* 0x1f */
286 {{0, 4},
287 {0, 0},
288 {0, 0},
289 {0, 0}
290 }
291 },
292 {0, 0, 1, 0, /* 0x20 */
293 {{5, 5},
294 {0, 0},
295 {0, 0},
296 {0, 0}
297 }
298 },
299 {1, 0, 2, 0, /* 0x21 */
300 {{0, 0},
301 {5, 5},
302 {0, 0},
303 {0, 0}
304 }
305 },
306 {0, 0, 2, 0, /* 0x22 */
307 {{1, 1},
308 {5, 5},
309 {0, 0},
310 {0, 0}
311 }
312 },
313 {1, 0, 2, 0, /* 0x23 */
314 {{0, 1},
315 {5, 5},
316 {0, 0},
317 {0, 0}
318 }
319 },
320 {0, 0, 2, 0, /* 0x24 */
321 {{2, 2},
322 {5, 5},
323 {0, 0},
324 {0, 0}
325 }
326 },
327 {1, 0, 3, 0, /* 0x25 */
328 {{0, 0},
329 {2, 2},
330 {5, 5},
331 {0, 0}
332 }
333 },
334 {0, 0, 2, 0, /* 0x26 */
335 {{1, 2},
336 {5, 5},
337 {0, 0},
338 {0, 0}
339 }
340 },
341 {1, 0, 2, 0, /* 0x27 */
342 {{0, 2},
343 {5, 5},
344 {0, 0},
345 {0, 0}
346 }
347 },
348 {0, 0, 2, 0, /* 0x28 */
349 {{3, 3},
350 {5, 5},
351 {0, 0},
352 {0, 0}
353 }
354 },
355 {1, 0, 3, 0, /* 0x29 */
356 {{0, 0},
357 {3, 3},
358 {5, 5},
359 {0, 0}
360 }
361 },
362 {0, 0, 3, 0, /* 0x2a */
363 {{1, 1},
364 {3, 3},
365 {5, 5},
366 {0, 0}
367 }
368 },
369 {1, 0, 3, 0, /* 0x2b */
370 {{0, 1},
371 {3, 3},
372 {5, 5},
373 {0, 0}
374 }
375 },
376 {0, 0, 2, 0, /* 0x2c */
377 {{2, 3},
378 {5, 5},
379 {0, 0},
380 {0, 0}
381 }
382 },
383 {1, 0, 3, 0, /* 0x2d */
384 {{0, 0},
385 {2, 3},
386 {5, 5},
387 {0, 0}
388 }
389 },
390 {0, 0, 2, 0, /* 0x2e */
391 {{1, 3},
392 {5, 5},
393 {0, 0},
394 {0, 0}
395 }
396 },
397 {1, 0, 2, 0, /* 0x2f */
398 {{0, 3},
399 {5, 5},
400 {0, 0},
401 {0, 0}
402 }
403 },
404 {0, 0, 1, 0, /* 0x30 */
405 {{4, 5},
406 {0, 0},
407 {0, 0},
408 {0, 0}
409 }
410 },
411 {1, 0, 2, 0, /* 0x31 */
412 {{0, 0},
413 {4, 5},
414 {0, 0},
415 {0, 0}
416 }
417 },
418 {0, 0, 2, 0, /* 0x32 */
419 {{1, 1},
420 {4, 5},
421 {0, 0},
422 {0, 0}
423 }
424 },
425 {1, 0, 2, 0, /* 0x33 */
426 {{0, 1},
427 {4, 5},
428 {0, 0},
429 {0, 0}
430 }
431 },
432 {0, 0, 2, 0, /* 0x34 */
433 {{2, 2},
434 {4, 5},
435 {0, 0},
436 {0, 0}
437 }
438 },
439 {1, 0, 3, 0, /* 0x35 */
440 {{0, 0},
441 {2, 2},
442 {4, 5},
443 {0, 0}
444 }
445 },
446 {0, 0, 2, 0, /* 0x36 */
447 {{1, 2},
448 {4, 5},
449 {0, 0},
450 {0, 0}
451 }
452 },
453 {1, 0, 2, 0, /* 0x37 */
454 {{0, 2},
455 {4, 5},
456 {0, 0},
457 {0, 0}
458 }
459 },
460 {0, 0, 1, 0, /* 0x38 */
461 {{3, 5},
462 {0, 0},
463 {0, 0},
464 {0, 0}
465 }
466 },
467 {1, 0, 2, 0, /* 0x39 */
468 {{0, 0},
469 {3, 5},
470 {0, 0},
471 {0, 0}
472 }
473 },
474 {0, 0, 2, 0, /* 0x3a */
475 {{1, 1},
476 {3, 5},
477 {0, 0},
478 {0, 0}
479 }
480 },
481 {1, 0, 2, 0, /* 0x3b */
482 {{0, 1},
483 {3, 5},
484 {0, 0},
485 {0, 0}
486 }
487 },
488 {0, 0, 1, 0, /* 0x3c */
489 {{2, 5},
490 {0, 0},
491 {0, 0},
492 {0, 0}
493 }
494 },
495 {1, 0, 2, 0, /* 0x3d */
496 {{0, 0},
497 {2, 5},
498 {0, 0},
499 {0, 0}
500 }
501 },
502 {0, 0, 1, 0, /* 0x3e */
503 {{1, 5},
504 {0, 0},
505 {0, 0},
506 {0, 0}
507 }
508 },
509 {1, 0, 1, 0, /* 0x3f */
510 {{0, 5},
511 {0, 0},
512 {0, 0},
513 {0, 0}
514 }
515 },
516 {0, 0, 1, 0, /* 0x40 */
517 {{6, 6},
518 {0, 0},
519 {0, 0},
520 {0, 0}
521 }
522 },
523 {1, 0, 2, 0, /* 0x41 */
524 {{0, 0},
525 {6, 6},
526 {0, 0},
527 {0, 0}
528 }
529 },
530 {0, 0, 2, 0, /* 0x42 */
531 {{1, 1},
532 {6, 6},
533 {0, 0},
534 {0, 0}
535 }
536 },
537 {1, 0, 2, 0, /* 0x43 */
538 {{0, 1},
539 {6, 6},
540 {0, 0},
541 {0, 0}
542 }
543 },
544 {0, 0, 2, 0, /* 0x44 */
545 {{2, 2},
546 {6, 6},
547 {0, 0},
548 {0, 0}
549 }
550 },
551 {1, 0, 3, 0, /* 0x45 */
552 {{0, 0},
553 {2, 2},
554 {6, 6},
555 {0, 0}
556 }
557 },
558 {0, 0, 2, 0, /* 0x46 */
559 {{1, 2},
560 {6, 6},
561 {0, 0},
562 {0, 0}
563 }
564 },
565 {1, 0, 2, 0, /* 0x47 */
566 {{0, 2},
567 {6, 6},
568 {0, 0},
569 {0, 0}
570 }
571 },
572 {0, 0, 2, 0, /* 0x48 */
573 {{3, 3},
574 {6, 6},
575 {0, 0},
576 {0, 0}
577 }
578 },
579 {1, 0, 3, 0, /* 0x49 */
580 {{0, 0},
581 {3, 3},
582 {6, 6},
583 {0, 0}
584 }
585 },
586 {0, 0, 3, 0, /* 0x4a */
587 {{1, 1},
588 {3, 3},
589 {6, 6},
590 {0, 0}
591 }
592 },
593 {1, 0, 3, 0, /* 0x4b */
594 {{0, 1},
595 {3, 3},
596 {6, 6},
597 {0, 0}
598 }
599 },
600 {0, 0, 2, 0, /* 0x4c */
601 {{2, 3},
602 {6, 6},
603 {0, 0},
604 {0, 0}
605 }
606 },
607 {1, 0, 3, 0, /* 0x4d */
608 {{0, 0},
609 {2, 3},
610 {6, 6},
611 {0, 0}
612 }
613 },
614 {0, 0, 2, 0, /* 0x4e */
615 {{1, 3},
616 {6, 6},
617 {0, 0},
618 {0, 0}
619 }
620 },
621 {1, 0, 2, 0, /* 0x4f */
622 {{0, 3},
623 {6, 6},
624 {0, 0},
625 {0, 0}
626 }
627 },
628 {0, 0, 2, 0, /* 0x50 */
629 {{4, 4},
630 {6, 6},
631 {0, 0},
632 {0, 0}
633 }
634 },
635 {1, 0, 3, 0, /* 0x51 */
636 {{0, 0},
637 {4, 4},
638 {6, 6},
639 {0, 0}
640 }
641 },
642 {0, 0, 3, 0, /* 0x52 */
643 {{1, 1},
644 {4, 4},
645 {6, 6},
646 {0, 0}
647 }
648 },
649 {1, 0, 3, 0, /* 0x53 */
650 {{0, 1},
651 {4, 4},
652 {6, 6},
653 {0, 0}
654 }
655 },
656 {0, 0, 3, 0, /* 0x54 */
657 {{2, 2},
658 {4, 4},
659 {6, 6},
660 {0, 0}
661 }
662 },
663 {1, 0, 4, 0, /* 0x55 */
664 {{0, 0},
665 {2, 2},
666 {4, 4},
667 {6, 6}
668 }
669 },
670 {0, 0, 3, 0, /* 0x56 */
671 {{1, 2},
672 {4, 4},
673 {6, 6},
674 {0, 0}
675 }
676 },
677 {1, 0, 3, 0, /* 0x57 */
678 {{0, 2},
679 {4, 4},
680 {6, 6},
681 {0, 0}
682 }
683 },
684 {0, 0, 2, 0, /* 0x58 */
685 {{3, 4},
686 {6, 6},
687 {0, 0},
688 {0, 0}
689 }
690 },
691 {1, 0, 3, 0, /* 0x59 */
692 {{0, 0},
693 {3, 4},
694 {6, 6},
695 {0, 0}
696 }
697 },
698 {0, 0, 3, 0, /* 0x5a */
699 {{1, 1},
700 {3, 4},
701 {6, 6},
702 {0, 0}
703 }
704 },
705 {1, 0, 3, 0, /* 0x5b */
706 {{0, 1},
707 {3, 4},
708 {6, 6},
709 {0, 0}
710 }
711 },
712 {0, 0, 2, 0, /* 0x5c */
713 {{2, 4},
714 {6, 6},
715 {0, 0},
716 {0, 0}
717 }
718 },
719 {1, 0, 3, 0, /* 0x5d */
720 {{0, 0},
721 {2, 4},
722 {6, 6},
723 {0, 0}
724 }
725 },
726 {0, 0, 2, 0, /* 0x5e */
727 {{1, 4},
728 {6, 6},
729 {0, 0},
730 {0, 0}
731 }
732 },
733 {1, 0, 2, 0, /* 0x5f */
734 {{0, 4},
735 {6, 6},
736 {0, 0},
737 {0, 0}
738 }
739 },
740 {0, 0, 1, 0, /* 0x60 */
741 {{5, 6},
742 {0, 0},
743 {0, 0},
744 {0, 0}
745 }
746 },
747 {1, 0, 2, 0, /* 0x61 */
748 {{0, 0},
749 {5, 6},
750 {0, 0},
751 {0, 0}
752 }
753 },
754 {0, 0, 2, 0, /* 0x62 */
755 {{1, 1},
756 {5, 6},
757 {0, 0},
758 {0, 0}
759 }
760 },
761 {1, 0, 2, 0, /* 0x63 */
762 {{0, 1},
763 {5, 6},
764 {0, 0},
765 {0, 0}
766 }
767 },
768 {0, 0, 2, 0, /* 0x64 */
769 {{2, 2},
770 {5, 6},
771 {0, 0},
772 {0, 0}
773 }
774 },
775 {1, 0, 3, 0, /* 0x65 */
776 {{0, 0},
777 {2, 2},
778 {5, 6},
779 {0, 0}
780 }
781 },
782 {0, 0, 2, 0, /* 0x66 */
783 {{1, 2},
784 {5, 6},
785 {0, 0},
786 {0, 0}
787 }
788 },
789 {1, 0, 2, 0, /* 0x67 */
790 {{0, 2},
791 {5, 6},
792 {0, 0},
793 {0, 0}
794 }
795 },
796 {0, 0, 2, 0, /* 0x68 */
797 {{3, 3},
798 {5, 6},
799 {0, 0},
800 {0, 0}
801 }
802 },
803 {1, 0, 3, 0, /* 0x69 */
804 {{0, 0},
805 {3, 3},
806 {5, 6},
807 {0, 0}
808 }
809 },
810 {0, 0, 3, 0, /* 0x6a */
811 {{1, 1},
812 {3, 3},
813 {5, 6},
814 {0, 0}
815 }
816 },
817 {1, 0, 3, 0, /* 0x6b */
818 {{0, 1},
819 {3, 3},
820 {5, 6},
821 {0, 0}
822 }
823 },
824 {0, 0, 2, 0, /* 0x6c */
825 {{2, 3},
826 {5, 6},
827 {0, 0},
828 {0, 0}
829 }
830 },
831 {1, 0, 3, 0, /* 0x6d */
832 {{0, 0},
833 {2, 3},
834 {5, 6},
835 {0, 0}
836 }
837 },
838 {0, 0, 2, 0, /* 0x6e */
839 {{1, 3},
840 {5, 6},
841 {0, 0},
842 {0, 0}
843 }
844 },
845 {1, 0, 2, 0, /* 0x6f */
846 {{0, 3},
847 {5, 6},
848 {0, 0},
849 {0, 0}
850 }
851 },
852 {0, 0, 1, 0, /* 0x70 */
853 {{4, 6},
854 {0, 0},
855 {0, 0},
856 {0, 0}
857 }
858 },
859 {1, 0, 2, 0, /* 0x71 */
860 {{0, 0},
861 {4, 6},
862 {0, 0},
863 {0, 0}
864 }
865 },
866 {0, 0, 2, 0, /* 0x72 */
867 {{1, 1},
868 {4, 6},
869 {0, 0},
870 {0, 0}
871 }
872 },
873 {1, 0, 2, 0, /* 0x73 */
874 {{0, 1},
875 {4, 6},
876 {0, 0},
877 {0, 0}
878 }
879 },
880 {0, 0, 2, 0, /* 0x74 */
881 {{2, 2},
882 {4, 6},
883 {0, 0},
884 {0, 0}
885 }
886 },
887 {1, 0, 3, 0, /* 0x75 */
888 {{0, 0},
889 {2, 2},
890 {4, 6},
891 {0, 0}
892 }
893 },
894 {0, 0, 2, 0, /* 0x76 */
895 {{1, 2},
896 {4, 6},
897 {0, 0},
898 {0, 0}
899 }
900 },
901 {1, 0, 2, 0, /* 0x77 */
902 {{0, 2},
903 {4, 6},
904 {0, 0},
905 {0, 0}
906 }
907 },
908 {0, 0, 1, 0, /* 0x78 */
909 {{3, 6},
910 {0, 0},
911 {0, 0},
912 {0, 0}
913 }
914 },
915 {1, 0, 2, 0, /* 0x79 */
916 {{0, 0},
917 {3, 6},
918 {0, 0},
919 {0, 0}
920 }
921 },
922 {0, 0, 2, 0, /* 0x7a */
923 {{1, 1},
924 {3, 6},
925 {0, 0},
926 {0, 0}
927 }
928 },
929 {1, 0, 2, 0, /* 0x7b */
930 {{0, 1},
931 {3, 6},
932 {0, 0},
933 {0, 0}
934 }
935 },
936 {0, 0, 1, 0, /* 0x7c */
937 {{2, 6},
938 {0, 0},
939 {0, 0},
940 {0, 0}
941 }
942 },
943 {1, 0, 2, 0, /* 0x7d */
944 {{0, 0},
945 {2, 6},
946 {0, 0},
947 {0, 0}
948 }
949 },
950 {0, 0, 1, 0, /* 0x7e */
951 {{1, 6},
952 {0, 0},
953 {0, 0},
954 {0, 0}
955 }
956 },
957 {1, 0, 1, 0, /* 0x7f */
958 {{0, 6},
959 {0, 0},
960 {0, 0},
961 {0, 0}
962 }
963 },
964 {0, 1, 1, 0, /* 0x80 */
965 {{7, 7},
966 {0, 0},
967 {0, 0},
968 {0, 0}
969 }
970 },
971 {1, 1, 2, 0, /* 0x81 */
972 {{0, 0},
973 {7, 7},
974 {0, 0},
975 {0, 0}
976 }
977 },
978 {0, 1, 2, 0, /* 0x82 */
979 {{1, 1},
980 {7, 7},
981 {0, 0},
982 {0, 0}
983 }
984 },
985 {1, 1, 2, 0, /* 0x83 */
986 {{0, 1},
987 {7, 7},
988 {0, 0},
989 {0, 0}
990 }
991 },
992 {0, 1, 2, 0, /* 0x84 */
993 {{2, 2},
994 {7, 7},
995 {0, 0},
996 {0, 0}
997 }
998 },
999 {1, 1, 3, 0, /* 0x85 */
1000 {{0, 0},
1001 {2, 2},
1002 {7, 7},
1003 {0, 0}
1004 }
1005 },
1006 {0, 1, 2, 0, /* 0x86 */
1007 {{1, 2},
1008 {7, 7},
1009 {0, 0},
1010 {0, 0}
1011 }
1012 },
1013 {1, 1, 2, 0, /* 0x87 */
1014 {{0, 2},
1015 {7, 7},
1016 {0, 0},
1017 {0, 0}
1018 }
1019 },
1020 {0, 1, 2, 0, /* 0x88 */
1021 {{3, 3},
1022 {7, 7},
1023 {0, 0},
1024 {0, 0}
1025 }
1026 },
1027 {1, 1, 3, 0, /* 0x89 */
1028 {{0, 0},
1029 {3, 3},
1030 {7, 7},
1031 {0, 0}
1032 }
1033 },
1034 {0, 1, 3, 0, /* 0x8a */
1035 {{1, 1},
1036 {3, 3},
1037 {7, 7},
1038 {0, 0}
1039 }
1040 },
1041 {1, 1, 3, 0, /* 0x8b */
1042 {{0, 1},
1043 {3, 3},
1044 {7, 7},
1045 {0, 0}
1046 }
1047 },
1048 {0, 1, 2, 0, /* 0x8c */
1049 {{2, 3},
1050 {7, 7},
1051 {0, 0},
1052 {0, 0}
1053 }
1054 },
1055 {1, 1, 3, 0, /* 0x8d */
1056 {{0, 0},
1057 {2, 3},
1058 {7, 7},
1059 {0, 0}
1060 }
1061 },
1062 {0, 1, 2, 0, /* 0x8e */
1063 {{1, 3},
1064 {7, 7},
1065 {0, 0},
1066 {0, 0}
1067 }
1068 },
1069 {1, 1, 2, 0, /* 0x8f */
1070 {{0, 3},
1071 {7, 7},
1072 {0, 0},
1073 {0, 0}
1074 }
1075 },
1076 {0, 1, 2, 0, /* 0x90 */
1077 {{4, 4},
1078 {7, 7},
1079 {0, 0},
1080 {0, 0}
1081 }
1082 },
1083 {1, 1, 3, 0, /* 0x91 */
1084 {{0, 0},
1085 {4, 4},
1086 {7, 7},
1087 {0, 0}
1088 }
1089 },
1090 {0, 1, 3, 0, /* 0x92 */
1091 {{1, 1},
1092 {4, 4},
1093 {7, 7},
1094 {0, 0}
1095 }
1096 },
1097 {1, 1, 3, 0, /* 0x93 */
1098 {{0, 1},
1099 {4, 4},
1100 {7, 7},
1101 {0, 0}
1102 }
1103 },
1104 {0, 1, 3, 0, /* 0x94 */
1105 {{2, 2},
1106 {4, 4},
1107 {7, 7},
1108 {0, 0}
1109 }
1110 },
1111 {1, 1, 4, 0, /* 0x95 */
1112 {{0, 0},
1113 {2, 2},
1114 {4, 4},
1115 {7, 7}
1116 }
1117 },
1118 {0, 1, 3, 0, /* 0x96 */
1119 {{1, 2},
1120 {4, 4},
1121 {7, 7},
1122 {0, 0}
1123 }
1124 },
1125 {1, 1, 3, 0, /* 0x97 */
1126 {{0, 2},
1127 {4, 4},
1128 {7, 7},
1129 {0, 0}
1130 }
1131 },
1132 {0, 1, 2, 0, /* 0x98 */
1133 {{3, 4},
1134 {7, 7},
1135 {0, 0},
1136 {0, 0}
1137 }
1138 },
1139 {1, 1, 3, 0, /* 0x99 */
1140 {{0, 0},
1141 {3, 4},
1142 {7, 7},
1143 {0, 0}
1144 }
1145 },
1146 {0, 1, 3, 0, /* 0x9a */
1147 {{1, 1},
1148 {3, 4},
1149 {7, 7},
1150 {0, 0}
1151 }
1152 },
1153 {1, 1, 3, 0, /* 0x9b */
1154 {{0, 1},
1155 {3, 4},
1156 {7, 7},
1157 {0, 0}
1158 }
1159 },
1160 {0, 1, 2, 0, /* 0x9c */
1161 {{2, 4},
1162 {7, 7},
1163 {0, 0},
1164 {0, 0}
1165 }
1166 },
1167 {1, 1, 3, 0, /* 0x9d */
1168 {{0, 0},
1169 {2, 4},
1170 {7, 7},
1171 {0, 0}
1172 }
1173 },
1174 {0, 1, 2, 0, /* 0x9e */
1175 {{1, 4},
1176 {7, 7},
1177 {0, 0},
1178 {0, 0}
1179 }
1180 },
1181 {1, 1, 2, 0, /* 0x9f */
1182 {{0, 4},
1183 {7, 7},
1184 {0, 0},
1185 {0, 0}
1186 }
1187 },
1188 {0, 1, 2, 0, /* 0xa0 */
1189 {{5, 5},
1190 {7, 7},
1191 {0, 0},
1192 {0, 0}
1193 }
1194 },
1195 {1, 1, 3, 0, /* 0xa1 */
1196 {{0, 0},
1197 {5, 5},
1198 {7, 7},
1199 {0, 0}
1200 }
1201 },
1202 {0, 1, 3, 0, /* 0xa2 */
1203 {{1, 1},
1204 {5, 5},
1205 {7, 7},
1206 {0, 0}
1207 }
1208 },
1209 {1, 1, 3, 0, /* 0xa3 */
1210 {{0, 1},
1211 {5, 5},
1212 {7, 7},
1213 {0, 0}
1214 }
1215 },
1216 {0, 1, 3, 0, /* 0xa4 */
1217 {{2, 2},
1218 {5, 5},
1219 {7, 7},
1220 {0, 0}
1221 }
1222 },
1223 {1, 1, 4, 0, /* 0xa5 */
1224 {{0, 0},
1225 {2, 2},
1226 {5, 5},
1227 {7, 7}
1228 }
1229 },
1230 {0, 1, 3, 0, /* 0xa6 */
1231 {{1, 2},
1232 {5, 5},
1233 {7, 7},
1234 {0, 0}
1235 }
1236 },
1237 {1, 1, 3, 0, /* 0xa7 */
1238 {{0, 2},
1239 {5, 5},
1240 {7, 7},
1241 {0, 0}
1242 }
1243 },
1244 {0, 1, 3, 0, /* 0xa8 */
1245 {{3, 3},
1246 {5, 5},
1247 {7, 7},
1248 {0, 0}
1249 }
1250 },
1251 {1, 1, 4, 0, /* 0xa9 */
1252 {{0, 0},
1253 {3, 3},
1254 {5, 5},
1255 {7, 7}
1256 }
1257 },
1258 {0, 1, 4, 0, /* 0xaa */
1259 {{1, 1},
1260 {3, 3},
1261 {5, 5},
1262 {7, 7}
1263 }
1264 },
1265 {1, 1, 4, 0, /* 0xab */
1266 {{0, 1},
1267 {3, 3},
1268 {5, 5},
1269 {7, 7}
1270 }
1271 },
1272 {0, 1, 3, 0, /* 0xac */
1273 {{2, 3},
1274 {5, 5},
1275 {7, 7},
1276 {0, 0}
1277 }
1278 },
1279 {1, 1, 4, 0, /* 0xad */
1280 {{0, 0},
1281 {2, 3},
1282 {5, 5},
1283 {7, 7}
1284 }
1285 },
1286 {0, 1, 3, 0, /* 0xae */
1287 {{1, 3},
1288 {5, 5},
1289 {7, 7},
1290 {0, 0}
1291 }
1292 },
1293 {1, 1, 3, 0, /* 0xaf */
1294 {{0, 3},
1295 {5, 5},
1296 {7, 7},
1297 {0, 0}
1298 }
1299 },
1300 {0, 1, 2, 0, /* 0xb0 */
1301 {{4, 5},
1302 {7, 7},
1303 {0, 0},
1304 {0, 0}
1305 }
1306 },
1307 {1, 1, 3, 0, /* 0xb1 */
1308 {{0, 0},
1309 {4, 5},
1310 {7, 7},
1311 {0, 0}
1312 }
1313 },
1314 {0, 1, 3, 0, /* 0xb2 */
1315 {{1, 1},
1316 {4, 5},
1317 {7, 7},
1318 {0, 0}
1319 }
1320 },
1321 {1, 1, 3, 0, /* 0xb3 */
1322 {{0, 1},
1323 {4, 5},
1324 {7, 7},
1325 {0, 0}
1326 }
1327 },
1328 {0, 1, 3, 0, /* 0xb4 */
1329 {{2, 2},
1330 {4, 5},
1331 {7, 7},
1332 {0, 0}
1333 }
1334 },
1335 {1, 1, 4, 0, /* 0xb5 */
1336 {{0, 0},
1337 {2, 2},
1338 {4, 5},
1339 {7, 7}
1340 }
1341 },
1342 {0, 1, 3, 0, /* 0xb6 */
1343 {{1, 2},
1344 {4, 5},
1345 {7, 7},
1346 {0, 0}
1347 }
1348 },
1349 {1, 1, 3, 0, /* 0xb7 */
1350 {{0, 2},
1351 {4, 5},
1352 {7, 7},
1353 {0, 0}
1354 }
1355 },
1356 {0, 1, 2, 0, /* 0xb8 */
1357 {{3, 5},
1358 {7, 7},
1359 {0, 0},
1360 {0, 0}
1361 }
1362 },
1363 {1, 1, 3, 0, /* 0xb9 */
1364 {{0, 0},
1365 {3, 5},
1366 {7, 7},
1367 {0, 0}
1368 }
1369 },
1370 {0, 1, 3, 0, /* 0xba */
1371 {{1, 1},
1372 {3, 5},
1373 {7, 7},
1374 {0, 0}
1375 }
1376 },
1377 {1, 1, 3, 0, /* 0xbb */
1378 {{0, 1},
1379 {3, 5},
1380 {7, 7},
1381 {0, 0}
1382 }
1383 },
1384 {0, 1, 2, 0, /* 0xbc */
1385 {{2, 5},
1386 {7, 7},
1387 {0, 0},
1388 {0, 0}
1389 }
1390 },
1391 {1, 1, 3, 0, /* 0xbd */
1392 {{0, 0},
1393 {2, 5},
1394 {7, 7},
1395 {0, 0}
1396 }
1397 },
1398 {0, 1, 2, 0, /* 0xbe */
1399 {{1, 5},
1400 {7, 7},
1401 {0, 0},
1402 {0, 0}
1403 }
1404 },
1405 {1, 1, 2, 0, /* 0xbf */
1406 {{0, 5},
1407 {7, 7},
1408 {0, 0},
1409 {0, 0}
1410 }
1411 },
1412 {0, 1, 1, 0, /* 0xc0 */
1413 {{6, 7},
1414 {0, 0},
1415 {0, 0},
1416 {0, 0}
1417 }
1418 },
1419 {1, 1, 2, 0, /* 0xc1 */
1420 {{0, 0},
1421 {6, 7},
1422 {0, 0},
1423 {0, 0}
1424 }
1425 },
1426 {0, 1, 2, 0, /* 0xc2 */
1427 {{1, 1},
1428 {6, 7},
1429 {0, 0},
1430 {0, 0}
1431 }
1432 },
1433 {1, 1, 2, 0, /* 0xc3 */
1434 {{0, 1},
1435 {6, 7},
1436 {0, 0},
1437 {0, 0}
1438 }
1439 },
1440 {0, 1, 2, 0, /* 0xc4 */
1441 {{2, 2},
1442 {6, 7},
1443 {0, 0},
1444 {0, 0}
1445 }
1446 },
1447 {1, 1, 3, 0, /* 0xc5 */
1448 {{0, 0},
1449 {2, 2},
1450 {6, 7},
1451 {0, 0}
1452 }
1453 },
1454 {0, 1, 2, 0, /* 0xc6 */
1455 {{1, 2},
1456 {6, 7},
1457 {0, 0},
1458 {0, 0}
1459 }
1460 },
1461 {1, 1, 2, 0, /* 0xc7 */
1462 {{0, 2},
1463 {6, 7},
1464 {0, 0},
1465 {0, 0}
1466 }
1467 },
1468 {0, 1, 2, 0, /* 0xc8 */
1469 {{3, 3},
1470 {6, 7},
1471 {0, 0},
1472 {0, 0}
1473 }
1474 },
1475 {1, 1, 3, 0, /* 0xc9 */
1476 {{0, 0},
1477 {3, 3},
1478 {6, 7},
1479 {0, 0}
1480 }
1481 },
1482 {0, 1, 3, 0, /* 0xca */
1483 {{1, 1},
1484 {3, 3},
1485 {6, 7},
1486 {0, 0}
1487 }
1488 },
1489 {1, 1, 3, 0, /* 0xcb */
1490 {{0, 1},
1491 {3, 3},
1492 {6, 7},
1493 {0, 0}
1494 }
1495 },
1496 {0, 1, 2, 0, /* 0xcc */
1497 {{2, 3},
1498 {6, 7},
1499 {0, 0},
1500 {0, 0}
1501 }
1502 },
1503 {1, 1, 3, 0, /* 0xcd */
1504 {{0, 0},
1505 {2, 3},
1506 {6, 7},
1507 {0, 0}
1508 }
1509 },
1510 {0, 1, 2, 0, /* 0xce */
1511 {{1, 3},
1512 {6, 7},
1513 {0, 0},
1514 {0, 0}
1515 }
1516 },
1517 {1, 1, 2, 0, /* 0xcf */
1518 {{0, 3},
1519 {6, 7},
1520 {0, 0},
1521 {0, 0}
1522 }
1523 },
1524 {0, 1, 2, 0, /* 0xd0 */
1525 {{4, 4},
1526 {6, 7},
1527 {0, 0},
1528 {0, 0}
1529 }
1530 },
1531 {1, 1, 3, 0, /* 0xd1 */
1532 {{0, 0},
1533 {4, 4},
1534 {6, 7},
1535 {0, 0}
1536 }
1537 },
1538 {0, 1, 3, 0, /* 0xd2 */
1539 {{1, 1},
1540 {4, 4},
1541 {6, 7},
1542 {0, 0}
1543 }
1544 },
1545 {1, 1, 3, 0, /* 0xd3 */
1546 {{0, 1},
1547 {4, 4},
1548 {6, 7},
1549 {0, 0}
1550 }
1551 },
1552 {0, 1, 3, 0, /* 0xd4 */
1553 {{2, 2},
1554 {4, 4},
1555 {6, 7},
1556 {0, 0}
1557 }
1558 },
1559 {1, 1, 4, 0, /* 0xd5 */
1560 {{0, 0},
1561 {2, 2},
1562 {4, 4},
1563 {6, 7}
1564 }
1565 },
1566 {0, 1, 3, 0, /* 0xd6 */
1567 {{1, 2},
1568 {4, 4},
1569 {6, 7},
1570 {0, 0}
1571 }
1572 },
1573 {1, 1, 3, 0, /* 0xd7 */
1574 {{0, 2},
1575 {4, 4},
1576 {6, 7},
1577 {0, 0}
1578 }
1579 },
1580 {0, 1, 2, 0, /* 0xd8 */
1581 {{3, 4},
1582 {6, 7},
1583 {0, 0},
1584 {0, 0}
1585 }
1586 },
1587 {1, 1, 3, 0, /* 0xd9 */
1588 {{0, 0},
1589 {3, 4},
1590 {6, 7},
1591 {0, 0}
1592 }
1593 },
1594 {0, 1, 3, 0, /* 0xda */
1595 {{1, 1},
1596 {3, 4},
1597 {6, 7},
1598 {0, 0}
1599 }
1600 },
1601 {1, 1, 3, 0, /* 0xdb */
1602 {{0, 1},
1603 {3, 4},
1604 {6, 7},
1605 {0, 0}
1606 }
1607 },
1608 {0, 1, 2, 0, /* 0xdc */
1609 {{2, 4},
1610 {6, 7},
1611 {0, 0},
1612 {0, 0}
1613 }
1614 },
1615 {1, 1, 3, 0, /* 0xdd */
1616 {{0, 0},
1617 {2, 4},
1618 {6, 7},
1619 {0, 0}
1620 }
1621 },
1622 {0, 1, 2, 0, /* 0xde */
1623 {{1, 4},
1624 {6, 7},
1625 {0, 0},
1626 {0, 0}
1627 }
1628 },
1629 {1, 1, 2, 0, /* 0xdf */
1630 {{0, 4},
1631 {6, 7},
1632 {0, 0},
1633 {0, 0}
1634 }
1635 },
1636 {0, 1, 1, 0, /* 0xe0 */
1637 {{5, 7},
1638 {0, 0},
1639 {0, 0},
1640 {0, 0}
1641 }
1642 },
1643 {1, 1, 2, 0, /* 0xe1 */
1644 {{0, 0},
1645 {5, 7},
1646 {0, 0},
1647 {0, 0}
1648 }
1649 },
1650 {0, 1, 2, 0, /* 0xe2 */
1651 {{1, 1},
1652 {5, 7},
1653 {0, 0},
1654 {0, 0}
1655 }
1656 },
1657 {1, 1, 2, 0, /* 0xe3 */
1658 {{0, 1},
1659 {5, 7},
1660 {0, 0},
1661 {0, 0}
1662 }
1663 },
1664 {0, 1, 2, 0, /* 0xe4 */
1665 {{2, 2},
1666 {5, 7},
1667 {0, 0},
1668 {0, 0}
1669 }
1670 },
1671 {1, 1, 3, 0, /* 0xe5 */
1672 {{0, 0},
1673 {2, 2},
1674 {5, 7},
1675 {0, 0}
1676 }
1677 },
1678 {0, 1, 2, 0, /* 0xe6 */
1679 {{1, 2},
1680 {5, 7},
1681 {0, 0},
1682 {0, 0}
1683 }
1684 },
1685 {1, 1, 2, 0, /* 0xe7 */
1686 {{0, 2},
1687 {5, 7},
1688 {0, 0},
1689 {0, 0}
1690 }
1691 },
1692 {0, 1, 2, 0, /* 0xe8 */
1693 {{3, 3},
1694 {5, 7},
1695 {0, 0},
1696 {0, 0}
1697 }
1698 },
1699 {1, 1, 3, 0, /* 0xe9 */
1700 {{0, 0},
1701 {3, 3},
1702 {5, 7},
1703 {0, 0}
1704 }
1705 },
1706 {0, 1, 3, 0, /* 0xea */
1707 {{1, 1},
1708 {3, 3},
1709 {5, 7},
1710 {0, 0}
1711 }
1712 },
1713 {1, 1, 3, 0, /* 0xeb */
1714 {{0, 1},
1715 {3, 3},
1716 {5, 7},
1717 {0, 0}
1718 }
1719 },
1720 {0, 1, 2, 0, /* 0xec */
1721 {{2, 3},
1722 {5, 7},
1723 {0, 0},
1724 {0, 0}
1725 }
1726 },
1727 {1, 1, 3, 0, /* 0xed */
1728 {{0, 0},
1729 {2, 3},
1730 {5, 7},
1731 {0, 0}
1732 }
1733 },
1734 {0, 1, 2, 0, /* 0xee */
1735 {{1, 3},
1736 {5, 7},
1737 {0, 0},
1738 {0, 0}
1739 }
1740 },
1741 {1, 1, 2, 0, /* 0xef */
1742 {{0, 3},
1743 {5, 7},
1744 {0, 0},
1745 {0, 0}
1746 }
1747 },
1748 {0, 1, 1, 0, /* 0xf0 */
1749 {{4, 7},
1750 {0, 0},
1751 {0, 0},
1752 {0, 0}
1753 }
1754 },
1755 {1, 1, 2, 0, /* 0xf1 */
1756 {{0, 0},
1757 {4, 7},
1758 {0, 0},
1759 {0, 0}
1760 }
1761 },
1762 {0, 1, 2, 0, /* 0xf2 */
1763 {{1, 1},
1764 {4, 7},
1765 {0, 0},
1766 {0, 0}
1767 }
1768 },
1769 {1, 1, 2, 0, /* 0xf3 */
1770 {{0, 1},
1771 {4, 7},
1772 {0, 0},
1773 {0, 0}
1774 }
1775 },
1776 {0, 1, 2, 0, /* 0xf4 */
1777 {{2, 2},
1778 {4, 7},
1779 {0, 0},
1780 {0, 0}
1781 }
1782 },
1783 {1, 1, 3, 0, /* 0xf5 */
1784 {{0, 0},
1785 {2, 2},
1786 {4, 7},
1787 {0, 0}
1788 }
1789 },
1790 {0, 1, 2, 0, /* 0xf6 */
1791 {{1, 2},
1792 {4, 7},
1793 {0, 0},
1794 {0, 0}
1795 }
1796 },
1797 {1, 1, 2, 0, /* 0xf7 */
1798 {{0, 2},
1799 {4, 7},
1800 {0, 0},
1801 {0, 0}
1802 }
1803 },
1804 {0, 1, 1, 0, /* 0xf8 */
1805 {{3, 7},
1806 {0, 0},
1807 {0, 0},
1808 {0, 0}
1809 }
1810 },
1811 {1, 1, 2, 0, /* 0xf9 */
1812 {{0, 0},
1813 {3, 7},
1814 {0, 0},
1815 {0, 0}
1816 }
1817 },
1818 {0, 1, 2, 0, /* 0xfa */
1819 {{1, 1},
1820 {3, 7},
1821 {0, 0},
1822 {0, 0}
1823 }
1824 },
1825 {1, 1, 2, 0, /* 0xfb */
1826 {{0, 1},
1827 {3, 7},
1828 {0, 0},
1829 {0, 0}
1830 }
1831 },
1832 {0, 1, 1, 0, /* 0xfc */
1833 {{2, 7},
1834 {0, 0},
1835 {0, 0},
1836 {0, 0}
1837 }
1838 },
1839 {1, 1, 2, 0, /* 0xfd */
1840 {{0, 0},
1841 {2, 7},
1842 {0, 0},
1843 {0, 0}
1844 }
1845 },
1846 {0, 1, 1, 0, /* 0xfe */
1847 {{1, 7},
1848 {0, 0},
1849 {0, 0},
1850 {0, 0}
1851 }
1852 },
1853 {1, 1, 1, 0, /* 0xff */
1854 {{0, 7},
1855 {0, 0},
1856 {0, 0},
1857 {0, 0}
1858 }
1859 }
1860};
1861
1862
1863int
1864sctp_is_address_in_scope(struct sctp_ifa *ifa,
1865 int ipv4_addr_legal,
1866 int ipv6_addr_legal,
1867 int loopback_scope,
1868 int ipv4_local_scope,
1869 int local_scope,
1870 int site_scope,
1871 int do_update)
1872{
1873 if ((loopback_scope == 0) &&
1874 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) {
1875 /*
1876 * skip loopback if not in scope *
1877 */
1878 return (0);
1879 }
1880 switch (ifa->address.sa.sa_family) {
1881 case AF_INET:
1882 if (ipv4_addr_legal) {
1883 struct sockaddr_in *sin;
1884
1885 sin = (struct sockaddr_in *)&ifa->address.sin;
1886 if (sin->sin_addr.s_addr == 0) {
1887 /* not in scope , unspecified */
1888 return (0);
1889 }
1890 if ((ipv4_local_scope == 0) &&
1891 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
1892 /* private address not in scope */
1893 return (0);
1894 }
1895 } else {
1896 return (0);
1897 }
1898 break;
1899#ifdef INET6
1900 case AF_INET6:
1901 if (ipv6_addr_legal) {
1902 struct sockaddr_in6 *sin6;
1903
1904 /*
1905 * Must update the flags, bummer, which means any
1906 * IFA locks must now be applied HERE <->
1907 */
1908 if (do_update) {
1909 sctp_gather_internal_ifa_flags(ifa);
1910 }
1911 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
1912 return (0);
1913 }
1914 /* ok to use deprecated addresses? */
1915 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6;
1916 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1917 /* skip unspecifed addresses */
1918 return (0);
1919 }
1920 if ( /* (local_scope == 0) && */
1921 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) {
1922 return (0);
1923 }
1924 if ((site_scope == 0) &&
1925 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
1926 return (0);
1927 }
1928 } else {
1929 return (0);
1930 }
1931 break;
1932#endif
1933 default:
1934 return (0);
1935 }
1936 return (1);
1937}
1938
1939static struct mbuf *
1940sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa)
1941{
1942 struct sctp_paramhdr *parmh;
1943 struct mbuf *mret;
1944 int len;
1945
1946 if (ifa->address.sa.sa_family == AF_INET) {
1947 len = sizeof(struct sctp_ipv4addr_param);
1948 } else if (ifa->address.sa.sa_family == AF_INET6) {
1949 len = sizeof(struct sctp_ipv6addr_param);
1950 } else {
1951 /* unknown type */
1952 return (m);
1953 }
1954 if (M_TRAILINGSPACE(m) >= len) {
1955 /* easy side we just drop it on the end */
1956 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m)));
1957 mret = m;
1958 } else {
1959 /* Need more space */
1960 mret = m;
1961 while (SCTP_BUF_NEXT(mret) != NULL) {
1962 mret = SCTP_BUF_NEXT(mret);
1963 }
1964 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA);
1965 if (SCTP_BUF_NEXT(mret) == NULL) {
1966 /* We are hosed, can't add more addresses */
1967 return (m);
1968 }
1969 mret = SCTP_BUF_NEXT(mret);
1970 parmh = mtod(mret, struct sctp_paramhdr *);
1971 }
1972 /* now add the parameter */
1973 switch (ifa->address.sa.sa_family) {
1974 case AF_INET:
1975 {
1976 struct sctp_ipv4addr_param *ipv4p;
1977 struct sockaddr_in *sin;
1978
1979 sin = (struct sockaddr_in *)&ifa->address.sin;
1980 ipv4p = (struct sctp_ipv4addr_param *)parmh;
1981 parmh->param_type = htons(SCTP_IPV4_ADDRESS);
1982 parmh->param_length = htons(len);
1983 ipv4p->addr = sin->sin_addr.s_addr;
1984 SCTP_BUF_LEN(mret) += len;
1985 break;
1986 }
1987#ifdef INET6
1988 case AF_INET6:
1989 {
1990 struct sctp_ipv6addr_param *ipv6p;
1991 struct sockaddr_in6 *sin6;
1992
1993 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6;
1994 ipv6p = (struct sctp_ipv6addr_param *)parmh;
1995 parmh->param_type = htons(SCTP_IPV6_ADDRESS);
1996 parmh->param_length = htons(len);
1997 memcpy(ipv6p->addr, &sin6->sin6_addr,
1998 sizeof(ipv6p->addr));
1999 /* clear embedded scope in the address */
2000 in6_clearscope((struct in6_addr *)ipv6p->addr);
2001 SCTP_BUF_LEN(mret) += len;
2002 break;
2003 }
2004#endif
2005 default:
2006 return (m);
2007 }
2008 return (mret);
2009}
2010
2011
2012struct mbuf *
2013sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope,
2014 struct mbuf *m_at, int cnt_inits_to)
2015{
2016 struct sctp_vrf *vrf = NULL;
2017 int cnt, limit_out = 0, total_count;
2018 uint32_t vrf_id;
2019
2020 vrf_id = inp->def_vrf_id;
2021 SCTP_IPI_ADDR_RLOCK();
2022 vrf = sctp_find_vrf(vrf_id);
2023 if (vrf == NULL) {
2024 SCTP_IPI_ADDR_RUNLOCK();
2025 return (m_at);
2026 }
2027 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
2028 struct sctp_ifa *sctp_ifap;
2029 struct sctp_ifn *sctp_ifnp;
2030
2031 cnt = cnt_inits_to;
2032 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) {
2033 limit_out = 1;
2034 cnt = SCTP_ADDRESS_LIMIT;
2035 goto skip_count;
2036 }
2037 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
2038 if ((scope->loopback_scope == 0) &&
2039 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
2040 /*
2041 * Skip loopback devices if loopback_scope
2042 * not set
2043 */
2044 continue;
2045 }
2046 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
2047 if (sctp_is_address_in_scope(sctp_ifap,
2048 scope->ipv4_addr_legal,
2049 scope->ipv6_addr_legal,
2050 scope->loopback_scope,
2051 scope->ipv4_local_scope,
2052 scope->local_scope,
2053 scope->site_scope, 1) == 0) {
2054 continue;
2055 }
2056 cnt++;
2057 if (cnt > SCTP_ADDRESS_LIMIT) {
2058 break;
2059 }
2060 }
2061 if (cnt > SCTP_ADDRESS_LIMIT) {
2062 break;
2063 }
2064 }
2065skip_count:
2066 if (cnt > 1) {
2067 total_count = 0;
2068 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
2069 cnt = 0;
2070 if ((scope->loopback_scope == 0) &&
2071 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
2072 /*
2073 * Skip loopback devices if
2074 * loopback_scope not set
2075 */
2076 continue;
2077 }
2078 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
2079 if (sctp_is_address_in_scope(sctp_ifap,
2080 scope->ipv4_addr_legal,
2081 scope->ipv6_addr_legal,
2082 scope->loopback_scope,
2083 scope->ipv4_local_scope,
2084 scope->local_scope,
2085 scope->site_scope, 0) == 0) {
2086 continue;
2087 }
2088 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap);
2089 if (limit_out) {
2090 cnt++;
2091 total_count++;
2092 if (cnt >= 2) {
2093 /*
2094 * two from each
2095 * address
2096 */
2097 break;
2098 }
2099 if (total_count > SCTP_ADDRESS_LIMIT) {
2100 /* No more addresses */
2101 break;
2102 }
2103 }
2104 }
2105 }
2106 }
2107 } else {
2108 struct sctp_laddr *laddr;
2109
2110 cnt = cnt_inits_to;
2111 /* First, how many ? */
2112 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2113 if (laddr->ifa == NULL) {
2114 continue;
2115 }
2116 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED)
2117 /*
2118 * Address being deleted by the system, dont
2119 * list.
2120 */
2121 continue;
2122 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2123 /*
2124 * Address being deleted on this ep don't
2125 * list.
2126 */
2127 continue;
2128 }
2129 if (sctp_is_address_in_scope(laddr->ifa,
2130 scope->ipv4_addr_legal,
2131 scope->ipv6_addr_legal,
2132 scope->loopback_scope,
2133 scope->ipv4_local_scope,
2134 scope->local_scope,
2135 scope->site_scope, 1) == 0) {
2136 continue;
2137 }
2138 cnt++;
2139 }
2140 if (cnt > SCTP_ADDRESS_LIMIT) {
2141 limit_out = 1;
2142 }
2143 /*
2144 * To get through a NAT we only list addresses if we have
2145 * more than one. That way if you just bind a single address
2146 * we let the source of the init dictate our address.
2147 */
2148 if (cnt > 1) {
2149 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2150 cnt = 0;
2151 if (laddr->ifa == NULL) {
2152 continue;
2153 }
2154 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED)
2155 continue;
2156
2157 if (sctp_is_address_in_scope(laddr->ifa,
2158 scope->ipv4_addr_legal,
2159 scope->ipv6_addr_legal,
2160 scope->loopback_scope,
2161 scope->ipv4_local_scope,
2162 scope->local_scope,
2163 scope->site_scope, 0) == 0) {
2164 continue;
2165 }
2166 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa);
2167 cnt++;
2168 if (cnt >= SCTP_ADDRESS_LIMIT) {
2169 break;
2170 }
2171 }
2172 }
2173 }
2174 SCTP_IPI_ADDR_RUNLOCK();
2175 return (m_at);
2176}
2177
2178static struct sctp_ifa *
2179sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa,
2180 uint8_t dest_is_loop,
2181 uint8_t dest_is_priv,
2182 sa_family_t fam)
2183{
2184 uint8_t dest_is_global = 0;
2185
2186 /* dest_is_priv is true if destination is a private address */
2187 /* dest_is_loop is true if destination is a loopback addresses */
2188
2189 /*
2190 * Here we determine if its a preferred address. A preferred address
2191 * means it is the same scope or higher scope then the destination.
2192 * L = loopback, P = private, G = global
2193 * ----------------------------------------- src | dest | result
2194 * ---------------------------------------- L | L | yes
2195 * ----------------------------------------- P | L |
2196 * yes-v4 no-v6 ----------------------------------------- G |
2197 * L | yes-v4 no-v6 ----------------------------------------- L
2198 * | P | no ----------------------------------------- P |
2199 * P | yes ----------------------------------------- G |
2200 * P | no ----------------------------------------- L | G
2201 * | no ----------------------------------------- P | G |
2202 * no ----------------------------------------- G | G |
2203 * yes -----------------------------------------
2204 */
2205
2206 if (ifa->address.sa.sa_family != fam) {
2207 /* forget mis-matched family */
2208 return (NULL);
2209 }
2210 if ((dest_is_priv == 0) && (dest_is_loop == 0)) {
2211 dest_is_global = 1;
2212 }
2213 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:");
2214 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa);
2215 /* Ok the address may be ok */
2216 if (fam == AF_INET6) {
2217 /* ok to use deprecated addresses? no lets not! */
2218 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
2219 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n");
2220 return (NULL);
2221 }
2222 if (ifa->src_is_priv && !ifa->src_is_loop) {
2223 if (dest_is_loop) {
2224 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n");
2225 return (NULL);
2226 }
2227 }
2228 if (ifa->src_is_glob) {
2229 if (dest_is_loop) {
2230 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n");
2231 return (NULL);
2232 }
2233 }
2234 }
2235 /*
2236 * Now that we know what is what, implement or table this could in
2237 * theory be done slicker (it used to be), but this is
2238 * straightforward and easier to validate :-)
2239 */
2240 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n",
2241 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob);
2242 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n",
2243 dest_is_loop, dest_is_priv, dest_is_global);
2244
2245 if ((ifa->src_is_loop) && (dest_is_priv)) {
2246 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n");
2247 return (NULL);
2248 }
2249 if ((ifa->src_is_glob) && (dest_is_priv)) {
2250 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n");
2251 return (NULL);
2252 }
2253 if ((ifa->src_is_loop) && (dest_is_global)) {
2254 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n");
2255 return (NULL);
2256 }
2257 if ((ifa->src_is_priv) && (dest_is_global)) {
2258 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n");
2259 return (NULL);
2260 }
2261 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n");
2262 /* its a preferred address */
2263 return (ifa);
2264}
2265
2266static struct sctp_ifa *
2267sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa,
2268 uint8_t dest_is_loop,
2269 uint8_t dest_is_priv,
2270 sa_family_t fam)
2271{
2272 uint8_t dest_is_global = 0;
2273
2274 /*
2275 * Here we determine if its a acceptable address. A acceptable
2276 * address means it is the same scope or higher scope but we can
2277 * allow for NAT which means its ok to have a global dest and a
2278 * private src.
2279 *
2280 * L = loopback, P = private, G = global
2281 * ----------------------------------------- src | dest | result
2282 * ----------------------------------------- L | L | yes
2283 * ----------------------------------------- P | L |
2284 * yes-v4 no-v6 ----------------------------------------- G |
2285 * L | yes ----------------------------------------- L |
2286 * P | no ----------------------------------------- P | P
2287 * | yes ----------------------------------------- G | P
2288 * | yes - May not work -----------------------------------------
2289 * L | G | no ----------------------------------------- P
2290 * | G | yes - May not work
2291 * ----------------------------------------- G | G | yes
2292 * -----------------------------------------
2293 */
2294
2295 if (ifa->address.sa.sa_family != fam) {
2296 /* forget non matching family */
2297 return (NULL);
2298 }
2299 /* Ok the address may be ok */
2300 if ((dest_is_loop == 0) && (dest_is_priv == 0)) {
2301 dest_is_global = 1;
2302 }
2303 if (fam == AF_INET6) {
2304 /* ok to use deprecated addresses? */
2305 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
2306 return (NULL);
2307 }
2308 if (ifa->src_is_priv) {
2309 /* Special case, linklocal to loop */
2310 if (dest_is_loop)
2311 return (NULL);
2312 }
2313 }
2314 /*
2315 * Now that we know what is what, implement our table. This could in
2316 * theory be done slicker (it used to be), but this is
2317 * straightforward and easier to validate :-)
2318 */
2319 if ((ifa->src_is_loop == 1) && (dest_is_priv)) {
2320 return (NULL);
2321 }
2322 if ((ifa->src_is_loop == 1) && (dest_is_global)) {
2323 return (NULL);
2324 }
2325 /* its an acceptable address */
2326 return (ifa);
2327}
2328
2329int
2330sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
2331{
2332 struct sctp_laddr *laddr;
2333
2334 if (stcb == NULL) {
2335 /* There are no restrictions, no TCB :-) */
2336 return (0);
2337 }
2338 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
2339 if (laddr->ifa == NULL) {
2340 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
2341 __FUNCTION__);
2342 continue;
2343 }
2344 if (laddr->ifa == ifa) {
2345 /* Yes it is on the list */
2346 return (1);
2347 }
2348 }
2349 return (0);
2350}
2351
2352
2353int
2354sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
2355{
2356 struct sctp_laddr *laddr;
2357
2358 if (ifa == NULL)
2359 return (0);
2360 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2361 if (laddr->ifa == NULL) {
2362 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
2363 __FUNCTION__);
2364 continue;
2365 }
2366 if ((laddr->ifa == ifa) && laddr->action == 0)
2367 /* same pointer */
2368 return (1);
2369 }
2370 return (0);
2371}
2372
2373
2374
2375static struct sctp_ifa *
2376sctp_choose_boundspecific_inp(struct sctp_inpcb *inp,
2377 sctp_route_t * ro,
2378 uint32_t vrf_id,
2379 int non_asoc_addr_ok,
2380 uint8_t dest_is_priv,
2381 uint8_t dest_is_loop,
2382 sa_family_t fam)
2383{
2384 struct sctp_laddr *laddr, *starting_point;
2385 void *ifn;
2386 int resettotop = 0;
2387 struct sctp_ifn *sctp_ifn;
2388 struct sctp_ifa *sctp_ifa, *sifa;
2389 struct sctp_vrf *vrf;
2390 uint32_t ifn_index;
2391
2392 vrf = sctp_find_vrf(vrf_id);
2393 if (vrf == NULL)
2394 return (NULL);
2395
2396 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
2397 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
2398 sctp_ifn = sctp_find_ifn(ifn, ifn_index);
2399 /*
2400 * first question, is the ifn we will emit on in our list, if so, we
2401 * want such an address. Note that we first looked for a preferred
2402 * address.
2403 */
2404 if (sctp_ifn) {
2405 /* is a preferred one on the interface we route out? */
2406 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2407 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2408 (non_asoc_addr_ok == 0))
2409 continue;
2410 sifa = sctp_is_ifa_addr_preferred(sctp_ifa,
2411 dest_is_loop,
2412 dest_is_priv, fam);
2413 if (sifa == NULL)
2414 continue;
2415 if (sctp_is_addr_in_ep(inp, sifa)) {
2416 atomic_add_int(&sifa->refcount, 1);
2417 return (sifa);
2418 }
2419 }
2420 }
2421 /*
2422 * ok, now we now need to find one on the list of the addresses. We
2423 * can't get one on the emitting interface so let's find first a
2424 * preferred one. If not that an acceptable one otherwise... we
2425 * return NULL.
2426 */
2427 starting_point = inp->next_addr_touse;
2428once_again:
2429 if (inp->next_addr_touse == NULL) {
2430 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
2431 resettotop = 1;
2432 }
2433 for (laddr = inp->next_addr_touse; laddr;
2434 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2435 if (laddr->ifa == NULL) {
2436 /* address has been removed */
2437 continue;
2438 }
2439 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2440 /* address is being deleted */
2441 continue;
2442 }
2443 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop,
2444 dest_is_priv, fam);
2445 if (sifa == NULL)
2446 continue;
2447 atomic_add_int(&sifa->refcount, 1);
2448 return (sifa);
2449 }
2450 if (resettotop == 0) {
2451 inp->next_addr_touse = NULL;
2452 goto once_again;
2453 }
2454 inp->next_addr_touse = starting_point;
2455 resettotop = 0;
2456once_again_too:
2457 if (inp->next_addr_touse == NULL) {
2458 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
2459 resettotop = 1;
2460 }
2461 /* ok, what about an acceptable address in the inp */
2462 for (laddr = inp->next_addr_touse; laddr;
2463 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2464 if (laddr->ifa == NULL) {
2465 /* address has been removed */
2466 continue;
2467 }
2468 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2469 /* address is being deleted */
2470 continue;
2471 }
2472 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
2473 dest_is_priv, fam);
2474 if (sifa == NULL)
2475 continue;
2476 atomic_add_int(&sifa->refcount, 1);
2477 return (sifa);
2478 }
2479 if (resettotop == 0) {
2480 inp->next_addr_touse = NULL;
2481 goto once_again_too;
2482 }
2483 /*
2484 * no address bound can be a source for the destination we are in
2485 * trouble
2486 */
2487 return (NULL);
2488}
2489
2490
2491
2492static struct sctp_ifa *
2493sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp,
2494 struct sctp_tcb *stcb,
2495 struct sctp_nets *net,
2496 sctp_route_t * ro,
2497 uint32_t vrf_id,
2498 uint8_t dest_is_priv,
2499 uint8_t dest_is_loop,
2500 int non_asoc_addr_ok,
2501 sa_family_t fam)
2502{
2503 struct sctp_laddr *laddr, *starting_point;
2504 void *ifn;
2505 struct sctp_ifn *sctp_ifn;
2506 struct sctp_ifa *sctp_ifa, *sifa;
2507 uint8_t start_at_beginning = 0;
2508 struct sctp_vrf *vrf;
2509 uint32_t ifn_index;
2510
2511 /*
2512 * first question, is the ifn we will emit on in our list, if so, we
2513 * want that one.
2514 */
2515 vrf = sctp_find_vrf(vrf_id);
2516 if (vrf == NULL)
2517 return (NULL);
2518
2519 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
2520 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
2521 sctp_ifn = sctp_find_ifn(ifn, ifn_index);
2522
2523 /*
2524 * first question, is the ifn we will emit on in our list? If so,
2525 * we want that one. First we look for a preferred. Second, we go
2526 * for an acceptable.
2527 */
2528 if (sctp_ifn) {
2529 /* first try for a preferred address on the ep */
2530 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2531 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
2532 continue;
2533 if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
2534 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam);
2535 if (sifa == NULL)
2536 continue;
2537 if (((non_asoc_addr_ok == 0) &&
2538 (sctp_is_addr_restricted(stcb, sifa))) ||
2539 (non_asoc_addr_ok &&
2540 (sctp_is_addr_restricted(stcb, sifa)) &&
2541 (!sctp_is_addr_pending(stcb, sifa)))) {
2542 /* on the no-no list */
2543 continue;
2544 }
2545 atomic_add_int(&sifa->refcount, 1);
2546 return (sifa);
2547 }
2548 }
2549 /* next try for an acceptable address on the ep */
2550 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2551 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
2552 continue;
2553 if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
2554 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam);
2555 if (sifa == NULL)
2556 continue;
2557 if (((non_asoc_addr_ok == 0) &&
2558 (sctp_is_addr_restricted(stcb, sifa))) ||
2559 (non_asoc_addr_ok &&
2560 (sctp_is_addr_restricted(stcb, sifa)) &&
2561 (!sctp_is_addr_pending(stcb, sifa)))) {
2562 /* on the no-no list */
2563 continue;
2564 }
2565 atomic_add_int(&sifa->refcount, 1);
2566 return (sifa);
2567 }
2568 }
2569
2570 }
2571 /*
2572 * if we can't find one like that then we must look at all addresses
2573 * bound to pick one at first preferable then secondly acceptable.
2574 */
2575 starting_point = stcb->asoc.last_used_address;
2576sctp_from_the_top:
2577 if (stcb->asoc.last_used_address == NULL) {
2578 start_at_beginning = 1;
2579 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
2580 }
2581 /* search beginning with the last used address */
2582 for (laddr = stcb->asoc.last_used_address; laddr;
2583 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2584 if (laddr->ifa == NULL) {
2585 /* address has been removed */
2586 continue;
2587 }
2588 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2589 /* address is being deleted */
2590 continue;
2591 }
2592 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam);
2593 if (sifa == NULL)
2594 continue;
2595 if (((non_asoc_addr_ok == 0) &&
2596 (sctp_is_addr_restricted(stcb, sifa))) ||
2597 (non_asoc_addr_ok &&
2598 (sctp_is_addr_restricted(stcb, sifa)) &&
2599 (!sctp_is_addr_pending(stcb, sifa)))) {
2600 /* on the no-no list */
2601 continue;
2602 }
2603 stcb->asoc.last_used_address = laddr;
2604 atomic_add_int(&sifa->refcount, 1);
2605 return (sifa);
2606 }
2607 if (start_at_beginning == 0) {
2608 stcb->asoc.last_used_address = NULL;
2609 goto sctp_from_the_top;
2610 }
2611 /* now try for any higher scope than the destination */
2612 stcb->asoc.last_used_address = starting_point;
2613 start_at_beginning = 0;
2614sctp_from_the_top2:
2615 if (stcb->asoc.last_used_address == NULL) {
2616 start_at_beginning = 1;
2617 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
2618 }
2619 /* search beginning with the last used address */
2620 for (laddr = stcb->asoc.last_used_address; laddr;
2621 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
2622 if (laddr->ifa == NULL) {
2623 /* address has been removed */
2624 continue;
2625 }
2626 if (laddr->action == SCTP_DEL_IP_ADDRESS) {
2627 /* address is being deleted */
2628 continue;
2629 }
2630 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
2631 dest_is_priv, fam);
2632 if (sifa == NULL)
2633 continue;
2634 if (((non_asoc_addr_ok == 0) &&
2635 (sctp_is_addr_restricted(stcb, sifa))) ||
2636 (non_asoc_addr_ok &&
2637 (sctp_is_addr_restricted(stcb, sifa)) &&
2638 (!sctp_is_addr_pending(stcb, sifa)))) {
2639 /* on the no-no list */
2640 continue;
2641 }
2642 stcb->asoc.last_used_address = laddr;
2643 atomic_add_int(&sifa->refcount, 1);
2644 return (sifa);
2645 }
2646 if (start_at_beginning == 0) {
2647 stcb->asoc.last_used_address = NULL;
2648 goto sctp_from_the_top2;
2649 }
2650 return (NULL);
2651}
2652
2653static struct sctp_ifa *
2654sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn,
2655 struct sctp_tcb *stcb,
2656 int non_asoc_addr_ok,
2657 uint8_t dest_is_loop,
2658 uint8_t dest_is_priv,
2659 int addr_wanted,
2660 sa_family_t fam,
2661 sctp_route_t * ro
2662)
2663{
2664 struct sctp_ifa *ifa, *sifa;
2665 int num_eligible_addr = 0;
2666
2667#ifdef INET6
2668 struct sockaddr_in6 sin6, lsa6;
2669
2670 if (fam == AF_INET6) {
2671 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6));
2672 (void)sa6_recoverscope(&sin6);
2673 }
2674#endif /* INET6 */
2675 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
2676 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2677 (non_asoc_addr_ok == 0))
2678 continue;
2679 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
2680 dest_is_priv, fam);
2681 if (sifa == NULL)
2682 continue;
2683#ifdef INET6
2684 if (fam == AF_INET6 &&
2685 dest_is_loop &&
2686 sifa->src_is_loop && sifa->src_is_priv) {
2687 /*
2688 * don't allow fe80::1 to be a src on loop ::1, we
2689 * don't list it to the peer so we will get an
2690 * abort.
2691 */
2692 continue;
2693 }
2694 if (fam == AF_INET6 &&
2695 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) &&
2696 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
2697 /*
2698 * link-local <-> link-local must belong to the same
2699 * scope.
2700 */
2701 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6));
2702 (void)sa6_recoverscope(&lsa6);
2703 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) {
2704 continue;
2705 }
2706 }
2707#endif /* INET6 */
2708
2709 /*
2710 * Check if the IPv6 address matches to next-hop. In the
2711 * mobile case, old IPv6 address may be not deleted from the
2712 * interface. Then, the interface has previous and new
2713 * addresses. We should use one corresponding to the
2714 * next-hop. (by micchie)
2715 */
2716#ifdef INET6
2717 if (stcb && fam == AF_INET6 &&
2718 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
2719 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro)
2720 == 0) {
2721 continue;
2722 }
2723 }
2724#endif
2725 /* Avoid topologically incorrect IPv4 address */
2726 if (stcb && fam == AF_INET &&
2727 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
2728 if (sctp_v4src_match_nexthop(sifa, ro) == 0) {
2729 continue;
2730 }
2731 }
2732 if (stcb) {
2733 if (((non_asoc_addr_ok == 0) &&
2734 (sctp_is_addr_restricted(stcb, sifa))) ||
2735 (non_asoc_addr_ok &&
2736 (sctp_is_addr_restricted(stcb, sifa)) &&
2737 (!sctp_is_addr_pending(stcb, sifa)))) {
2738 /*
2739 * It is restricted for some reason..
2740 * probably not yet added.
2741 */
2742 continue;
2743 }
2744 }
2745 if (num_eligible_addr >= addr_wanted) {
2746 return (sifa);
2747 }
2748 num_eligible_addr++;
2749 }
2750 return (NULL);
2751}
2752
2753
2754static int
2755sctp_count_num_preferred_boundall(struct sctp_ifn *ifn,
2756 struct sctp_tcb *stcb,
2757 int non_asoc_addr_ok,
2758 uint8_t dest_is_loop,
2759 uint8_t dest_is_priv,
2760 sa_family_t fam)
2761{
2762 struct sctp_ifa *ifa, *sifa;
2763 int num_eligible_addr = 0;
2764
2765 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
2766 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2767 (non_asoc_addr_ok == 0)) {
2768 continue;
2769 }
2770 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
2771 dest_is_priv, fam);
2772 if (sifa == NULL) {
2773 continue;
2774 }
2775 if (stcb) {
2776 if (((non_asoc_addr_ok == 0) &&
2777 (sctp_is_addr_restricted(stcb, sifa))) ||
2778 (non_asoc_addr_ok &&
2779 (sctp_is_addr_restricted(stcb, sifa)) &&
2780 (!sctp_is_addr_pending(stcb, sifa)))) {
2781 /*
2782 * It is restricted for some reason..
2783 * probably not yet added.
2784 */
2785 continue;
2786 }
2787 }
2788 num_eligible_addr++;
2789 }
2790 return (num_eligible_addr);
2791}
2792
2793static struct sctp_ifa *
2794sctp_choose_boundall(struct sctp_inpcb *inp,
2795 struct sctp_tcb *stcb,
2796 struct sctp_nets *net,
2797 sctp_route_t * ro,
2798 uint32_t vrf_id,
2799 uint8_t dest_is_priv,
2800 uint8_t dest_is_loop,
2801 int non_asoc_addr_ok,
2802 sa_family_t fam)
2803{
2804 int cur_addr_num = 0, num_preferred = 0;
2805 void *ifn;
2806 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn;
2807 struct sctp_ifa *sctp_ifa, *sifa;
2808 uint32_t ifn_index;
2809 struct sctp_vrf *vrf;
2810
2811 /*-
2812 * For boundall we can use any address in the association.
2813 * If non_asoc_addr_ok is set we can use any address (at least in
2814 * theory). So we look for preferred addresses first. If we find one,
2815 * we use it. Otherwise we next try to get an address on the
2816 * interface, which we should be able to do (unless non_asoc_addr_ok
2817 * is false and we are routed out that way). In these cases where we
2818 * can't use the address of the interface we go through all the
2819 * ifn's looking for an address we can use and fill that in. Punting
2820 * means we send back address 0, which will probably cause problems
2821 * actually since then IP will fill in the address of the route ifn,
2822 * which means we probably already rejected it.. i.e. here comes an
2823 * abort :-<.
2824 */
2825 vrf = sctp_find_vrf(vrf_id);
2826 if (vrf == NULL)
2827 return (NULL);
2828
2829 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
2830 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
2831 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index);
2832 if (sctp_ifn == NULL) {
2833 /* ?? We don't have this guy ?? */
2834 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No ifn emit interface?\n");
2835 goto bound_all_plan_b;
2836 }
2837 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn_index:%d name:%s is emit interface\n",
2838 ifn_index, sctp_ifn->ifn_name);
2839
2840 if (net) {
2841 cur_addr_num = net->indx_of_eligible_next_to_use;
2842 }
2843 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn,
2844 stcb,
2845 non_asoc_addr_ok,
2846 dest_is_loop,
2847 dest_is_priv, fam);
2848 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n",
2849 num_preferred, sctp_ifn->ifn_name);
2850 if (num_preferred == 0) {
2851 /*
2852 * no eligible addresses, we must use some other interface
2853 * address if we can find one.
2854 */
2855 goto bound_all_plan_b;
2856 }
2857 /*
2858 * Ok we have num_eligible_addr set with how many we can use, this
2859 * may vary from call to call due to addresses being deprecated
2860 * etc..
2861 */
2862 if (cur_addr_num >= num_preferred) {
2863 cur_addr_num = 0;
2864 }
2865 /*
2866 * select the nth address from the list (where cur_addr_num is the
2867 * nth) and 0 is the first one, 1 is the second one etc...
2868 */
2869 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num);
2870
2871 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop,
2872 dest_is_priv, cur_addr_num, fam, ro);
2873
2874 /* if sctp_ifa is NULL something changed??, fall to plan b. */
2875 if (sctp_ifa) {
2876 atomic_add_int(&sctp_ifa->refcount, 1);
2877 if (net) {
2878 /* save off where the next one we will want */
2879 net->indx_of_eligible_next_to_use = cur_addr_num + 1;
2880 }
2881 return (sctp_ifa);
2882 }
2883 /*
2884 * plan_b: Look at all interfaces and find a preferred address. If
2885 * no preferred fall through to plan_c.
2886 */
2887bound_all_plan_b:
2888 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n");
2889 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
2890 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n",
2891 sctp_ifn->ifn_name);
2892 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
2893 /* wrong base scope */
2894 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n");
2895 continue;
2896 }
2897 if ((sctp_ifn == looked_at) && looked_at) {
2898 /* already looked at this guy */
2899 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n");
2900 continue;
2901 }
2902 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, stcb, non_asoc_addr_ok,
2903 dest_is_loop, dest_is_priv, fam);
2904 SCTPDBG(SCTP_DEBUG_OUTPUT2,
2905 "Found ifn:%p %d preferred source addresses\n",
2906 ifn, num_preferred);
2907 if (num_preferred == 0) {
2908 /* None on this interface. */
2909 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n");
2910 continue;
2911 }
2912 SCTPDBG(SCTP_DEBUG_OUTPUT2,
2913 "num preferred:%d on interface:%p cur_addr_num:%d\n",
2914 num_preferred, sctp_ifn, cur_addr_num);
2915
2916 /*
2917 * Ok we have num_eligible_addr set with how many we can
2918 * use, this may vary from call to call due to addresses
2919 * being deprecated etc..
2920 */
2921 if (cur_addr_num >= num_preferred) {
2922 cur_addr_num = 0;
2923 }
2924 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop,
2925 dest_is_priv, cur_addr_num, fam, ro);
2926 if (sifa == NULL)
2927 continue;
2928 if (net) {
2929 net->indx_of_eligible_next_to_use = cur_addr_num + 1;
2930 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n",
2931 cur_addr_num);
2932 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:");
2933 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
2934 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:");
2935 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa);
2936 }
2937 atomic_add_int(&sifa->refcount, 1);
2938 return (sifa);
2939
2940 }
2941
2942 /* plan_c: do we have an acceptable address on the emit interface */
2943 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan C: find acceptable on interface\n");
2944 if (emit_ifn == NULL) {
2945 goto plan_d;
2946 }
2947 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) {
2948 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2949 (non_asoc_addr_ok == 0))
2950 continue;
2951 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop,
2952 dest_is_priv, fam);
2953 if (sifa == NULL)
2954 continue;
2955 if (stcb) {
2956 if (((non_asoc_addr_ok == 0) &&
2957 (sctp_is_addr_restricted(stcb, sifa))) ||
2958 (non_asoc_addr_ok &&
2959 (sctp_is_addr_restricted(stcb, sifa)) &&
2960 (!sctp_is_addr_pending(stcb, sifa)))) {
2961 /*
2962 * It is restricted for some reason..
2963 * probably not yet added.
2964 */
2965 continue;
2966 }
2967 }
2968 atomic_add_int(&sifa->refcount, 1);
2969 return (sifa);
2970 }
2971plan_d:
2972 /*
2973 * plan_d: We are in trouble. No preferred address on the emit
2974 * interface. And not even a preferred address on all interfaces. Go
2975 * out and see if we can find an acceptable address somewhere
2976 * amongst all interfaces.
2977 */
2978 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D\n");
2979 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
2980 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
2981 /* wrong base scope */
2982 continue;
2983 }
2984 if ((sctp_ifn == looked_at) && looked_at)
2985 /* already looked at this guy */
2986 continue;
2987
2988 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
2989 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
2990 (non_asoc_addr_ok == 0))
2991 continue;
2992 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa,
2993 dest_is_loop,
2994 dest_is_priv, fam);
2995 if (sifa == NULL)
2996 continue;
2997 if (stcb) {
2998 if (((non_asoc_addr_ok == 0) &&
2999 (sctp_is_addr_restricted(stcb, sifa))) ||
3000 (non_asoc_addr_ok &&
3001 (sctp_is_addr_restricted(stcb, sifa)) &&
3002 (!sctp_is_addr_pending(stcb, sifa)))) {
3003 /*
3004 * It is restricted for some
3005 * reason.. probably not yet added.
3006 */
3007 continue;
3008 }
3009 }
3010 atomic_add_int(&sifa->refcount, 1);
3011 return (sifa);
3012 }
3013 }
3014 /*
3015 * Ok we can find NO address to source from that is not on our
3016 * restricted list and non_asoc_address is NOT ok, or it is on our
3017 * restricted list. We can't source to it :-(
3018 */
3019 return (NULL);
3020}
3021
3022
3023
3024/* tcb may be NULL */
3025struct sctp_ifa *
3026sctp_source_address_selection(struct sctp_inpcb *inp,
3027 struct sctp_tcb *stcb,
3028 sctp_route_t * ro,
3029 struct sctp_nets *net,
3030 int non_asoc_addr_ok, uint32_t vrf_id)
3031{
3032 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst;
3033
3034#ifdef INET6
3035 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst;
3036
3037#endif
3038 struct sctp_ifa *answer;
3039 uint8_t dest_is_priv, dest_is_loop;
3040 sa_family_t fam;
3041
3042 /*-
3043 * Rules: - Find the route if needed, cache if I can. - Look at
3044 * interface address in route, Is it in the bound list. If so we
3045 * have the best source. - If not we must rotate amongst the
3046 * addresses.
3047 *
3048 * Cavets and issues
3049 *
3050 * Do we need to pay attention to scope. We can have a private address
3051 * or a global address we are sourcing or sending to. So if we draw
3052 * it out
3053 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
3054 * For V4
3055 * ------------------------------------------
3056 * source * dest * result
3057 * -----------------------------------------
3058 * <a> Private * Global * NAT
3059 * -----------------------------------------
3060 * <b> Private * Private * No problem
3061 * -----------------------------------------
3062 * <c> Global * Private * Huh, How will this work?
3063 * -----------------------------------------
3064 * <d> Global * Global * No Problem
3065 *------------------------------------------
3066 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
3067 * For V6
3068 *------------------------------------------
3069 * source * dest * result
3070 * -----------------------------------------
3071 * <a> Linklocal * Global *
3072 * -----------------------------------------
3073 * <b> Linklocal * Linklocal * No problem
3074 * -----------------------------------------
3075 * <c> Global * Linklocal * Huh, How will this work?
3076 * -----------------------------------------
3077 * <d> Global * Global * No Problem
3078 *------------------------------------------
3079 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
3080 *
3081 * And then we add to that what happens if there are multiple addresses
3082 * assigned to an interface. Remember the ifa on a ifn is a linked
3083 * list of addresses. So one interface can have more than one IP
3084 * address. What happens if we have both a private and a global
3085 * address? Do we then use context of destination to sort out which
3086 * one is best? And what about NAT's sending P->G may get you a NAT
3087 * translation, or should you select the G thats on the interface in
3088 * preference.
3089 *
3090 * Decisions:
3091 *
3092 * - count the number of addresses on the interface.
3093 * - if it is one, no problem except case <c>.
3094 * For <a> we will assume a NAT out there.
3095 * - if there are more than one, then we need to worry about scope P
3096 * or G. We should prefer G -> G and P -> P if possible.
3097 * Then as a secondary fall back to mixed types G->P being a last
3098 * ditch one.
3099 * - The above all works for bound all, but bound specific we need to
3100 * use the same concept but instead only consider the bound
3101 * addresses. If the bound set is NOT assigned to the interface then
3102 * we must use rotation amongst the bound addresses..
3103 */
3104 if (ro->ro_rt == NULL) {
3105 /*
3106 * Need a route to cache.
3107 */
3108 SCTP_RTALLOC(ro, vrf_id);
3109 }
3110 if (ro->ro_rt == NULL) {
3111 return (NULL);
3112 }
3113 fam = to->sin_family;
3114 dest_is_priv = dest_is_loop = 0;
3115 /* Setup our scopes for the destination */
3116 switch (fam) {
3117 case AF_INET:
3118 /* Scope based on outbound address */
3119 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) {
3120 dest_is_loop = 1;
3121 if (net != NULL) {
3122 /* mark it as local */
3123 net->addr_is_local = 1;
3124 }
3125 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) {
3126 dest_is_priv = 1;
3127 }
3128 break;
3129#ifdef INET6
3130 case AF_INET6:
3131 /* Scope based on outbound address */
3132 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) ||
3133 SCTP_ROUTE_IS_REAL_LOOP(ro)) {
3134 /*
3135 * If the address is a loopback address, which
3136 * consists of "::1" OR "fe80::1%lo0", we are
3137 * loopback scope. But we don't use dest_is_priv
3138 * (link local addresses).
3139 */
3140 dest_is_loop = 1;
3141 if (net != NULL) {
3142 /* mark it as local */
3143 net->addr_is_local = 1;
3144 }
3145 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) {
3146 dest_is_priv = 1;
3147 }
3148 break;
3149#endif
3150 }
3151 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:");
3152 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)to);
3153 SCTP_IPI_ADDR_RLOCK();
3154 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
3155 /*
3156 * Bound all case
3157 */
3158 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id,
3159 dest_is_priv, dest_is_loop,
3160 non_asoc_addr_ok, fam);
3161 SCTP_IPI_ADDR_RUNLOCK();
3162 return (answer);
3163 }
3164 /*
3165 * Subset bound case
3166 */
3167 if (stcb) {
3168 answer = sctp_choose_boundspecific_stcb(inp, stcb, net, ro,
3169 vrf_id, dest_is_priv,
3170 dest_is_loop,
3171 non_asoc_addr_ok, fam);
3172 } else {
3173 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id,
3174 non_asoc_addr_ok,
3175 dest_is_priv,
3176 dest_is_loop, fam);
3177 }
3178 SCTP_IPI_ADDR_RUNLOCK();
3179 return (answer);
3180}
3181
3182static int
3183sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize)
3184{
3185 struct cmsghdr cmh;
3186 int tlen, at;
3187
3188 tlen = SCTP_BUF_LEN(control);
3189 at = 0;
3190 /*
3191 * Independent of how many mbufs, find the c_type inside the control
3192 * structure and copy out the data.
3193 */
3194 while (at < tlen) {
3195 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) {
3196 /* not enough room for one more we are done. */
3197 return (0);
3198 }
3199 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh);
3200 if (((int)cmh.cmsg_len + at) > tlen) {
3201 /*
3202 * this is real messed up since there is not enough
3203 * data here to cover the cmsg header. We are done.
3204 */
3205 return (0);
3206 }
3207 if ((cmh.cmsg_level == IPPROTO_SCTP) &&
3208 (c_type == cmh.cmsg_type)) {
3209 /* found the one we want, copy it out */
3210 at += CMSG_ALIGN(sizeof(struct cmsghdr));
3211 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) {
3212 /*
3213 * space of cmsg_len after header not big
3214 * enough
3215 */
3216 return (0);
3217 }
3218 m_copydata(control, at, cpsize, data);
3219 return (1);
3220 } else {
3221 at += CMSG_ALIGN(cmh.cmsg_len);
3222 if (cmh.cmsg_len == 0) {
3223 break;
3224 }
3225 }
3226 }
3227 /* not found */
3228 return (0);
3229}
3230
3231static struct mbuf *
3232sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset,
3233 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t ** signature)
3234{
3235 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret;
3236 struct sctp_state_cookie *stc;
3237 struct sctp_paramhdr *ph;
3238 uint8_t *foo;
3239 int sig_offset;
3240 uint16_t cookie_sz;
3241
3242 mret = NULL;
3243 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) +
3244 sizeof(struct sctp_paramhdr)), 0,
3245 M_DONTWAIT, 1, MT_DATA);
3246 if (mret == NULL) {
3247 return (NULL);
3248 }
3249 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_DONTWAIT);
3250 if (copy_init == NULL) {
3251 sctp_m_freem(mret);
3252 return (NULL);
3253 }
3254#ifdef SCTP_MBUF_LOGGING
3255 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
3256 struct mbuf *mat;
3257
3258 mat = copy_init;
3259 while (mat) {
3260 if (SCTP_BUF_IS_EXTENDED(mat)) {
3261 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
3262 }
3263 mat = SCTP_BUF_NEXT(mat);
3264 }
3265 }
3266#endif
3267 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL,
3268 M_DONTWAIT);
3269 if (copy_initack == NULL) {
3270 sctp_m_freem(mret);
3271 sctp_m_freem(copy_init);
3272 return (NULL);
3273 }
3274#ifdef SCTP_MBUF_LOGGING
3275 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
3276 struct mbuf *mat;
3277
3278 mat = copy_initack;
3279 while (mat) {
3280 if (SCTP_BUF_IS_EXTENDED(mat)) {
3281 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
3282 }
3283 mat = SCTP_BUF_NEXT(mat);
3284 }
3285 }
3286#endif
3287 /* easy side we just drop it on the end */
3288 ph = mtod(mret, struct sctp_paramhdr *);
3289 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) +
3290 sizeof(struct sctp_paramhdr);
3291 stc = (struct sctp_state_cookie *)((caddr_t)ph +
3292 sizeof(struct sctp_paramhdr));
3293 ph->param_type = htons(SCTP_STATE_COOKIE);
3294 ph->param_length = 0; /* fill in at the end */
3295 /* Fill in the stc cookie data */
3296 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie));
3297
3298 /* tack the INIT and then the INIT-ACK onto the chain */
3299 cookie_sz = 0;
3300 m_at = mret;
3301 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3302 cookie_sz += SCTP_BUF_LEN(m_at);
3303 if (SCTP_BUF_NEXT(m_at) == NULL) {
3304 SCTP_BUF_NEXT(m_at) = copy_init;
3305 break;
3306 }
3307 }
3308
3309 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3310 cookie_sz += SCTP_BUF_LEN(m_at);
3311 if (SCTP_BUF_NEXT(m_at) == NULL) {
3312 SCTP_BUF_NEXT(m_at) = copy_initack;
3313 break;
3314 }
3315 }
3316
3317 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3318 cookie_sz += SCTP_BUF_LEN(m_at);
3319 if (SCTP_BUF_NEXT(m_at) == NULL) {
3320 break;
3321 }
3322 }
3323 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_DONTWAIT, 1, MT_DATA);
3324 if (sig == NULL) {
3325 /* no space, so free the entire chain */
3326 sctp_m_freem(mret);
3327 return (NULL);
3328 }
3329 SCTP_BUF_LEN(sig) = 0;
3330 SCTP_BUF_NEXT(m_at) = sig;
3331 sig_offset = 0;
3332 foo = (uint8_t *) (mtod(sig, caddr_t)+sig_offset);
3333 memset(foo, 0, SCTP_SIGNATURE_SIZE);
3334 *signature = foo;
3335 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE;
3336 cookie_sz += SCTP_SIGNATURE_SIZE;
3337 ph->param_length = htons(cookie_sz);
3338 return (mret);
3339}
3340
3341
3342static uint8_t
3343sctp_get_ect(struct sctp_tcb *stcb,
3344 struct sctp_tmit_chunk *chk)
3345{
3346 uint8_t this_random;
3347
3348 /* Huh? */
3349 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 0)
3350 return (0);
3351
3352 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce) == 0)
3353 /* no nonce, always return ECT0 */
3354 return (SCTP_ECT0_BIT);
3355
3356 if (stcb->asoc.peer_supports_ecn_nonce == 0) {
3357 /* Peer does NOT support it, so we send a ECT0 only */
3358 return (SCTP_ECT0_BIT);
3359 }
3360 if (chk == NULL)
3361 return (SCTP_ECT0_BIT);
3362
3363 if ((stcb->asoc.hb_random_idx > 3) ||
3364 ((stcb->asoc.hb_random_idx == 3) &&
3365 (stcb->asoc.hb_ect_randombit > 7))) {
3366 uint32_t rndval;
3367
3368warp_drive_sa:
3369 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
3370 memcpy(stcb->asoc.hb_random_values, &rndval,
3371 sizeof(stcb->asoc.hb_random_values));
3372 this_random = stcb->asoc.hb_random_values[0];
3373 stcb->asoc.hb_random_idx = 0;
3374 stcb->asoc.hb_ect_randombit = 0;
3375 } else {
3376 if (stcb->asoc.hb_ect_randombit > 7) {
3377 stcb->asoc.hb_ect_randombit = 0;
3378 stcb->asoc.hb_random_idx++;
3379 if (stcb->asoc.hb_random_idx > 3) {
3380 goto warp_drive_sa;
3381 }
3382 }
3383 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
3384 }
3385 if ((this_random >> stcb->asoc.hb_ect_randombit) & 0x01) {
3386 if (chk != NULL)
3387 /* ECN Nonce stuff */
3388 chk->rec.data.ect_nonce = SCTP_ECT1_BIT;
3389 stcb->asoc.hb_ect_randombit++;
3390 return (SCTP_ECT1_BIT);
3391 } else {
3392 stcb->asoc.hb_ect_randombit++;
3393 return (SCTP_ECT0_BIT);
3394 }
3395}
3396
3397static int
3398sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
3399 struct sctp_tcb *stcb, /* may be NULL */
3400 struct sctp_nets *net,
3401 struct sockaddr *to,
3402 struct mbuf *m,
3403 uint32_t auth_offset,
3404 struct sctp_auth_chunk *auth,
3405 uint16_t auth_keyid,
3406 int nofragment_flag,
3407 int ecn_ok,
3408 struct sctp_tmit_chunk *chk,
3409 int out_of_asoc_ok,
3410 uint16_t src_port,
3411 uint16_t dest_port,
3412 uint32_t v_tag,
3413 uint16_t port,
3414 int so_locked,
3415#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
3416 SCTP_UNUSED
3417#endif
3418 union sctp_sockstore *over_addr
3419)
3420/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */
3421{
3422 /*
3423 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet
3424 * header WITH an SCTPHDR but no IP header, endpoint inp and sa
3425 * structure: - fill in the HMAC digest of any AUTH chunk in the
3426 * packet. - calculate and fill in the SCTP checksum. - prepend an
3427 * IP address header. - if boundall use INADDR_ANY. - if
3428 * boundspecific do source address selection. - set fragmentation
3429 * option for ipV4. - On return from IP output, check/adjust mtu
3430 * size of output interface and smallest_mtu size as well.
3431 */
3432 /* Will need ifdefs around this */
3433 struct mbuf *o_pak;
3434 struct mbuf *newm;
3435 struct sctphdr *sctphdr;
3436 int packet_length;
3437 int ret;
3438 uint32_t vrf_id;
3439 sctp_route_t *ro = NULL;
3440 struct udphdr *udp = NULL;
3441
3442#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3443 struct socket *so = NULL;
3444
3445#endif
3446
3447 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) {
3448 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
3449 sctp_m_freem(m);
3450 return (EFAULT);
3451 }
3452 if (stcb) {
3453 vrf_id = stcb->asoc.vrf_id;
3454 } else {
3455 vrf_id = inp->def_vrf_id;
3456 }
3457
3458 /* fill in the HMAC digest for any AUTH chunk in the packet */
3459 if ((auth != NULL) && (stcb != NULL)) {
3460 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid);
3461 }
3462 if (to->sa_family == AF_INET) {
3463 struct ip *ip = NULL;
3464 sctp_route_t iproute;
3465 uint8_t tos_value;
3466 int len;
3467
3468 len = sizeof(struct ip) + sizeof(struct sctphdr);
3469 if (port) {
3470 len += sizeof(struct udphdr);
3471 }
3472 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA);
3473 if (newm == NULL) {
3474 sctp_m_freem(m);
3475 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3476 return (ENOMEM);
3477 }
3478 SCTP_ALIGN_TO_END(newm, len);
3479 SCTP_BUF_LEN(newm) = len;
3480 SCTP_BUF_NEXT(newm) = m;
3481 m = newm;
3482 packet_length = sctp_calculate_len(m);
3483 ip = mtod(m, struct ip *);
3484 ip->ip_v = IPVERSION;
3485 ip->ip_hl = (sizeof(struct ip) >> 2);
3486 if (net) {
3487 tos_value = net->tos_flowlabel & 0x000000ff;
3488 } else {
3489 tos_value = inp->ip_inp.inp.inp_ip_tos;
3490 }
3491 if ((nofragment_flag) && (port == 0)) {
3492 ip->ip_off = IP_DF;
3493 } else
3494 ip->ip_off = 0;
3495
3496 /* FreeBSD has a function for ip_id's */
3497 ip->ip_id = ip_newid();
3498
3499 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl;
3500 ip->ip_len = packet_length;
3501 if (stcb) {
3502 if ((stcb->asoc.ecn_allowed) && ecn_ok) {
3503 /* Enable ECN */
3504 ip->ip_tos = ((u_char)(tos_value & 0xfc) | sctp_get_ect(stcb, chk));
3505 } else {
3506 /* No ECN */
3507 ip->ip_tos = (u_char)(tos_value & 0xfc);
3508 }
3509 } else {
3510 /* no association at all */
3511 ip->ip_tos = (tos_value & 0xfc);
3512 }
3513 if (port) {
3514 ip->ip_p = IPPROTO_UDP;
3515 } else {
3516 ip->ip_p = IPPROTO_SCTP;
3517 }
3518 ip->ip_sum = 0;
3519 if (net == NULL) {
3520 ro = &iproute;
3521 memset(&iproute, 0, sizeof(iproute));
3522 memcpy(&ro->ro_dst, to, to->sa_len);
3523 } else {
3524 ro = (sctp_route_t *) & net->ro;
3525 }
3526 /* Now the address selection part */
3527 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr;
3528
3529 /* call the routine to select the src address */
3530 if (net && out_of_asoc_ok == 0) {
3531 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) {
3532 sctp_free_ifa(net->ro._s_addr);
3533 net->ro._s_addr = NULL;
3534 net->src_addr_selected = 0;
3535 if (ro->ro_rt) {
3536 RTFREE(ro->ro_rt);
3537 ro->ro_rt = NULL;
3538 }
3539 }
3540 if (net->src_addr_selected == 0) {
3541 /* Cache the source address */
3542 net->ro._s_addr = sctp_source_address_selection(inp, stcb,
3543 ro, net, 0,
3544 vrf_id);
3545 net->src_addr_selected = 1;
3546 }
3547 if (net->ro._s_addr == NULL) {
3548 /* No route to host */
3549 net->src_addr_selected = 0;
3550 goto no_route;
3551 }
3552 ip->ip_src = net->ro._s_addr->address.sin.sin_addr;
3553 } else {
3554 if (over_addr == NULL) {
3555 struct sctp_ifa *_lsrc;
3556
3557 _lsrc = sctp_source_address_selection(inp, stcb, ro,
3558 net,
3559 out_of_asoc_ok,
3560 vrf_id);
3561 if (_lsrc == NULL) {
3562 goto no_route;
3563 }
3564 ip->ip_src = _lsrc->address.sin.sin_addr;
3565 sctp_free_ifa(_lsrc);
3566 } else {
3567 ip->ip_src = over_addr->sin.sin_addr;
3568 SCTP_RTALLOC(ro, vrf_id);
3569 }
3570 }
3571 if (port) {
3572 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip));
3573 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
3574 udp->uh_dport = port;
3575 udp->uh_ulen = htons(packet_length - sizeof(struct ip));
3576 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
3577 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
3578 } else {
3579 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip));
3580 }
3581
3582 sctphdr->src_port = src_port;
3583 sctphdr->dest_port = dest_port;
3584 sctphdr->v_tag = v_tag;
3585 sctphdr->checksum = 0;
3586
3587 /*
3588 * If source address selection fails and we find no route
3589 * then the ip_output should fail as well with a
3590 * NO_ROUTE_TO_HOST type error. We probably should catch
3591 * that somewhere and abort the association right away
3592 * (assuming this is an INIT being sent).
3593 */
3594 if ((ro->ro_rt == NULL)) {
3595 /*
3596 * src addr selection failed to find a route (or
3597 * valid source addr), so we can't get there from
3598 * here (yet)!
3599 */
3600 no_route:
3601 SCTPDBG(SCTP_DEBUG_OUTPUT1,
3602 "%s: dropped packet - no valid source addr\n",
3603 __FUNCTION__);
3604 if (net) {
3605 SCTPDBG(SCTP_DEBUG_OUTPUT1,
3606 "Destination was ");
3607 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1,
3608 &net->ro._l_addr.sa);
3609 if (net->dest_state & SCTP_ADDR_CONFIRMED) {
3610 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) {
3611 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", net);
3612 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
3613 stcb,
3614 SCTP_FAILED_THRESHOLD,
3615 (void *)net,
3616 so_locked);
3617 net->dest_state &= ~SCTP_ADDR_REACHABLE;
3618 net->dest_state |= SCTP_ADDR_NOT_REACHABLE;
3619 /*
3620 * JRS 5/14/07 - If a
3621 * destination is
3622 * unreachable, the PF bit
3623 * is turned off. This
3624 * allows an unambiguous use
3625 * of the PF bit for
3626 * destinations that are
3627 * reachable but potentially
3628 * failed. If the
3629 * destination is set to the
3630 * unreachable state, also
3631 * set the destination to
3632 * the PF state.
3633 */
3634 /*
3635 * Add debug message here if
3636 * destination is not in PF
3637 * state.
3638 */
3639 /*
3640 * Stop any running T3
3641 * timers here?
3642 */
3643 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_pf)) {
3644 net->dest_state &= ~SCTP_ADDR_PF;
3645 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination %p moved from PF to unreachable.\n",
3646 net);
3647 }
3648 }
3649 }
3650 if (stcb) {
3651 if (net == stcb->asoc.primary_destination) {
3652 /* need a new primary */
3653 struct sctp_nets *alt;
3654
3655 alt = sctp_find_alternate_net(stcb, net, 0);
3656 if (alt != net) {
3657 if (sctp_set_primary_addr(stcb,
3658 (struct sockaddr *)NULL,
3659 alt) == 0) {
3660 net->dest_state |= SCTP_ADDR_WAS_PRIMARY;
3661 if (net->ro._s_addr) {
3662 sctp_free_ifa(net->ro._s_addr);
3663 net->ro._s_addr = NULL;
3664 }
3665 net->src_addr_selected = 0;
3666 }
3667 }
3668 }
3669 }
3670 }
3671 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
3672 sctp_m_freem(m);
3673 return (EHOSTUNREACH);
3674 }
3675 if (ro != &iproute) {
3676 memcpy(&iproute, ro, sizeof(*ro));
3677 }
3678 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n",
3679 (uint32_t) (ntohl(ip->ip_src.s_addr)));
3680 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n",
3681 (uint32_t) (ntohl(ip->ip_dst.s_addr)));
3682 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n",
3683 ro->ro_rt);
3684
3685 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
3686 /* failed to prepend data, give up */
3687 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3688 sctp_m_freem(m);
3689 return (ENOMEM);
3690 }
3691#ifdef SCTP_PACKET_LOGGING
3692 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
3693 sctp_packet_log(m, packet_length);
3694#endif
3695 SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
3696 if (port) {
3697 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
3698 (stcb) &&
3699 (stcb->asoc.loopback_scope))) {
3700 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr));
3701 SCTP_STAT_INCR(sctps_sendswcrc);
3702 } else {
3703 SCTP_STAT_INCR(sctps_sendnocrc);
3704 }
3705 SCTP_ENABLE_UDP_CSUM(o_pak);
3706 } else {
3707 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
3708 (stcb) &&
3709 (stcb->asoc.loopback_scope))) {
3710 m->m_pkthdr.csum_flags = CSUM_SCTP;
3711 m->m_pkthdr.csum_data = 0;
3712 SCTP_STAT_INCR(sctps_sendhwcrc);
3713 } else {
3714 SCTP_STAT_INCR(sctps_sendnocrc);
3715 }
3716 }
3717 /* send it out. table id is taken from stcb */
3718#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3719 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
3720 so = SCTP_INP_SO(inp);
3721 SCTP_SOCKET_UNLOCK(so, 0);
3722 }
3723#endif
3724 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id);
3725#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3726 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
3727 atomic_add_int(&stcb->asoc.refcnt, 1);
3728 SCTP_TCB_UNLOCK(stcb);
3729 SCTP_SOCKET_LOCK(so, 0);
3730 SCTP_TCB_LOCK(stcb);
3731 atomic_subtract_int(&stcb->asoc.refcnt, 1);
3732 }
3733#endif
3734 SCTP_STAT_INCR(sctps_sendpackets);
3735 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
3736 if (ret)
3737 SCTP_STAT_INCR(sctps_senderrors);
3738
3739 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret);
3740 if (net == NULL) {
3741 /* free tempy routes */
3742 if (ro->ro_rt) {
3743 RTFREE(ro->ro_rt);
3744 ro->ro_rt = NULL;
3745 }
3746 } else {
3747 /* PMTU check versus smallest asoc MTU goes here */
3748 if ((ro->ro_rt != NULL) &&
3749 (net->ro._s_addr)) {
3750 uint32_t mtu;
3751
3752 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
3753 if (net->port) {
3754 mtu -= sizeof(struct udphdr);
3755 }
3756 if (mtu && (stcb->asoc.smallest_mtu > mtu)) {
3757#ifdef SCTP_PRINT_FOR_B_AND_M
3758 SCTP_PRINTF("sctp_mtu_size_reset called after ip_output mtu-change:%d\n", mtu);
3759#endif
3760 sctp_mtu_size_reset(inp, &stcb->asoc, mtu);
3761 net->mtu = mtu;
3762 }
3763 } else if (ro->ro_rt == NULL) {
3764 /* route was freed */
3765 if (net->ro._s_addr &&
3766 net->src_addr_selected) {
3767 sctp_free_ifa(net->ro._s_addr);
3768 net->ro._s_addr = NULL;
3769 }
3770 net->src_addr_selected = 0;
3771 }
3772 }
3773 return (ret);
3774 }
3775#ifdef INET6
3776 else if (to->sa_family == AF_INET6) {
3777 uint32_t flowlabel;
3778 struct ip6_hdr *ip6h;
3779 struct route_in6 ip6route;
3780 struct ifnet *ifp;
3781 u_char flowTop;
3782 uint16_t flowBottom;
3783 u_char tosBottom, tosTop;
3784 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp;
3785 int prev_scope = 0;
3786 struct sockaddr_in6 lsa6_storage;
3787 int error;
3788 u_short prev_port = 0;
3789 int len;
3790
3791 if (net != NULL) {
3792 flowlabel = net->tos_flowlabel;
3793 } else {
3794 flowlabel = ((struct in6pcb *)inp)->in6p_flowinfo;
3795 }
3796
3797 len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr);
3798 if (port) {
3799 len += sizeof(struct udphdr);
3800 }
3801 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA);
3802 if (newm == NULL) {
3803 sctp_m_freem(m);
3804 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3805 return (ENOMEM);
3806 }
3807 SCTP_ALIGN_TO_END(newm, len);
3808 SCTP_BUF_LEN(newm) = len;
3809 SCTP_BUF_NEXT(newm) = m;
3810 m = newm;
3811 packet_length = sctp_calculate_len(m);
3812
3813 ip6h = mtod(m, struct ip6_hdr *);
3814 /*
3815 * We assume here that inp_flow is in host byte order within
3816 * the TCB!
3817 */
3818 flowBottom = flowlabel & 0x0000ffff;
3819 flowTop = ((flowlabel & 0x000f0000) >> 16);
3820 tosTop = (((flowlabel & 0xf0) >> 4) | IPV6_VERSION);
3821 /* protect *sin6 from overwrite */
3822 sin6 = (struct sockaddr_in6 *)to;
3823 tmp = *sin6;
3824 sin6 = &tmp;
3825
3826 /* KAME hack: embed scopeid */
3827 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3828 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
3829 return (EINVAL);
3830 }
3831 if (net == NULL) {
3832 memset(&ip6route, 0, sizeof(ip6route));
3833 ro = (sctp_route_t *) & ip6route;
3834 memcpy(&ro->ro_dst, sin6, sin6->sin6_len);
3835 } else {
3836 ro = (sctp_route_t *) & net->ro;
3837 }
3838 if (stcb != NULL) {
3839 if ((stcb->asoc.ecn_allowed) && ecn_ok) {
3840 /* Enable ECN */
3841 tosBottom = (((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) | sctp_get_ect(stcb, chk)) << 4);
3842 } else {
3843 /* No ECN */
3844 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4);
3845 }
3846 } else {
3847 /* we could get no asoc if it is a O-O-T-B packet */
3848 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4);
3849 }
3850 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom | flowTop) << 16) | flowBottom));
3851 if (port) {
3852 ip6h->ip6_nxt = IPPROTO_UDP;
3853 } else {
3854 ip6h->ip6_nxt = IPPROTO_SCTP;
3855 }
3856 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr));
3857 ip6h->ip6_dst = sin6->sin6_addr;
3858
3859 /*
3860 * Add SRC address selection here: we can only reuse to a
3861 * limited degree the kame src-addr-sel, since we can try
3862 * their selection but it may not be bound.
3863 */
3864 bzero(&lsa6_tmp, sizeof(lsa6_tmp));
3865 lsa6_tmp.sin6_family = AF_INET6;
3866 lsa6_tmp.sin6_len = sizeof(lsa6_tmp);
3867 lsa6 = &lsa6_tmp;
3868 if (net && out_of_asoc_ok == 0) {
3869 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) {
3870 sctp_free_ifa(net->ro._s_addr);
3871 net->ro._s_addr = NULL;
3872 net->src_addr_selected = 0;
3873 if (ro->ro_rt) {
3874 RTFREE(ro->ro_rt);
3875 ro->ro_rt = NULL;
3876 }
3877 }
3878 if (net->src_addr_selected == 0) {
3879 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3880 /* KAME hack: embed scopeid */
3881 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3882 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
3883 return (EINVAL);
3884 }
3885 /* Cache the source address */
3886 net->ro._s_addr = sctp_source_address_selection(inp,
3887 stcb,
3888 ro,
3889 net,
3890 0,
3891 vrf_id);
3892 (void)sa6_recoverscope(sin6);
3893 net->src_addr_selected = 1;
3894 }
3895 if (net->ro._s_addr == NULL) {
3896 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n");
3897 net->src_addr_selected = 0;
3898 goto no_route;
3899 }
3900 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr;
3901 } else {
3902 sin6 = (struct sockaddr_in6 *)&ro->ro_dst;
3903 /* KAME hack: embed scopeid */
3904 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3905 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
3906 return (EINVAL);
3907 }
3908 if (over_addr == NULL) {
3909 struct sctp_ifa *_lsrc;
3910
3911 _lsrc = sctp_source_address_selection(inp, stcb, ro,
3912 net,
3913 out_of_asoc_ok,
3914 vrf_id);
3915 if (_lsrc == NULL) {
3916 goto no_route;
3917 }
3918 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr;
3919 sctp_free_ifa(_lsrc);
3920 } else {
3921 lsa6->sin6_addr = over_addr->sin6.sin6_addr;
3922 SCTP_RTALLOC(ro, vrf_id);
3923 }
3924 (void)sa6_recoverscope(sin6);
3925 }
3926 lsa6->sin6_port = inp->sctp_lport;
3927
3928 if (ro->ro_rt == NULL) {
3929 /*
3930 * src addr selection failed to find a route (or
3931 * valid source addr), so we can't get there from
3932 * here!
3933 */
3934 goto no_route;
3935 }
3936 /*
3937 * XXX: sa6 may not have a valid sin6_scope_id in the
3938 * non-SCOPEDROUTING case.
3939 */
3940 bzero(&lsa6_storage, sizeof(lsa6_storage));
3941 lsa6_storage.sin6_family = AF_INET6;
3942 lsa6_storage.sin6_len = sizeof(lsa6_storage);
3943 lsa6_storage.sin6_addr = lsa6->sin6_addr;
3944 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) {
3945 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error);
3946 sctp_m_freem(m);
3947 return (error);
3948 }
3949 /* XXX */
3950 lsa6_storage.sin6_addr = lsa6->sin6_addr;
3951 lsa6_storage.sin6_port = inp->sctp_lport;
3952 lsa6 = &lsa6_storage;
3953 ip6h->ip6_src = lsa6->sin6_addr;
3954
3955 if (port) {
3956 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
3957 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
3958 udp->uh_dport = port;
3959 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr));
3960 udp->uh_sum = 0;
3961 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
3962 } else {
3963 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
3964 }
3965
3966 sctphdr->src_port = src_port;
3967 sctphdr->dest_port = dest_port;
3968 sctphdr->v_tag = v_tag;
3969 sctphdr->checksum = 0;
3970
3971 /*
3972 * We set the hop limit now since there is a good chance
3973 * that our ro pointer is now filled
3974 */
3975 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro);
3976 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
3977
3978#ifdef SCTP_DEBUG
3979 /* Copy to be sure something bad is not happening */
3980 sin6->sin6_addr = ip6h->ip6_dst;
3981 lsa6->sin6_addr = ip6h->ip6_src;
3982#endif
3983
3984 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n");
3985 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: ");
3986 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6);
3987 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: ");
3988 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6);
3989 if (net) {
3990 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3991 /* preserve the port and scope for link local send */
3992 prev_scope = sin6->sin6_scope_id;
3993 prev_port = sin6->sin6_port;
3994 }
3995 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
3996 /* failed to prepend data, give up */
3997 sctp_m_freem(m);
3998 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
3999 return (ENOMEM);
4000 }
4001#ifdef SCTP_PACKET_LOGGING
4002 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
4003 sctp_packet_log(m, packet_length);
4004#endif
4005 SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
4006 if (port) {
4007 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
4008 (stcb) &&
4009 (stcb->asoc.loopback_scope))) {
4010 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
4011 SCTP_STAT_INCR(sctps_sendswcrc);
4012 } else {
4013 SCTP_STAT_INCR(sctps_sendnocrc);
4014 }
4015 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) {
4016 udp->uh_sum = 0xffff;
4017 }
4018 } else {
4019 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
4020 (stcb) &&
4021 (stcb->asoc.loopback_scope))) {
4022 m->m_pkthdr.csum_flags = CSUM_SCTP;
4023 m->m_pkthdr.csum_data = 0;
4024 SCTP_STAT_INCR(sctps_sendhwcrc);
4025 } else {
4026 SCTP_STAT_INCR(sctps_sendnocrc);
4027 }
4028 }
4029 /* send it out. table id is taken from stcb */
4030#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4031 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
4032 so = SCTP_INP_SO(inp);
4033 SCTP_SOCKET_UNLOCK(so, 0);
4034 }
4035#endif
4036 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id);
4037#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4038 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
4039 atomic_add_int(&stcb->asoc.refcnt, 1);
4040 SCTP_TCB_UNLOCK(stcb);
4041 SCTP_SOCKET_LOCK(so, 0);
4042 SCTP_TCB_LOCK(stcb);
4043 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4044 }
4045#endif
4046 if (net) {
4047 /* for link local this must be done */
4048 sin6->sin6_scope_id = prev_scope;
4049 sin6->sin6_port = prev_port;
4050 }
4051 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
4052 SCTP_STAT_INCR(sctps_sendpackets);
4053 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
4054 if (ret) {
4055 SCTP_STAT_INCR(sctps_senderrors);
4056 }
4057 if (net == NULL) {
4058 /* Now if we had a temp route free it */
4059 if (ro->ro_rt) {
4060 RTFREE(ro->ro_rt);
4061 }
4062 } else {
4063 /* PMTU check versus smallest asoc MTU goes here */
4064 if (ro->ro_rt == NULL) {
4065 /* Route was freed */
4066 if (net->ro._s_addr &&
4067 net->src_addr_selected) {
4068 sctp_free_ifa(net->ro._s_addr);
4069 net->ro._s_addr = NULL;
4070 }
4071 net->src_addr_selected = 0;
4072 }
4073 if ((ro->ro_rt != NULL) &&
4074 (net->ro._s_addr)) {
4075 uint32_t mtu;
4076
4077 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
4078 if (mtu &&
4079 (stcb->asoc.smallest_mtu > mtu)) {
4080#ifdef SCTP_PRINT_FOR_B_AND_M
4081 SCTP_PRINTF("sctp_mtu_size_reset called after ip6_output mtu-change:%d\n",
4082 mtu);
4083#endif
4084 sctp_mtu_size_reset(inp, &stcb->asoc, mtu);
4085 net->mtu = mtu;
4086 if (net->port) {
4087 net->mtu -= sizeof(struct udphdr);
4088 }
4089 }
4090 } else if (ifp) {
4091 if (ND_IFINFO(ifp)->linkmtu &&
4092 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) {
4093#ifdef SCTP_PRINT_FOR_B_AND_M
4094 SCTP_PRINTF("sctp_mtu_size_reset called via ifp ND_IFINFO() linkmtu:%d\n",
4095 ND_IFINFO(ifp)->linkmtu);
4096#endif
4097 sctp_mtu_size_reset(inp,
4098 &stcb->asoc,
4099 ND_IFINFO(ifp)->linkmtu);
4100 }
4101 }
4102 }
4103 return (ret);
4104 }
4105#endif
4106 else {
4107 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n",
4108 ((struct sockaddr *)to)->sa_family);
4109 sctp_m_freem(m);
4110 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
4111 return (EFAULT);
4112 }
4113}
4114
4115
4116void
4117sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked
4118#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
4119 SCTP_UNUSED
4120#endif
4121)
4122{
4123 struct mbuf *m, *m_at, *mp_last;
4124 struct sctp_nets *net;
4125 struct sctp_init_chunk *init;
4126 struct sctp_supported_addr_param *sup_addr;
4127 struct sctp_adaptation_layer_indication *ali;
4128 struct sctp_ecn_supported_param *ecn;
4129 struct sctp_prsctp_supported_param *prsctp;
4130 struct sctp_ecn_nonce_supported_param *ecn_nonce;
4131 struct sctp_supported_chunk_types_param *pr_supported;
4132 int cnt_inits_to = 0;
4133 int padval, ret;
4134 int num_ext;
4135 int p_len;
4136
4137 /* INIT's always go to the primary (and usually ONLY address) */
4138 mp_last = NULL;
4139 net = stcb->asoc.primary_destination;
4140 if (net == NULL) {
4141 net = TAILQ_FIRST(&stcb->asoc.nets);
4142 if (net == NULL) {
4143 /* TSNH */
4144 return;
4145 }
4146 /* we confirm any address we send an INIT to */
4147 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
4148 (void)sctp_set_primary_addr(stcb, NULL, net);
4149 } else {
4150 /* we confirm any address we send an INIT to */
4151 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
4152 }
4153 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n");
4154#ifdef INET6
4155 if (((struct sockaddr *)&(net->ro._l_addr))->sa_family == AF_INET6) {
4156 /*
4157 * special hook, if we are sending to link local it will not
4158 * show up in our private address count.
4159 */
4160 struct sockaddr_in6 *sin6l;
4161
4162 sin6l = &net->ro._l_addr.sin6;
4163 if (IN6_IS_ADDR_LINKLOCAL(&sin6l->sin6_addr))
4164 cnt_inits_to = 1;
4165 }
4166#endif
4167 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4168 /* This case should not happen */
4169 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n");
4170 return;
4171 }
4172 /* start the INIT timer */
4173 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net);
4174
4175 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA);
4176 if (m == NULL) {
4177 /* No memory, INIT timer will re-attempt. */
4178 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n");
4179 return;
4180 }
4181 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
4182 /*
4183 * assume peer supports asconf in order to be able to queue local
4184 * address changes while an INIT is in flight and before the assoc
4185 * is established.
4186 */
4187 stcb->asoc.peer_supports_asconf = 1;
4188 /* Now lets put the SCTP header in place */
4189 init = mtod(m, struct sctp_init_chunk *);
4190 /* now the chunk header */
4191 init->ch.chunk_type = SCTP_INITIATION;
4192 init->ch.chunk_flags = 0;
4193 /* fill in later from mbuf we build */
4194 init->ch.chunk_length = 0;
4195 /* place in my tag */
4196 init->init.initiate_tag = htonl(stcb->asoc.my_vtag);
4197 /* set up some of the credits. */
4198 init->init.a_rwnd = htonl(max(inp->sctp_socket ? SCTP_SB_LIMIT_RCV(inp->sctp_socket) : 0,
4199 SCTP_MINIMAL_RWND));
4200
4201 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams);
4202 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams);
4203 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number);
4204 /* now the address restriction */
4205 sup_addr = (struct sctp_supported_addr_param *)((caddr_t)init +
4206 sizeof(*init));
4207 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE);
4208#ifdef INET6
4209 /* we support 2 types: IPv6/IPv4 */
4210 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint16_t));
4211 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS);
4212 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS);
4213#else
4214 /* we support 1 type: IPv4 */
4215 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint8_t));
4216 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS);
4217 sup_addr->addr_type[1] = htons(0); /* this is the padding */
4218#endif
4219 SCTP_BUF_LEN(m) += sizeof(*sup_addr) + sizeof(uint16_t);
4220 /* adaptation layer indication parameter */
4221 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t));
4222 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
4223 ali->ph.param_length = htons(sizeof(*ali));
4224 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator);
4225 SCTP_BUF_LEN(m) += sizeof(*ali);
4226 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali));
4227
4228 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) {
4229 /* Add NAT friendly parameter */
4230 struct sctp_paramhdr *ph;
4231
4232 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4233 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
4234 ph->param_length = htons(sizeof(struct sctp_paramhdr));
4235 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr);
4236 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ph + sizeof(*ph));
4237 }
4238 /* now any cookie time extensions */
4239 if (stcb->asoc.cookie_preserve_req) {
4240 struct sctp_cookie_perserve_param *cookie_preserve;
4241
4242 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn);
4243 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE);
4244 cookie_preserve->ph.param_length = htons(
4245 sizeof(*cookie_preserve));
4246 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req);
4247 SCTP_BUF_LEN(m) += sizeof(*cookie_preserve);
4248 ecn = (struct sctp_ecn_supported_param *)(
4249 (caddr_t)cookie_preserve + sizeof(*cookie_preserve));
4250 stcb->asoc.cookie_preserve_req = 0;
4251 }
4252 /* ECN parameter */
4253 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) {
4254 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE);
4255 ecn->ph.param_length = htons(sizeof(*ecn));
4256 SCTP_BUF_LEN(m) += sizeof(*ecn);
4257 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn +
4258 sizeof(*ecn));
4259 } else {
4260 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn);
4261 }
4262 /* And now tell the peer we do pr-sctp */
4263 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED);
4264 prsctp->ph.param_length = htons(sizeof(*prsctp));
4265 SCTP_BUF_LEN(m) += sizeof(*prsctp);
4266
4267 /* And now tell the peer we do all the extensions */
4268 pr_supported = (struct sctp_supported_chunk_types_param *)
4269 ((caddr_t)prsctp + sizeof(*prsctp));
4270 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
4271 num_ext = 0;
4272 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
4273 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
4274 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
4275 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
4276 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
4277 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) {
4278 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
4279 }
4280 /*
4281 * EY if the initiator supports nr_sacks, need to report that to
4282 * responder in INIT chunk
4283 */
4284 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) {
4285 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
4286 }
4287 p_len = sizeof(*pr_supported) + num_ext;
4288 pr_supported->ph.param_length = htons(p_len);
4289 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len);
4290 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4291
4292
4293 /* ECN nonce: And now tell the peer we support ECN nonce */
4294 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) {
4295 ecn_nonce = (struct sctp_ecn_nonce_supported_param *)
4296 ((caddr_t)pr_supported + SCTP_SIZE32(p_len));
4297 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED);
4298 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce));
4299 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce);
4300 }
4301 /* add authentication parameters */
4302 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) {
4303 struct sctp_auth_random *randp;
4304 struct sctp_auth_hmac_algo *hmacs;
4305 struct sctp_auth_chunk_list *chunks;
4306
4307 /* attach RANDOM parameter, if available */
4308 if (stcb->asoc.authinfo.random != NULL) {
4309 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4310 p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len;
4311 /* random key already contains the header */
4312 bcopy(stcb->asoc.authinfo.random->key, randp, p_len);
4313 /* zero out any padding required */
4314 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
4315 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4316 }
4317 /* add HMAC_ALGO parameter */
4318 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4319 p_len = sctp_serialize_hmaclist(stcb->asoc.local_hmacs,
4320 (uint8_t *) hmacs->hmac_ids);
4321 if (p_len > 0) {
4322 p_len += sizeof(*hmacs);
4323 hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
4324 hmacs->ph.param_length = htons(p_len);
4325 /* zero out any padding required */
4326 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len);
4327 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4328 }
4329 /* add CHUNKS parameter */
4330 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
4331 p_len = sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks,
4332 chunks->chunk_types);
4333 if (p_len > 0) {
4334 p_len += sizeof(*chunks);
4335 chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
4336 chunks->ph.param_length = htons(p_len);
4337 /* zero out any padding required */
4338 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len);
4339 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
4340 }
4341 }
4342 m_at = m;
4343 /* now the addresses */
4344 {
4345 struct sctp_scoping scp;
4346
4347 /*
4348 * To optimize this we could put the scoping stuff into a
4349 * structure and remove the individual uint8's from the
4350 * assoc structure. Then we could just sifa in the address
4351 * within the stcb.. but for now this is a quick hack to get
4352 * the address stuff teased apart.
4353 */
4354 scp.ipv4_addr_legal = stcb->asoc.ipv4_addr_legal;
4355 scp.ipv6_addr_legal = stcb->asoc.ipv6_addr_legal;
4356 scp.loopback_scope = stcb->asoc.loopback_scope;
4357 scp.ipv4_local_scope = stcb->asoc.ipv4_local_scope;
4358 scp.local_scope = stcb->asoc.local_scope;
4359 scp.site_scope = stcb->asoc.site_scope;
4360
4361 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to);
4362 }
4363
4364 /* calulate the size and update pkt header and chunk header */
4365 p_len = 0;
4366 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
4367 if (SCTP_BUF_NEXT(m_at) == NULL)
4368 mp_last = m_at;
4369 p_len += SCTP_BUF_LEN(m_at);
4370 }
4371 init->ch.chunk_length = htons(p_len);
4372 /*
4373 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return
4374 * here since the timer will drive a retranmission.
4375 */
4376
4377 /* I don't expect this to execute but we will be safe here */
4378 padval = p_len % 4;
4379 if ((padval) && (mp_last)) {
4380 /*
4381 * The compiler worries that mp_last may not be set even
4382 * though I think it is impossible :-> however we add
4383 * mp_last here just in case.
4384 */
4385 ret = sctp_add_pad_tombuf(mp_last, (4 - padval));
4386 if (ret) {
4387 /* Houston we have a problem, no space */
4388 sctp_m_freem(m);
4389 return;
4390 }
4391 p_len += padval;
4392 }
4393 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n");
4394 ret = sctp_lowlevel_chunk_output(inp, stcb, net,
4395 (struct sockaddr *)&net->ro._l_addr,
4396 m, 0, NULL, 0, 0, 0, NULL, 0,
4397 inp->sctp_lport, stcb->rport, htonl(0),
4398 net->port, so_locked, NULL);
4399 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret);
4400 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
4401 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time);
4402}
4403
4404struct mbuf *
4405sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
4406 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly)
4407{
4408 /*
4409 * Given a mbuf containing an INIT or INIT-ACK with the param_offset
4410 * being equal to the beginning of the params i.e. (iphlen +
4411 * sizeof(struct sctp_init_msg) parse through the parameters to the
4412 * end of the mbuf verifying that all parameters are known.
4413 *
4414 * For unknown parameters build and return a mbuf with
4415 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop
4416 * processing this chunk stop, and set *abort_processing to 1.
4417 *
4418 * By having param_offset be pre-set to where parameters begin it is
4419 * hoped that this routine may be reused in the future by new
4420 * features.
4421 */
4422 struct sctp_paramhdr *phdr, params;
4423
4424 struct mbuf *mat, *op_err;
4425 char tempbuf[SCTP_PARAM_BUFFER_SIZE];
4426 int at, limit, pad_needed;
4427 uint16_t ptype, plen, padded_size;
4428 int err_at;
4429
4430 *abort_processing = 0;
4431 mat = in_initpkt;
4432 err_at = 0;
4433 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk);
4434 at = param_offset;
4435 op_err = NULL;
4436 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n");
4437 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params));
4438 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) {
4439 ptype = ntohs(phdr->param_type);
4440 plen = ntohs(phdr->param_length);
4441 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) {
4442 /* wacked parameter */
4443 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen);
4444 goto invalid_size;
4445 }
4446 limit -= SCTP_SIZE32(plen);
4447 /*-
4448 * All parameters for all chunks that we know/understand are
4449 * listed here. We process them other places and make
4450 * appropriate stop actions per the upper bits. However this
4451 * is the generic routine processor's can call to get back
4452 * an operr.. to either incorporate (init-ack) or send.
4453 */
4454 padded_size = SCTP_SIZE32(plen);
4455 switch (ptype) {
4456 /* Param's with variable size */
4457 case SCTP_HEARTBEAT_INFO:
4458 case SCTP_STATE_COOKIE:
4459 case SCTP_UNRECOG_PARAM:
4460 case SCTP_ERROR_CAUSE_IND:
4461 /* ok skip fwd */
4462 at += padded_size;
4463 break;
4464 /* Param's with variable size within a range */
4465 case SCTP_CHUNK_LIST:
4466 case SCTP_SUPPORTED_CHUNK_EXT:
4467 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) {
4468 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen);
4469 goto invalid_size;
4470 }
4471 at += padded_size;
4472 break;
4473 case SCTP_SUPPORTED_ADDRTYPE:
4474 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) {
4475 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen);
4476 goto invalid_size;
4477 }
4478 at += padded_size;
4479 break;
4480 case SCTP_RANDOM:
4481 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) {
4482 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen);
4483 goto invalid_size;
4484 }
4485 at += padded_size;
4486 break;
4487 case SCTP_SET_PRIM_ADDR:
4488 case SCTP_DEL_IP_ADDRESS:
4489 case SCTP_ADD_IP_ADDRESS:
4490 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) &&
4491 (padded_size != sizeof(struct sctp_asconf_addr_param))) {
4492 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen);
4493 goto invalid_size;
4494 }
4495 at += padded_size;
4496 break;
4497 /* Param's with a fixed size */
4498 case SCTP_IPV4_ADDRESS:
4499 if (padded_size != sizeof(struct sctp_ipv4addr_param)) {
4500 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen);
4501 goto invalid_size;
4502 }
4503 at += padded_size;
4504 break;
4505 case SCTP_IPV6_ADDRESS:
4506 if (padded_size != sizeof(struct sctp_ipv6addr_param)) {
4507 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen);
4508 goto invalid_size;
4509 }
4510 at += padded_size;
4511 break;
4512 case SCTP_COOKIE_PRESERVE:
4513 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) {
4514 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen);
4515 goto invalid_size;
4516 }
4517 at += padded_size;
4518 break;
4519 case SCTP_HAS_NAT_SUPPORT:
4520 *nat_friendly = 1;
4521 /* fall through */
4522 case SCTP_ECN_NONCE_SUPPORTED:
4523 case SCTP_PRSCTP_SUPPORTED:
4524
4525 if (padded_size != sizeof(struct sctp_paramhdr)) {
4526 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecnnonce/prsctp/nat support %d\n", plen);
4527 goto invalid_size;
4528 }
4529 at += padded_size;
4530 break;
4531 case SCTP_ECN_CAPABLE:
4532 if (padded_size != sizeof(struct sctp_ecn_supported_param)) {
4533 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen);
4534 goto invalid_size;
4535 }
4536 at += padded_size;
4537 break;
4538 case SCTP_ULP_ADAPTATION:
4539 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) {
4540 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen);
4541 goto invalid_size;
4542 }
4543 at += padded_size;
4544 break;
4545 case SCTP_SUCCESS_REPORT:
4546 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) {
4547 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen);
4548 goto invalid_size;
4549 }
4550 at += padded_size;
4551 break;
4552 case SCTP_HOSTNAME_ADDRESS:
4553 {
4554 /* We can NOT handle HOST NAME addresses!! */
4555 int l_len;
4556
4557 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n");
4558 *abort_processing = 1;
4559 if (op_err == NULL) {
4560 /* Ok need to try to get a mbuf */
4561#ifdef INET6
4562 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4563#else
4564 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4565#endif
4566 l_len += plen;
4567 l_len += sizeof(struct sctp_paramhdr);
4568 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA);
4569 if (op_err) {
4570 SCTP_BUF_LEN(op_err) = 0;
4571 /*
4572 * pre-reserve space for ip
4573 * and sctp header and
4574 * chunk hdr
4575 */
4576#ifdef INET6
4577 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
4578#else
4579 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
4580#endif
4581 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
4582 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
4583 }
4584 }
4585 if (op_err) {
4586 /* If we have space */
4587 struct sctp_paramhdr s;
4588
4589 if (err_at % 4) {
4590 uint32_t cpthis = 0;
4591
4592 pad_needed = 4 - (err_at % 4);
4593 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
4594 err_at += pad_needed;
4595 }
4596 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
4597 s.param_length = htons(sizeof(s) + plen);
4598 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
4599 err_at += sizeof(s);
4600 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen));
4601 if (phdr == NULL) {
4602 sctp_m_freem(op_err);
4603 /*
4604 * we are out of memory but
4605 * we still need to have a
4606 * look at what to do (the
4607 * system is in trouble
4608 * though).
4609 */
4610 return (NULL);
4611 }
4612 m_copyback(op_err, err_at, plen, (caddr_t)phdr);
4613 err_at += plen;
4614 }
4615 return (op_err);
4616 break;
4617 }
4618 default:
4619 /*
4620 * we do not recognize the parameter figure out what
4621 * we do.
4622 */
4623 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype);
4624 if ((ptype & 0x4000) == 0x4000) {
4625 /* Report bit is set?? */
4626 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n");
4627 if (op_err == NULL) {
4628 int l_len;
4629
4630 /* Ok need to try to get an mbuf */
4631#ifdef INET6
4632 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4633#else
4634 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4635#endif
4636 l_len += plen;
4637 l_len += sizeof(struct sctp_paramhdr);
4638 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA);
4639 if (op_err) {
4640 SCTP_BUF_LEN(op_err) = 0;
4641#ifdef INET6
4642 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
4643#else
4644 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
4645#endif
4646 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
4647 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
4648 }
4649 }
4650 if (op_err) {
4651 /* If we have space */
4652 struct sctp_paramhdr s;
4653
4654 if (err_at % 4) {
4655 uint32_t cpthis = 0;
4656
4657 pad_needed = 4 - (err_at % 4);
4658 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
4659 err_at += pad_needed;
4660 }
4661 s.param_type = htons(SCTP_UNRECOG_PARAM);
4662 s.param_length = htons(sizeof(s) + plen);
4663 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
4664 err_at += sizeof(s);
4665 if (plen > sizeof(tempbuf)) {
4666 plen = sizeof(tempbuf);
4667 }
4668 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen));
4669 if (phdr == NULL) {
4670 sctp_m_freem(op_err);
4671 /*
4672 * we are out of memory but
4673 * we still need to have a
4674 * look at what to do (the
4675 * system is in trouble
4676 * though).
4677 */
4678 op_err = NULL;
4679 goto more_processing;
4680 }
4681 m_copyback(op_err, err_at, plen, (caddr_t)phdr);
4682 err_at += plen;
4683 }
4684 }
4685 more_processing:
4686 if ((ptype & 0x8000) == 0x0000) {
4687 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n");
4688 return (op_err);
4689 } else {
4690 /* skip this chunk and continue processing */
4691 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n");
4692 at += SCTP_SIZE32(plen);
4693 }
4694 break;
4695
4696 }
4697 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params));
4698 }
4699 return (op_err);
4700invalid_size:
4701 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n");
4702 *abort_processing = 1;
4703 if ((op_err == NULL) && phdr) {
4704 int l_len;
4705
4706#ifdef INET6
4707 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4708#else
4709 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
4710#endif
4711 l_len += (2 * sizeof(struct sctp_paramhdr));
4712 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA);
4713 if (op_err) {
4714 SCTP_BUF_LEN(op_err) = 0;
4715#ifdef INET6
4716 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
4717#else
4718 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
4719#endif
4720 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
4721 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
4722 }
4723 }
4724 if ((op_err) && phdr) {
4725 struct sctp_paramhdr s;
4726
4727 if (err_at % 4) {
4728 uint32_t cpthis = 0;
4729
4730 pad_needed = 4 - (err_at % 4);
4731 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
4732 err_at += pad_needed;
4733 }
4734 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
4735 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr));
4736 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
4737 err_at += sizeof(s);
4738 /* Only copy back the p-hdr that caused the issue */
4739 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr);
4740 }
4741 return (op_err);
4742}
4743
4744static int
4745sctp_are_there_new_addresses(struct sctp_association *asoc,
4746 struct mbuf *in_initpkt, int iphlen, int offset)
4747{
4748 /*
4749 * Given a INIT packet, look through the packet to verify that there
4750 * are NO new addresses. As we go through the parameters add reports
4751 * of any un-understood parameters that require an error. Also we
4752 * must return (1) to drop the packet if we see a un-understood
4753 * parameter that tells us to drop the chunk.
4754 */
4755 struct sockaddr_in sin4, *sa4;
4756
4757#ifdef INET6
4758 struct sockaddr_in6 sin6, *sa6;
4759
4760#endif
4761 struct sockaddr *sa_touse;
4762 struct sockaddr *sa;
4763 struct sctp_paramhdr *phdr, params;
4764 struct ip *iph;
4765
4766#ifdef INET6
4767 struct ip6_hdr *ip6h;
4768
4769#endif
4770 struct mbuf *mat;
4771 uint16_t ptype, plen;
4772 int err_at;
4773 uint8_t fnd;
4774 struct sctp_nets *net;
4775
4776 memset(&sin4, 0, sizeof(sin4));
4777#ifdef INET6
4778 memset(&sin6, 0, sizeof(sin6));
4779#endif
4780 sin4.sin_family = AF_INET;
4781 sin4.sin_len = sizeof(sin4);
4782#ifdef INET6
4783 sin6.sin6_family = AF_INET6;
4784 sin6.sin6_len = sizeof(sin6);
4785#endif
4786 sa_touse = NULL;
4787 /* First what about the src address of the pkt ? */
4788 iph = mtod(in_initpkt, struct ip *);
4789 switch (iph->ip_v) {
4790 case IPVERSION:
4791 /* source addr is IPv4 */
4792 sin4.sin_addr = iph->ip_src;
4793 sa_touse = (struct sockaddr *)&sin4;
4794 break;
4795#ifdef INET6
4796 case IPV6_VERSION >> 4:
4797 /* source addr is IPv6 */
4798 ip6h = mtod(in_initpkt, struct ip6_hdr *);
4799 sin6.sin6_addr = ip6h->ip6_src;
4800 sa_touse = (struct sockaddr *)&sin6;
4801 break;
4802#endif
4803 default:
4804 return (1);
4805 }
4806
4807 fnd = 0;
4808 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4809 sa = (struct sockaddr *)&net->ro._l_addr;
4810 if (sa->sa_family == sa_touse->sa_family) {
4811 if (sa->sa_family == AF_INET) {
4812 sa4 = (struct sockaddr_in *)sa;
4813 if (sa4->sin_addr.s_addr ==
4814 sin4.sin_addr.s_addr) {
4815 fnd = 1;
4816 break;
4817 }
4818 }
4819#ifdef INET6
4820 if (sa->sa_family == AF_INET6) {
4821 sa6 = (struct sockaddr_in6 *)sa;
4822 if (SCTP6_ARE_ADDR_EQUAL(sa6,
4823 &sin6)) {
4824 fnd = 1;
4825 break;
4826 }
4827 }
4828#endif
4829 }
4830 }
4831 if (fnd == 0) {
4832 /* New address added! no need to look futher. */
4833 return (1);
4834 }
4835 /* Ok so far lets munge through the rest of the packet */
4836 mat = in_initpkt;
4837 err_at = 0;
4838 sa_touse = NULL;
4839 offset += sizeof(struct sctp_init_chunk);
4840 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params));
4841 while (phdr) {
4842 ptype = ntohs(phdr->param_type);
4843 plen = ntohs(phdr->param_length);
4844 if (ptype == SCTP_IPV4_ADDRESS) {
4845 struct sctp_ipv4addr_param *p4, p4_buf;
4846
4847 phdr = sctp_get_next_param(mat, offset,
4848 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf));
4849 if (plen != sizeof(struct sctp_ipv4addr_param) ||
4850 phdr == NULL) {
4851 return (1);
4852 }
4853 p4 = (struct sctp_ipv4addr_param *)phdr;
4854 sin4.sin_addr.s_addr = p4->addr;
4855 sa_touse = (struct sockaddr *)&sin4;
4856 } else if (ptype == SCTP_IPV6_ADDRESS) {
4857 struct sctp_ipv6addr_param *p6, p6_buf;
4858
4859 phdr = sctp_get_next_param(mat, offset,
4860 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf));
4861 if (plen != sizeof(struct sctp_ipv6addr_param) ||
4862 phdr == NULL) {
4863 return (1);
4864 }
4865 p6 = (struct sctp_ipv6addr_param *)phdr;
4866#ifdef INET6
4867 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
4868 sizeof(p6->addr));
4869#endif
4870 sa_touse = (struct sockaddr *)&sin4;
4871 }
4872 if (sa_touse) {
4873 /* ok, sa_touse points to one to check */
4874 fnd = 0;
4875 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4876 sa = (struct sockaddr *)&net->ro._l_addr;
4877 if (sa->sa_family != sa_touse->sa_family) {
4878 continue;
4879 }
4880 if (sa->sa_family == AF_INET) {
4881 sa4 = (struct sockaddr_in *)sa;
4882 if (sa4->sin_addr.s_addr ==
4883 sin4.sin_addr.s_addr) {
4884 fnd = 1;
4885 break;
4886 }
4887 }
4888#ifdef INET6
4889 if (sa->sa_family == AF_INET6) {
4890 sa6 = (struct sockaddr_in6 *)sa;
4891 if (SCTP6_ARE_ADDR_EQUAL(
4892 sa6, &sin6)) {
4893 fnd = 1;
4894 break;
4895 }
4896 }
4897#endif
4898 }
4899 if (!fnd) {
4900 /* New addr added! no need to look further */
4901 return (1);
4902 }
4903 }
4904 offset += SCTP_SIZE32(plen);
4905 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params));
4906 }
4907 return (0);
4908}
4909
4910/*
4911 * Given a MBUF chain that was sent into us containing an INIT. Build a
4912 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done
4913 * a pullup to include IPv6/4header, SCTP header and initial part of INIT
4914 * message (i.e. the struct sctp_init_msg).
4915 */
4916void
4917sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
4918 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh,
4919 struct sctp_init_chunk *init_chk, uint32_t vrf_id, uint16_t port, int hold_inp_lock)
4920{
4921 struct sctp_association *asoc;
4922 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *mp_last;
4923 struct sctp_init_ack_chunk *initack;
4924 struct sctp_adaptation_layer_indication *ali;
4925 struct sctp_ecn_supported_param *ecn;
4926 struct sctp_prsctp_supported_param *prsctp;
4927 struct sctp_ecn_nonce_supported_param *ecn_nonce;
4928 struct sctp_supported_chunk_types_param *pr_supported;
4929 union sctp_sockstore store, store1, *over_addr;
4930 struct sockaddr_in *sin, *to_sin;
4931
4932#ifdef INET6
4933 struct sockaddr_in6 *sin6, *to_sin6;
4934
4935#endif
4936 struct ip *iph;
4937
4938#ifdef INET6
4939 struct ip6_hdr *ip6;
4940
4941#endif
4942 struct sockaddr *to;
4943 struct sctp_state_cookie stc;
4944 struct sctp_nets *net = NULL;
4945 uint8_t *signature = NULL;
4946 int cnt_inits_to = 0;
4947 uint16_t his_limit, i_want;
4948 int abort_flag, padval;
4949 int num_ext;
4950 int p_len;
4951 int nat_friendly = 0;
4952 struct socket *so;
4953
4954 if (stcb)
4955 asoc = &stcb->asoc;
4956 else
4957 asoc = NULL;
4958 mp_last = NULL;
4959 if ((asoc != NULL) &&
4960 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) &&
4961 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) {
4962 /* new addresses, out of here in non-cookie-wait states */
4963 /*
4964 * Send a ABORT, we don't add the new address error clause
4965 * though we even set the T bit and copy in the 0 tag.. this
4966 * looks no different than if no listener was present.
4967 */
4968 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL, vrf_id, port);
4969 return;
4970 }
4971 abort_flag = 0;
4972 op_err = sctp_arethere_unrecognized_parameters(init_pkt,
4973 (offset + sizeof(struct sctp_init_chunk)),
4974 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly);
4975 if (abort_flag) {
4976do_a_abort:
4977 sctp_send_abort(init_pkt, iphlen, sh,
4978 init_chk->init.initiate_tag, op_err, vrf_id, port);
4979 return;
4980 }
4981 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
4982 if (m == NULL) {
4983 /* No memory, INIT timer will re-attempt. */
4984 if (op_err)
4985 sctp_m_freem(op_err);
4986 return;
4987 }
4988 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
4989
4990 /* the time I built cookie */
4991 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);
4992
4993 /* populate any tie tags */
4994 if (asoc != NULL) {
4995 /* unlock before tag selections */
4996 stc.tie_tag_my_vtag = asoc->my_vtag_nonce;
4997 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce;
4998 stc.cookie_life = asoc->cookie_life;
4999 net = asoc->primary_destination;
5000 } else {
5001 stc.tie_tag_my_vtag = 0;
5002 stc.tie_tag_peer_vtag = 0;
5003 /* life I will award this cookie */
5004 stc.cookie_life = inp->sctp_ep.def_cookie_life;
5005 }
5006
5007 /* copy in the ports for later check */
5008 stc.myport = sh->dest_port;
5009 stc.peerport = sh->src_port;
5010
5011 /*
5012 * If we wanted to honor cookie life extentions, we would add to
5013 * stc.cookie_life. For now we should NOT honor any extension
5014 */
5015 stc.site_scope = stc.local_scope = stc.loopback_scope = 0;
5016 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
5017 struct inpcb *in_inp;
5018
5019 /* Its a V6 socket */
5020 in_inp = (struct inpcb *)inp;
5021 stc.ipv6_addr_legal = 1;
5022 /* Now look at the binding flag to see if V4 will be legal */
5023 if (SCTP_IPV6_V6ONLY(in_inp) == 0) {
5024 stc.ipv4_addr_legal = 1;
5025 } else {
5026 /* V4 addresses are NOT legal on the association */
5027 stc.ipv4_addr_legal = 0;
5028 }
5029 } else {
5030 /* Its a V4 socket, no - V6 */
5031 stc.ipv4_addr_legal = 1;
5032 stc.ipv6_addr_legal = 0;
5033 }
5034
5035#ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
5036 stc.ipv4_scope = 1;
5037#else
5038 stc.ipv4_scope = 0;
5039#endif
5040 /* now for scope setup */
5041 memset((caddr_t)&store, 0, sizeof(store));
5042 memset((caddr_t)&store1, 0, sizeof(store1));
5043 sin = &store.sin;
5044 to_sin = &store1.sin;
5045#ifdef INET6
5046 sin6 = &store.sin6;
5047 to_sin6 = &store1.sin6;
5048#endif
5049 iph = mtod(init_pkt, struct ip *);
5050 /* establish the to_addr's */
5051 switch (iph->ip_v) {
5052 case IPVERSION:
5053 to_sin->sin_port = sh->dest_port;
5054 to_sin->sin_family = AF_INET;
5055 to_sin->sin_len = sizeof(struct sockaddr_in);
5056 to_sin->sin_addr = iph->ip_dst;
5057 break;
5058#ifdef INET6
5059 case IPV6_VERSION >> 4:
5060 ip6 = mtod(init_pkt, struct ip6_hdr *);
5061 to_sin6->sin6_addr = ip6->ip6_dst;
5062 to_sin6->sin6_scope_id = 0;
5063 to_sin6->sin6_port = sh->dest_port;
5064 to_sin6->sin6_family = AF_INET6;
5065 to_sin6->sin6_len = sizeof(struct sockaddr_in6);
5066 break;
5067#endif
5068 default:
5069 goto do_a_abort;
5070 break;
5071 };
5072
5073 if (net == NULL) {
5074 to = (struct sockaddr *)&store;
5075 switch (iph->ip_v) {
5076 case IPVERSION:
5077 {
5078 sin->sin_family = AF_INET;
5079 sin->sin_len = sizeof(struct sockaddr_in);
5080 sin->sin_port = sh->src_port;
5081 sin->sin_addr = iph->ip_src;
5082 /* lookup address */
5083 stc.address[0] = sin->sin_addr.s_addr;
5084 stc.address[1] = 0;
5085 stc.address[2] = 0;
5086 stc.address[3] = 0;
5087 stc.addr_type = SCTP_IPV4_ADDRESS;
5088 /* local from address */
5089 stc.laddress[0] = to_sin->sin_addr.s_addr;
5090 stc.laddress[1] = 0;
5091 stc.laddress[2] = 0;
5092 stc.laddress[3] = 0;
5093 stc.laddr_type = SCTP_IPV4_ADDRESS;
5094 /* scope_id is only for v6 */
5095 stc.scope_id = 0;
5096#ifndef SCTP_DONT_DO_PRIVADDR_SCOPE
5097 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
5098 stc.ipv4_scope = 1;
5099 }
5100#else
5101 stc.ipv4_scope = 1;
5102#endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */
5103 /* Must use the address in this case */
5104 if (sctp_is_address_on_local_host((struct sockaddr *)sin, vrf_id)) {
5105 stc.loopback_scope = 1;
5106 stc.ipv4_scope = 1;
5107 stc.site_scope = 1;
5108 stc.local_scope = 0;
5109 }
5110 break;
5111 }
5112#ifdef INET6
5113 case IPV6_VERSION >> 4:
5114 {
5115 ip6 = mtod(init_pkt, struct ip6_hdr *);
5116 sin6->sin6_family = AF_INET6;
5117 sin6->sin6_len = sizeof(struct sockaddr_in6);
5118 sin6->sin6_port = sh->src_port;
5119 sin6->sin6_addr = ip6->ip6_src;
5120 /* lookup address */
5121 memcpy(&stc.address, &sin6->sin6_addr,
5122 sizeof(struct in6_addr));
5123 sin6->sin6_scope_id = 0;
5124 stc.addr_type = SCTP_IPV6_ADDRESS;
5125 stc.scope_id = 0;
5126 if (sctp_is_address_on_local_host((struct sockaddr *)sin6, vrf_id)) {
5127 /*
5128 * FIX ME: does this have scope from
5129 * rcvif?
5130 */
5131 (void)sa6_recoverscope(sin6);
5132 stc.scope_id = sin6->sin6_scope_id;
5133 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
5134 stc.loopback_scope = 1;
5135 stc.local_scope = 0;
5136 stc.site_scope = 1;
5137 stc.ipv4_scope = 1;
5138 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
5139 /*
5140 * If the new destination is a
5141 * LINK_LOCAL we must have common
5142 * both site and local scope. Don't
5143 * set local scope though since we
5144 * must depend on the source to be
5145 * added implicitly. We cannot
5146 * assure just because we share one
5147 * link that all links are common.
5148 */
5149 stc.local_scope = 0;
5150 stc.site_scope = 1;
5151 stc.ipv4_scope = 1;
5152 /*
5153 * we start counting for the private
5154 * address stuff at 1. since the
5155 * link local we source from won't
5156 * show up in our scoped count.
5157 */
5158 cnt_inits_to = 1;
5159 /*
5160 * pull out the scope_id from
5161 * incoming pkt
5162 */
5163 /*
5164 * FIX ME: does this have scope from
5165 * rcvif?
5166 */
5167 (void)sa6_recoverscope(sin6);
5168 stc.scope_id = sin6->sin6_scope_id;
5169 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
5170 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
5171 /*
5172 * If the new destination is
5173 * SITE_LOCAL then we must have site
5174 * scope in common.
5175 */
5176 stc.site_scope = 1;
5177 }
5178 memcpy(&stc.laddress, &to_sin6->sin6_addr, sizeof(struct in6_addr));
5179 stc.laddr_type = SCTP_IPV6_ADDRESS;
5180 break;
5181 }
5182#endif
5183 default:
5184 /* TSNH */
5185 goto do_a_abort;
5186 break;
5187 }
5188 } else {
5189 /* set the scope per the existing tcb */
5190
5191#ifdef INET6
5192 struct sctp_nets *lnet;
5193
5194#endif
5195
5196 stc.loopback_scope = asoc->loopback_scope;
5197 stc.ipv4_scope = asoc->ipv4_local_scope;
5198 stc.site_scope = asoc->site_scope;
5199 stc.local_scope = asoc->local_scope;
5200#ifdef INET6
5201 /* Why do we not consider IPv4 LL addresses? */
5202 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
5203 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) {
5204 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) {
5205 /*
5206 * if we have a LL address, start
5207 * counting at 1.
5208 */
5209 cnt_inits_to = 1;
5210 }
5211 }
5212 }
5213#endif
5214 /* use the net pointer */
5215 to = (struct sockaddr *)&net->ro._l_addr;
5216 switch (to->sa_family) {
5217 case AF_INET:
5218 sin = (struct sockaddr_in *)to;
5219 stc.address[0] = sin->sin_addr.s_addr;
5220 stc.address[1] = 0;
5221 stc.address[2] = 0;
5222 stc.address[3] = 0;
5223 stc.addr_type = SCTP_IPV4_ADDRESS;
5224 if (net->src_addr_selected == 0) {
5225 /*
5226 * strange case here, the INIT should have
5227 * did the selection.
5228 */
5229 net->ro._s_addr = sctp_source_address_selection(inp,
5230 stcb, (sctp_route_t *) & net->ro,
5231 net, 0, vrf_id);
5232 if (net->ro._s_addr == NULL)
5233 return;
5234
5235 net->src_addr_selected = 1;
5236
5237 }
5238 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr;
5239 stc.laddress[1] = 0;
5240 stc.laddress[2] = 0;
5241 stc.laddress[3] = 0;
5242 stc.laddr_type = SCTP_IPV4_ADDRESS;
5243 break;
5244#ifdef INET6
5245 case AF_INET6:
5246 sin6 = (struct sockaddr_in6 *)to;
5247 memcpy(&stc.address, &sin6->sin6_addr,
5248 sizeof(struct in6_addr));
5249 stc.addr_type = SCTP_IPV6_ADDRESS;
5250 if (net->src_addr_selected == 0) {
5251 /*
5252 * strange case here, the INIT should have
5253 * did the selection.
5254 */
5255 net->ro._s_addr = sctp_source_address_selection(inp,
5256 stcb, (sctp_route_t *) & net->ro,
5257 net, 0, vrf_id);
5258 if (net->ro._s_addr == NULL)
5259 return;
5260
5261 net->src_addr_selected = 1;
5262 }
5263 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr,
5264 sizeof(struct in6_addr));
5265 stc.laddr_type = SCTP_IPV6_ADDRESS;
5266 break;
5267#endif
5268 }
5269 }
5270 /* Now lets put the SCTP header in place */
5271 initack = mtod(m, struct sctp_init_ack_chunk *);
5272 /* Save it off for quick ref */
5273 stc.peers_vtag = init_chk->init.initiate_tag;
5274 /* who are we */
5275 memcpy(stc.identification, SCTP_VERSION_STRING,
5276 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification)));
5277 /* now the chunk header */
5278 initack->ch.chunk_type = SCTP_INITIATION_ACK;
5279 initack->ch.chunk_flags = 0;
5280 /* fill in later from mbuf we build */
5281 initack->ch.chunk_length = 0;
5282 /* place in my tag */
5283 if ((asoc != NULL) &&
5284 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
5285 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) ||
5286 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) {
5287 /* re-use the v-tags and init-seq here */
5288 initack->init.initiate_tag = htonl(asoc->my_vtag);
5289 initack->init.initial_tsn = htonl(asoc->init_seq_number);
5290 } else {
5291 uint32_t vtag, itsn;
5292
5293 if (hold_inp_lock) {
5294 SCTP_INP_INCR_REF(inp);
5295 SCTP_INP_RUNLOCK(inp);
5296 }
5297 if (asoc) {
5298 atomic_add_int(&asoc->refcnt, 1);
5299 SCTP_TCB_UNLOCK(stcb);
5300 new_tag:
5301 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1);
5302 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) {
5303 /*
5304 * Got a duplicate vtag on some guy behind a
5305 * nat make sure we don't use it.
5306 */
5307 goto new_tag;
5308 }
5309 initack->init.initiate_tag = htonl(vtag);
5310 /* get a TSN to use too */
5311 itsn = sctp_select_initial_TSN(&inp->sctp_ep);
5312 initack->init.initial_tsn = htonl(itsn);
5313 SCTP_TCB_LOCK(stcb);
5314 atomic_add_int(&asoc->refcnt, -1);
5315 } else {
5316 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1);
5317 initack->init.initiate_tag = htonl(vtag);
5318 /* get a TSN to use too */
5319 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep));
5320 }
5321 if (hold_inp_lock) {
5322 SCTP_INP_RLOCK(inp);
5323 SCTP_INP_DECR_REF(inp);
5324 }
5325 }
5326 /* save away my tag to */
5327 stc.my_vtag = initack->init.initiate_tag;
5328
5329 /* set up some of the credits. */
5330 so = inp->sctp_socket;
5331 if (so == NULL) {
5332 /* memory problem */
5333 sctp_m_freem(m);
5334 return;
5335 } else {
5336 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND));
5337 }
5338 /* set what I want */
5339 his_limit = ntohs(init_chk->init.num_inbound_streams);
5340 /* choose what I want */
5341 if (asoc != NULL) {
5342 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) {
5343 i_want = asoc->streamoutcnt;
5344 } else {
5345 i_want = inp->sctp_ep.pre_open_stream_count;
5346 }
5347 } else {
5348 i_want = inp->sctp_ep.pre_open_stream_count;
5349 }
5350 if (his_limit < i_want) {
5351 /* I Want more :< */
5352 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams;
5353 } else {
5354 /* I can have what I want :> */
5355 initack->init.num_outbound_streams = htons(i_want);
5356 }
5357 /* tell him his limt. */
5358 initack->init.num_inbound_streams =
5359 htons(inp->sctp_ep.max_open_streams_intome);
5360
5361 /* adaptation layer indication parameter */
5362 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)initack + sizeof(*initack));
5363 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
5364 ali->ph.param_length = htons(sizeof(*ali));
5365 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator);
5366 SCTP_BUF_LEN(m) += sizeof(*ali);
5367 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali));
5368
5369 /* ECN parameter */
5370 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) {
5371 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE);
5372 ecn->ph.param_length = htons(sizeof(*ecn));
5373 SCTP_BUF_LEN(m) += sizeof(*ecn);
5374
5375 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn +
5376 sizeof(*ecn));
5377 } else {
5378 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn);
5379 }
5380 /* And now tell the peer we do pr-sctp */
5381 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED);
5382 prsctp->ph.param_length = htons(sizeof(*prsctp));
5383 SCTP_BUF_LEN(m) += sizeof(*prsctp);
5384 if (nat_friendly) {
5385 /* Add NAT friendly parameter */
5386 struct sctp_paramhdr *ph;
5387
5388 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5389 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
5390 ph->param_length = htons(sizeof(struct sctp_paramhdr));
5391 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr);
5392 }
5393 /* And now tell the peer we do all the extensions */
5394 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5395 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
5396 num_ext = 0;
5397 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
5398 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
5399 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
5400 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
5401 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
5402 if (!SCTP_BASE_SYSCTL(sctp_auth_disable))
5403 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
5404 /*
5405 * EY if the sysctl variable is set, tell the assoc. initiator that
5406 * we do nr_sack
5407 */
5408 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off))
5409 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
5410 p_len = sizeof(*pr_supported) + num_ext;
5411 pr_supported->ph.param_length = htons(p_len);
5412 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len);
5413 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5414
5415 /* ECN nonce: And now tell the peer we support ECN nonce */
5416 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) {
5417 ecn_nonce = (struct sctp_ecn_nonce_supported_param *)
5418 ((caddr_t)pr_supported + SCTP_SIZE32(p_len));
5419 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED);
5420 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce));
5421 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce);
5422 }
5423 /* add authentication parameters */
5424 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) {
5425 struct sctp_auth_random *randp;
5426 struct sctp_auth_hmac_algo *hmacs;
5427 struct sctp_auth_chunk_list *chunks;
5428 uint16_t random_len;
5429
5430 /* generate and add RANDOM parameter */
5431 random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT;
5432 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5433 randp->ph.param_type = htons(SCTP_RANDOM);
5434 p_len = sizeof(*randp) + random_len;
5435 randp->ph.param_length = htons(p_len);
5436 SCTP_READ_RANDOM(randp->random_data, random_len);
5437 /* zero out any padding required */
5438 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
5439 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5440
5441 /* add HMAC_ALGO parameter */
5442 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5443 p_len = sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs,
5444 (uint8_t *) hmacs->hmac_ids);
5445 if (p_len > 0) {
5446 p_len += sizeof(*hmacs);
5447 hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
5448 hmacs->ph.param_length = htons(p_len);
5449 /* zero out any padding required */
5450 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len);
5451 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5452 }
5453 /* add CHUNKS parameter */
5454 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
5455 p_len = sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks,
5456 chunks->chunk_types);
5457 if (p_len > 0) {
5458 p_len += sizeof(*chunks);
5459 chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
5460 chunks->ph.param_length = htons(p_len);
5461 /* zero out any padding required */
5462 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len);
5463 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
5464 }
5465 }
5466 m_at = m;
5467 /* now the addresses */
5468 {
5469 struct sctp_scoping scp;
5470
5471 /*
5472 * To optimize this we could put the scoping stuff into a
5473 * structure and remove the individual uint8's from the stc
5474 * structure. Then we could just sifa in the address within
5475 * the stc.. but for now this is a quick hack to get the
5476 * address stuff teased apart.
5477 */
5478 scp.ipv4_addr_legal = stc.ipv4_addr_legal;
5479 scp.ipv6_addr_legal = stc.ipv6_addr_legal;
5480 scp.loopback_scope = stc.loopback_scope;
5481 scp.ipv4_local_scope = stc.ipv4_scope;
5482 scp.local_scope = stc.local_scope;
5483 scp.site_scope = stc.site_scope;
5484 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to);
5485 }
5486
5487 /* tack on the operational error if present */
5488 if (op_err) {
5489 struct mbuf *ol;
5490 int llen;
5491
5492 llen = 0;
5493 ol = op_err;
5494 while (ol) {
5495 llen += SCTP_BUF_LEN(ol);
5496 ol = SCTP_BUF_NEXT(ol);
5497 }
5498 if (llen % 4) {
5499 /* must add a pad to the param */
5500 uint32_t cpthis = 0;
5501 int padlen;
5502
5503 padlen = 4 - (llen % 4);
5504 m_copyback(op_err, llen, padlen, (caddr_t)&cpthis);
5505 }
5506 while (SCTP_BUF_NEXT(m_at) != NULL) {
5507 m_at = SCTP_BUF_NEXT(m_at);
5508 }
5509 SCTP_BUF_NEXT(m_at) = op_err;
5510 while (SCTP_BUF_NEXT(m_at) != NULL) {
5511 m_at = SCTP_BUF_NEXT(m_at);
5512 }
5513 }
5514 /* pre-calulate the size and update pkt header and chunk header */
5515 p_len = 0;
5516 for (m_tmp = m; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) {
5517 p_len += SCTP_BUF_LEN(m_tmp);
5518 if (SCTP_BUF_NEXT(m_tmp) == NULL) {
5519 /* m_tmp should now point to last one */
5520 break;
5521 }
5522 }
5523
5524 /* Now we must build a cookie */
5525 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 0, &stc, &signature);
5526 if (m_cookie == NULL) {
5527 /* memory problem */
5528 sctp_m_freem(m);
5529 return;
5530 }
5531 /* Now append the cookie to the end and update the space/size */
5532 SCTP_BUF_NEXT(m_tmp) = m_cookie;
5533
5534 for (m_tmp = m_cookie; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) {
5535 p_len += SCTP_BUF_LEN(m_tmp);
5536 if (SCTP_BUF_NEXT(m_tmp) == NULL) {
5537 /* m_tmp should now point to last one */
5538 mp_last = m_tmp;
5539 break;
5540 }
5541 }
5542 /*
5543 * Place in the size, but we don't include the last pad (if any) in
5544 * the INIT-ACK.
5545 */
5546 initack->ch.chunk_length = htons(p_len);
5547
5548 /*
5549 * Time to sign the cookie, we don't sign over the cookie signature
5550 * though thus we set trailer.
5551 */
5552 (void)sctp_hmac_m(SCTP_HMAC,
5553 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)],
5554 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr),
5555 (uint8_t *) signature, SCTP_SIGNATURE_SIZE);
5556 /*
5557 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return
5558 * here since the timer will drive a retranmission.
5559 */
5560 padval = p_len % 4;
5561 if ((padval) && (mp_last)) {
5562 /* see my previous comments on mp_last */
5563 int ret;
5564
5565 ret = sctp_add_pad_tombuf(mp_last, (4 - padval));
5566 if (ret) {
5567 /* Houston we have a problem, no space */
5568 sctp_m_freem(m);
5569 return;
5570 }
5571 p_len += padval;
5572 }
5573 if (stc.loopback_scope) {
5574 over_addr = &store1;
5575 } else {
5576 over_addr = NULL;
5577 }
5578
5579 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0,
5580 0, NULL, 0,
5581 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag,
5582 port, SCTP_SO_NOT_LOCKED, over_addr);
5583 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
5584}
5585
5586
5587void
5588sctp_insert_on_wheel(struct sctp_tcb *stcb,
5589 struct sctp_association *asoc,
5590 struct sctp_stream_out *strq, int holds_lock)
5591{
5592 if (holds_lock == 0) {
5593 SCTP_TCB_SEND_LOCK(stcb);
5594 }
5595 if ((strq->next_spoke.tqe_next == NULL) &&
5596 (strq->next_spoke.tqe_prev == NULL)) {
5597 TAILQ_INSERT_TAIL(&asoc->out_wheel, strq, next_spoke);
5598 }
5599 if (holds_lock == 0) {
5600 SCTP_TCB_SEND_UNLOCK(stcb);
5601 }
5602}
5603
5604void
5605sctp_remove_from_wheel(struct sctp_tcb *stcb,
5606 struct sctp_association *asoc,
5607 struct sctp_stream_out *strq,
5608 int holds_lock)
5609{
5610 /* take off and then setup so we know it is not on the wheel */
5611 if (holds_lock == 0) {
5612 SCTP_TCB_SEND_LOCK(stcb);
5613 }
5614 if (TAILQ_EMPTY(&strq->outqueue)) {
5615 if (asoc->last_out_stream == strq) {
5616 asoc->last_out_stream = TAILQ_PREV(asoc->last_out_stream, sctpwheel_listhead, next_spoke);
5617 if (asoc->last_out_stream == NULL) {
5618 asoc->last_out_stream = TAILQ_LAST(&asoc->out_wheel, sctpwheel_listhead);
5619 }
5620 if (asoc->last_out_stream == strq) {
5621 asoc->last_out_stream = NULL;
5622 }
5623 }
5624 TAILQ_REMOVE(&asoc->out_wheel, strq, next_spoke);
5625 strq->next_spoke.tqe_next = NULL;
5626 strq->next_spoke.tqe_prev = NULL;
5627 }
5628 if (holds_lock == 0) {
5629 SCTP_TCB_SEND_UNLOCK(stcb);
5630 }
5631}
5632
5633static void
5634sctp_prune_prsctp(struct sctp_tcb *stcb,
5635 struct sctp_association *asoc,
5636 struct sctp_sndrcvinfo *srcv,
5637 int dataout)
5638{
5639 int freed_spc = 0;
5640 struct sctp_tmit_chunk *chk, *nchk;
5641
5642 SCTP_TCB_LOCK_ASSERT(stcb);
5643 if ((asoc->peer_supports_prsctp) &&
5644 (asoc->sent_queue_cnt_removeable > 0)) {
5645 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
5646 /*
5647 * Look for chunks marked with the PR_SCTP flag AND
5648 * the buffer space flag. If the one being sent is
5649 * equal or greater priority then purge the old one
5650 * and free some space.
5651 */
5652 if (PR_SCTP_BUF_ENABLED(chk->flags)) {
5653 /*
5654 * This one is PR-SCTP AND buffer space
5655 * limited type
5656 */
5657 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) {
5658 /*
5659 * Lower numbers equates to higher
5660 * priority so if the one we are
5661 * looking at has a larger or equal
5662 * priority we want to drop the data
5663 * and NOT retransmit it.
5664 */
5665 if (chk->data) {
5666 /*
5667 * We release the book_size
5668 * if the mbuf is here
5669 */
5670 int ret_spc;
5671 int cause;
5672
5673 if (chk->sent > SCTP_DATAGRAM_UNSENT)
5674 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT;
5675 else
5676 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT;
5677 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk,
5678 cause,
5679 SCTP_SO_LOCKED);
5680 freed_spc += ret_spc;
5681 if (freed_spc >= dataout) {
5682 return;
5683 }
5684 } /* if chunk was present */
5685 } /* if of sufficent priority */
5686 } /* if chunk has enabled */
5687 } /* tailqforeach */
5688
5689 chk = TAILQ_FIRST(&asoc->send_queue);
5690 while (chk) {
5691 nchk = TAILQ_NEXT(chk, sctp_next);
5692 /* Here we must move to the sent queue and mark */
5693 if (PR_SCTP_TTL_ENABLED(chk->flags)) {
5694 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) {
5695 if (chk->data) {
5696 /*
5697 * We release the book_size
5698 * if the mbuf is here
5699 */
5700 int ret_spc;
5701
5702 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk,
5703 SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT,
5704 SCTP_SO_LOCKED);
5705
5706 freed_spc += ret_spc;
5707 if (freed_spc >= dataout) {
5708 return;
5709 }
5710 } /* end if chk->data */
5711 } /* end if right class */
5712 } /* end if chk pr-sctp */
5713 chk = nchk;
5714 } /* end while (chk) */
5715 } /* if enabled in asoc */
5716}
5717
5718int
5719sctp_get_frag_point(struct sctp_tcb *stcb,
5720 struct sctp_association *asoc)
5721{
5722 int siz, ovh;
5723
5724 /*
5725 * For endpoints that have both v6 and v4 addresses we must reserve
5726 * room for the ipv6 header, for those that are only dealing with V4
5727 * we use a larger frag point.
5728 */
5729 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
5730 ovh = SCTP_MED_OVERHEAD;
5731 } else {
5732 ovh = SCTP_MED_V4_OVERHEAD;
5733 }
5734
5735 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu)
5736 siz = asoc->smallest_mtu - ovh;
5737 else
5738 siz = (stcb->asoc.sctp_frag_point - ovh);
5739 /*
5740 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) {
5741 */
5742 /* A data chunk MUST fit in a cluster */
5743 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */
5744 /* } */
5745
5746 /* adjust for an AUTH chunk if DATA requires auth */
5747 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks))
5748 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
5749
5750 if (siz % 4) {
5751 /* make it an even word boundary please */
5752 siz -= (siz % 4);
5753 }
5754 return (siz);
5755}
5756
5757static void
5758sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp)
5759{
5760 sp->pr_sctp_on = 0;
5761 /*
5762 * We assume that the user wants PR_SCTP_TTL if the user provides a
5763 * positive lifetime but does not specify any PR_SCTP policy. This
5764 * is a BAD assumption and causes problems at least with the
5765 * U-Vancovers MPI folks. I will change this to be no policy means
5766 * NO PR-SCTP.
5767 */
5768 if (PR_SCTP_ENABLED(sp->sinfo_flags)) {
5769 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags);
5770 sp->pr_sctp_on = 1;
5771 } else {
5772 return;
5773 }
5774 switch (PR_SCTP_POLICY(sp->sinfo_flags)) {
5775 case CHUNK_FLAGS_PR_SCTP_BUF:
5776 /*
5777 * Time to live is a priority stored in tv_sec when doing
5778 * the buffer drop thing.
5779 */
5780 sp->ts.tv_sec = sp->timetolive;
5781 sp->ts.tv_usec = 0;
5782 break;
5783 case CHUNK_FLAGS_PR_SCTP_TTL:
5784 {
5785 struct timeval tv;
5786
5787 (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
5788 tv.tv_sec = sp->timetolive / 1000;
5789 tv.tv_usec = (sp->timetolive * 1000) % 1000000;
5790 /*
5791 * TODO sctp_constants.h needs alternative time
5792 * macros when _KERNEL is undefined.
5793 */
5794 timevaladd(&sp->ts, &tv);
5795 }
5796 break;
5797 case CHUNK_FLAGS_PR_SCTP_RTX:
5798 /*
5799 * Time to live is a the number or retransmissions stored in
5800 * tv_sec.
5801 */
5802 sp->ts.tv_sec = sp->timetolive;
5803 sp->ts.tv_usec = 0;
5804 break;
5805 default:
5806 SCTPDBG(SCTP_DEBUG_USRREQ1,
5807 "Unknown PR_SCTP policy %u.\n",
5808 PR_SCTP_POLICY(sp->sinfo_flags));
5809 break;
5810 }
5811}
5812
5813static int
5814sctp_msg_append(struct sctp_tcb *stcb,
5815 struct sctp_nets *net,
5816 struct mbuf *m,
5817 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock)
5818{
5819 int error = 0, holds_lock;
5820 struct mbuf *at;
5821 struct sctp_stream_queue_pending *sp = NULL;
5822 struct sctp_stream_out *strm;
5823
5824 /*
5825 * Given an mbuf chain, put it into the association send queue and
5826 * place it on the wheel
5827 */
5828 holds_lock = hold_stcb_lock;
5829 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) {
5830 /* Invalid stream number */
5831 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
5832 error = EINVAL;
5833 goto out_now;
5834 }
5835 if ((stcb->asoc.stream_locked) &&
5836 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) {
5837 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
5838 error = EINVAL;
5839 goto out_now;
5840 }
5841 strm = &stcb->asoc.strmout[srcv->sinfo_stream];
5842 /* Now can we send this? */
5843 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) ||
5844 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
5845 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
5846 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) {
5847 /* got data while shutting down */
5848 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
5849 error = ECONNRESET;
5850 goto out_now;
5851 }
5852 sctp_alloc_a_strmoq(stcb, sp);
5853 if (sp == NULL) {
5854 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
5855 error = ENOMEM;
5856 goto out_now;
5857 }
5858 sp->sinfo_flags = srcv->sinfo_flags;
5859 sp->timetolive = srcv->sinfo_timetolive;
5860 sp->ppid = srcv->sinfo_ppid;
5861 sp->context = srcv->sinfo_context;
5862 sp->strseq = 0;
5863 if (sp->sinfo_flags & SCTP_ADDR_OVER) {
5864 sp->net = net;
5865 } else {
5866 sp->net = stcb->asoc.primary_destination;
5867 }
5868 atomic_add_int(&sp->net->ref_count, 1);
5869 (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
5870 sp->stream = srcv->sinfo_stream;
5871 sp->msg_is_complete = 1;
5872 sp->sender_all_done = 1;
5873 sp->some_taken = 0;
5874 sp->data = m;
5875 sp->tail_mbuf = NULL;
5876 sp->length = 0;
5877 at = m;
5878 sctp_set_prsctp_policy(sp);
5879 /*
5880 * We could in theory (for sendall) sifa the length in, but we would
5881 * still have to hunt through the chain since we need to setup the
5882 * tail_mbuf
5883 */
5884 while (at) {
5885 if (SCTP_BUF_NEXT(at) == NULL)
5886 sp->tail_mbuf = at;
5887 sp->length += SCTP_BUF_LEN(at);
5888 at = SCTP_BUF_NEXT(at);
5889 }
5890 SCTP_TCB_SEND_LOCK(stcb);
5891 sctp_snd_sb_alloc(stcb, sp->length);
5892 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1);
5893 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
5894 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) {
5895 sp->strseq = strm->next_sequence_sent;
5896 strm->next_sequence_sent++;
5897 }
5898 if ((strm->next_spoke.tqe_next == NULL) &&
5899 (strm->next_spoke.tqe_prev == NULL)) {
5900 /* Not on wheel, insert */
5901 sctp_insert_on_wheel(stcb, &stcb->asoc, strm, 1);
5902 }
5903 m = NULL;
5904 SCTP_TCB_SEND_UNLOCK(stcb);
5905out_now:
5906 if (m) {
5907 sctp_m_freem(m);
5908 }
5909 return (error);
5910}
5911
5912
5913static struct mbuf *
5914sctp_copy_mbufchain(struct mbuf *clonechain,
5915 struct mbuf *outchain,
5916 struct mbuf **endofchain,
5917 int can_take_mbuf,
5918 int sizeofcpy,
5919 uint8_t copy_by_ref)
5920{
5921 struct mbuf *m;
5922 struct mbuf *appendchain;
5923 caddr_t cp;
5924 int len;
5925
5926 if (endofchain == NULL) {
5927 /* error */
5928error_out:
5929 if (outchain)
5930 sctp_m_freem(outchain);
5931 return (NULL);
5932 }
5933 if (can_take_mbuf) {
5934 appendchain = clonechain;
5935 } else {
5936 if (!copy_by_ref &&
5937 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN)))
5938 ) {
5939 /* Its not in a cluster */
5940 if (*endofchain == NULL) {
5941 /* lets get a mbuf cluster */
5942 if (outchain == NULL) {
5943 /* This is the general case */
5944 new_mbuf:
5945 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER);
5946 if (outchain == NULL) {
5947 goto error_out;
5948 }
5949 SCTP_BUF_LEN(outchain) = 0;
5950 *endofchain = outchain;
5951 /* get the prepend space */
5952 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4));
5953 } else {
5954 /*
5955 * We really should not get a NULL
5956 * in endofchain
5957 */
5958 /* find end */
5959 m = outchain;
5960 while (m) {
5961 if (SCTP_BUF_NEXT(m) == NULL) {
5962 *endofchain = m;
5963 break;
5964 }
5965 m = SCTP_BUF_NEXT(m);
5966 }
5967 /* sanity */
5968 if (*endofchain == NULL) {
5969 /*
5970 * huh, TSNH XXX maybe we
5971 * should panic
5972 */
5973 sctp_m_freem(outchain);
5974 goto new_mbuf;
5975 }
5976 }
5977 /* get the new end of length */
5978 len = M_TRAILINGSPACE(*endofchain);
5979 } else {
5980 /* how much is left at the end? */
5981 len = M_TRAILINGSPACE(*endofchain);
5982 }
5983 /* Find the end of the data, for appending */
5984 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain)));
5985
5986 /* Now lets copy it out */
5987 if (len >= sizeofcpy) {
5988 /* It all fits, copy it in */
5989 m_copydata(clonechain, 0, sizeofcpy, cp);
5990 SCTP_BUF_LEN((*endofchain)) += sizeofcpy;
5991 } else {
5992 /* fill up the end of the chain */
5993 if (len > 0) {
5994 m_copydata(clonechain, 0, len, cp);
5995 SCTP_BUF_LEN((*endofchain)) += len;
5996 /* now we need another one */
5997 sizeofcpy -= len;
5998 }
5999 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER);
6000 if (m == NULL) {
6001 /* We failed */
6002 goto error_out;
6003 }
6004 SCTP_BUF_NEXT((*endofchain)) = m;
6005 *endofchain = m;
6006 cp = mtod((*endofchain), caddr_t);
6007 m_copydata(clonechain, len, sizeofcpy, cp);
6008 SCTP_BUF_LEN((*endofchain)) += sizeofcpy;
6009 }
6010 return (outchain);
6011 } else {
6012 /* copy the old fashion way */
6013 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_DONTWAIT);
6014#ifdef SCTP_MBUF_LOGGING
6015 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
6016 struct mbuf *mat;
6017
6018 mat = appendchain;
6019 while (mat) {
6020 if (SCTP_BUF_IS_EXTENDED(mat)) {
6021 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
6022 }
6023 mat = SCTP_BUF_NEXT(mat);
6024 }
6025 }
6026#endif
6027 }
6028 }
6029 if (appendchain == NULL) {
6030 /* error */
6031 if (outchain)
6032 sctp_m_freem(outchain);
6033 return (NULL);
6034 }
6035 if (outchain) {
6036 /* tack on to the end */
6037 if (*endofchain != NULL) {
6038 SCTP_BUF_NEXT(((*endofchain))) = appendchain;
6039 } else {
6040 m = outchain;
6041 while (m) {
6042 if (SCTP_BUF_NEXT(m) == NULL) {
6043 SCTP_BUF_NEXT(m) = appendchain;
6044 break;
6045 }
6046 m = SCTP_BUF_NEXT(m);
6047 }
6048 }
6049 /*
6050 * save off the end and update the end-chain postion
6051 */
6052 m = appendchain;
6053 while (m) {
6054 if (SCTP_BUF_NEXT(m) == NULL) {
6055 *endofchain = m;
6056 break;
6057 }
6058 m = SCTP_BUF_NEXT(m);
6059 }
6060 return (outchain);
6061 } else {
6062 /* save off the end and update the end-chain postion */
6063 m = appendchain;
6064 while (m) {
6065 if (SCTP_BUF_NEXT(m) == NULL) {
6066 *endofchain = m;
6067 break;
6068 }
6069 m = SCTP_BUF_NEXT(m);
6070 }
6071 return (appendchain);
6072 }
6073}
6074
6075int
6076sctp_med_chunk_output(struct sctp_inpcb *inp,
6077 struct sctp_tcb *stcb,
6078 struct sctp_association *asoc,
6079 int *num_out,
6080 int *reason_code,
6081 int control_only, int from_where,
6082 struct timeval *now, int *now_filled, int frag_point, int so_locked
6083#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
6084 SCTP_UNUSED
6085#endif
6086);
6087
6088static void
6089sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr,
6090 uint32_t val)
6091{
6092 struct sctp_copy_all *ca;
6093 struct mbuf *m;
6094 int ret = 0;
6095 int added_control = 0;
6096 int un_sent, do_chunk_output = 1;
6097 struct sctp_association *asoc;
6098
6099 ca = (struct sctp_copy_all *)ptr;
6100 if (ca->m == NULL) {
6101 return;
6102 }
6103 if (ca->inp != inp) {
6104 /* TSNH */
6105 return;
6106 }
6107 if ((ca->m) && ca->sndlen) {
6108 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_DONTWAIT);
6109 if (m == NULL) {
6110 /* can't copy so we are done */
6111 ca->cnt_failed++;
6112 return;
6113 }
6114#ifdef SCTP_MBUF_LOGGING
6115 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
6116 struct mbuf *mat;
6117
6118 mat = m;
6119 while (mat) {
6120 if (SCTP_BUF_IS_EXTENDED(mat)) {
6121 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
6122 }
6123 mat = SCTP_BUF_NEXT(mat);
6124 }
6125 }
6126#endif
6127 } else {
6128 m = NULL;
6129 }
6130 SCTP_TCB_LOCK_ASSERT(stcb);
6131 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) {
6132 /* Abort this assoc with m as the user defined reason */
6133 if (m) {
6134 struct sctp_paramhdr *ph;
6135
6136 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT);
6137 if (m) {
6138 ph = mtod(m, struct sctp_paramhdr *);
6139 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
6140 ph->param_length = htons(ca->sndlen);
6141 }
6142 /*
6143 * We add one here to keep the assoc from
6144 * dis-appearing on us.
6145 */
6146 atomic_add_int(&stcb->asoc.refcnt, 1);
6147 sctp_abort_an_association(inp, stcb,
6148 SCTP_RESPONSE_TO_USER_REQ,
6149 m, SCTP_SO_NOT_LOCKED);
6150 /*
6151 * sctp_abort_an_association calls sctp_free_asoc()
6152 * free association will NOT free it since we
6153 * incremented the refcnt .. we do this to prevent
6154 * it being freed and things getting tricky since we
6155 * could end up (from free_asoc) calling inpcb_free
6156 * which would get a recursive lock call to the
6157 * iterator lock.. But as a consequence of that the
6158 * stcb will return to us un-locked.. since
6159 * free_asoc returns with either no TCB or the TCB
6160 * unlocked, we must relock.. to unlock in the
6161 * iterator timer :-0
6162 */
6163 SCTP_TCB_LOCK(stcb);
6164 atomic_add_int(&stcb->asoc.refcnt, -1);
6165 goto no_chunk_output;
6166 }
6167 } else {
6168 if (m) {
6169 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m,
6170 &ca->sndrcv, 1);
6171 }
6172 asoc = &stcb->asoc;
6173 if (ca->sndrcv.sinfo_flags & SCTP_EOF) {
6174 /* shutdown this assoc */
6175 int cnt;
6176
6177 cnt = sctp_is_there_unsent_data(stcb);
6178
6179 if (TAILQ_EMPTY(&asoc->send_queue) &&
6180 TAILQ_EMPTY(&asoc->sent_queue) &&
6181 (cnt == 0)) {
6182 if (asoc->locked_on_sending) {
6183 goto abort_anyway;
6184 }
6185 /*
6186 * there is nothing queued to send, so I'm
6187 * done...
6188 */
6189 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
6190 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
6191 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
6192 /*
6193 * only send SHUTDOWN the first time
6194 * through
6195 */
6196 sctp_send_shutdown(stcb, stcb->asoc.primary_destination);
6197 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
6198 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
6199 }
6200 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
6201 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
6202 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
6203 asoc->primary_destination);
6204 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
6205 asoc->primary_destination);
6206 added_control = 1;
6207 do_chunk_output = 0;
6208 }
6209 } else {
6210 /*
6211 * we still got (or just got) data to send,
6212 * so set SHUTDOWN_PENDING
6213 */
6214 /*
6215 * XXX sockets draft says that SCTP_EOF
6216 * should be sent with no data. currently,
6217 * we will allow user data to be sent first
6218 * and move to SHUTDOWN-PENDING
6219 */
6220 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
6221 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
6222 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
6223 if (asoc->locked_on_sending) {
6224 /*
6225 * Locked to send out the
6226 * data
6227 */
6228 struct sctp_stream_queue_pending *sp;
6229
6230 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead);
6231 if (sp) {
6232 if ((sp->length == 0) && (sp->msg_is_complete == 0))
6233 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
6234 }
6235 }
6236 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING;
6237 if (TAILQ_EMPTY(&asoc->send_queue) &&
6238 TAILQ_EMPTY(&asoc->sent_queue) &&
6239 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
6240 abort_anyway:
6241 atomic_add_int(&stcb->asoc.refcnt, 1);
6242 sctp_abort_an_association(stcb->sctp_ep, stcb,
6243 SCTP_RESPONSE_TO_USER_REQ,
6244 NULL, SCTP_SO_NOT_LOCKED);
6245 atomic_add_int(&stcb->asoc.refcnt, -1);
6246 goto no_chunk_output;
6247 }
6248 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
6249 asoc->primary_destination);
6250 }
6251 }
6252
6253 }
6254 }
6255 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
6256 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
6257
6258 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
6259 (stcb->asoc.total_flight > 0) &&
6260 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))
6261 ) {
6262 do_chunk_output = 0;
6263 }
6264 if (do_chunk_output)
6265 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED);
6266 else if (added_control) {
6267 int num_out = 0, reason = 0, now_filled = 0;
6268 struct timeval now;
6269 int frag_point;
6270
6271 frag_point = sctp_get_frag_point(stcb, &stcb->asoc);
6272 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out,
6273 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED);
6274 }
6275no_chunk_output:
6276 if (ret) {
6277 ca->cnt_failed++;
6278 } else {
6279 ca->cnt_sent++;
6280 }
6281}
6282
6283static void
6284sctp_sendall_completes(void *ptr, uint32_t val)
6285{
6286 struct sctp_copy_all *ca;
6287
6288 ca = (struct sctp_copy_all *)ptr;
6289 /*
6290 * Do a notify here? Kacheong suggests that the notify be done at
6291 * the send time.. so you would push up a notification if any send
6292 * failed. Don't know if this is feasable since the only failures we
6293 * have is "memory" related and if you cannot get an mbuf to send
6294 * the data you surely can't get an mbuf to send up to notify the
6295 * user you can't send the data :->
6296 */
6297
6298 /* now free everything */
6299 sctp_m_freem(ca->m);
6300 SCTP_FREE(ca, SCTP_M_COPYAL);
6301}
6302
6303
6304#define MC_ALIGN(m, len) do { \
6305 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \
6306} while (0)
6307
6308
6309
6310static struct mbuf *
6311sctp_copy_out_all(struct uio *uio, int len)
6312{
6313 struct mbuf *ret, *at;
6314 int left, willcpy, cancpy, error;
6315
6316 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAIT, 1, MT_DATA);
6317 if (ret == NULL) {
6318 /* TSNH */
6319 return (NULL);
6320 }
6321 left = len;
6322 SCTP_BUF_LEN(ret) = 0;
6323 /* save space for the data chunk header */
6324 cancpy = M_TRAILINGSPACE(ret);
6325 willcpy = min(cancpy, left);
6326 at = ret;
6327 while (left > 0) {
6328 /* Align data to the end */
6329 error = uiomove(mtod(at, caddr_t), willcpy, uio);
6330 if (error) {
6331 err_out_now:
6332 sctp_m_freem(at);
6333 return (NULL);
6334 }
6335 SCTP_BUF_LEN(at) = willcpy;
6336 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0;
6337 left -= willcpy;
6338 if (left > 0) {
6339 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 1, MT_DATA);
6340 if (SCTP_BUF_NEXT(at) == NULL) {
6341 goto err_out_now;
6342 }
6343 at = SCTP_BUF_NEXT(at);
6344 SCTP_BUF_LEN(at) = 0;
6345 cancpy = M_TRAILINGSPACE(at);
6346 willcpy = min(cancpy, left);
6347 }
6348 }
6349 return (ret);
6350}
6351
6352static int
6353sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
6354 struct sctp_sndrcvinfo *srcv)
6355{
6356 int ret;
6357 struct sctp_copy_all *ca;
6358
6359 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all),
6360 SCTP_M_COPYAL);
6361 if (ca == NULL) {
6362 sctp_m_freem(m);
6363 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
6364 return (ENOMEM);
6365 }
6366 memset(ca, 0, sizeof(struct sctp_copy_all));
6367
6368 ca->inp = inp;
6369 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo));
6370 /*
6371 * take off the sendall flag, it would be bad if we failed to do
6372 * this :-0
6373 */
6374 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL;
6375 /* get length and mbuf chain */
6376 if (uio) {
6377 ca->sndlen = uio->uio_resid;
6378 ca->m = sctp_copy_out_all(uio, ca->sndlen);
6379 if (ca->m == NULL) {
6380 SCTP_FREE(ca, SCTP_M_COPYAL);
6381 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
6382 return (ENOMEM);
6383 }
6384 } else {
6385 /* Gather the length of the send */
6386 struct mbuf *mat;
6387
6388 mat = m;
6389 ca->sndlen = 0;
6390 while (m) {
6391 ca->sndlen += SCTP_BUF_LEN(m);
6392 m = SCTP_BUF_NEXT(m);
6393 }
6394 ca->m = mat;
6395 }
6396 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL,
6397 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES,
6398 SCTP_ASOC_ANY_STATE,
6399 (void *)ca, 0,
6400 sctp_sendall_completes, inp, 1);
6401 if (ret) {
6402 SCTP_PRINTF("Failed to initiate iterator for sendall\n");
6403 SCTP_FREE(ca, SCTP_M_COPYAL);
6404 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT);
6405 return (EFAULT);
6406 }
6407 return (0);
6408}
6409
6410
6411void
6412sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc)
6413{
6414 struct sctp_tmit_chunk *chk, *nchk;
6415
6416 chk = TAILQ_FIRST(&asoc->control_send_queue);
6417 while (chk) {
6418 nchk = TAILQ_NEXT(chk, sctp_next);
6419 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
6420 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
6421 if (chk->data) {
6422 sctp_m_freem(chk->data);
6423 chk->data = NULL;
6424 }
6425 asoc->ctrl_queue_cnt--;
6426 sctp_free_a_chunk(stcb, chk);
6427 }
6428 chk = nchk;
6429 }
6430}
6431
6432void
6433sctp_toss_old_asconf(struct sctp_tcb *stcb)
6434{
6435 struct sctp_association *asoc;
6436 struct sctp_tmit_chunk *chk, *chk_tmp;
6437 struct sctp_asconf_chunk *acp;
6438
6439 asoc = &stcb->asoc;
6440 for (chk = TAILQ_FIRST(&asoc->asconf_send_queue); chk != NULL;
6441 chk = chk_tmp) {
6442 /* get next chk */
6443 chk_tmp = TAILQ_NEXT(chk, sctp_next);
6444 /* find SCTP_ASCONF chunk in queue */
6445 if (chk->rec.chunk_id.id == SCTP_ASCONF) {
6446 if (chk->data) {
6447 acp = mtod(chk->data, struct sctp_asconf_chunk *);
6448 if (compare_with_wrap(ntohl(acp->serial_number), stcb->asoc.asconf_seq_out_acked, MAX_SEQ)) {
6449 /* Not Acked yet */
6450 break;
6451 }
6452 }
6453 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
6454 if (chk->data) {
6455 sctp_m_freem(chk->data);
6456 chk->data = NULL;
6457 }
6458 asoc->ctrl_queue_cnt--;
6459 sctp_free_a_chunk(stcb, chk);
6460 }
6461 }
6462}
6463
6464
6465static void
6466sctp_clean_up_datalist(struct sctp_tcb *stcb,
6467
6468 struct sctp_association *asoc,
6469 struct sctp_tmit_chunk **data_list,
6470 int bundle_at,
6471 struct sctp_nets *net)
6472{
6473 int i;
6474 struct sctp_tmit_chunk *tp1;
6475
6476 for (i = 0; i < bundle_at; i++) {
6477 /* off of the send queue */
6478 if (i) {
6479 /*
6480 * Any chunk NOT 0 you zap the time chunk 0 gets
6481 * zapped or set based on if a RTO measurment is
6482 * needed.
6483 */
6484 data_list[i]->do_rtt = 0;
6485 }
6486 /* record time */
6487 data_list[i]->sent_rcv_time = net->last_sent_time;
6488 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq;
6489 TAILQ_REMOVE(&asoc->send_queue,
6490 data_list[i],
6491 sctp_next);
6492 /* on to the sent queue */
6493 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead);
6494 if ((tp1) && (compare_with_wrap(tp1->rec.data.TSN_seq,
6495 data_list[i]->rec.data.TSN_seq, MAX_TSN))) {
6496 struct sctp_tmit_chunk *tpp;
6497
6498 /* need to move back */
6499 back_up_more:
6500 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next);
6501 if (tpp == NULL) {
6502 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next);
6503 goto all_done;
6504 }
6505 tp1 = tpp;
6506 if (compare_with_wrap(tp1->rec.data.TSN_seq,
6507 data_list[i]->rec.data.TSN_seq, MAX_TSN)) {
6508 goto back_up_more;
6509 }
6510 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next);
6511 } else {
6512 TAILQ_INSERT_TAIL(&asoc->sent_queue,
6513 data_list[i],
6514 sctp_next);
6515 }
6516all_done:
6517 /* This does not lower until the cum-ack passes it */
6518 asoc->sent_queue_cnt++;
6519 asoc->send_queue_cnt--;
6520 if ((asoc->peers_rwnd <= 0) &&
6521 (asoc->total_flight == 0) &&
6522 (bundle_at == 1)) {
6523 /* Mark the chunk as being a window probe */
6524 SCTP_STAT_INCR(sctps_windowprobed);
6525 }
6526#ifdef SCTP_AUDITING_ENABLED
6527 sctp_audit_log(0xC2, 3);
6528#endif
6529 data_list[i]->sent = SCTP_DATAGRAM_SENT;
6530 data_list[i]->snd_count = 1;
6531 data_list[i]->rec.data.chunk_was_revoked = 0;
6532 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
6533 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
6534 data_list[i]->whoTo->flight_size,
6535 data_list[i]->book_size,
6536 (uintptr_t) data_list[i]->whoTo,
6537 data_list[i]->rec.data.TSN_seq);
6538 }
6539 sctp_flight_size_increase(data_list[i]);
6540 sctp_total_flight_increase(stcb, data_list[i]);
6541 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
6542 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND,
6543 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
6544 }
6545 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd,
6546 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)));
6547 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
6548 /* SWS sender side engages */
6549 asoc->peers_rwnd = 0;
6550 }
6551 }
6552}
6553
6554static void
6555sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc)
6556{
6557 struct sctp_tmit_chunk *chk, *nchk;
6558
6559 for (chk = TAILQ_FIRST(&asoc->control_send_queue);
6560 chk; chk = nchk) {
6561 nchk = TAILQ_NEXT(chk, sctp_next);
6562 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) ||
6563 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */
6564 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) ||
6565 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) ||
6566 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) ||
6567 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) ||
6568 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) ||
6569 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) ||
6570 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) ||
6571 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) ||
6572 (chk->rec.chunk_id.id == SCTP_ECN_CWR) ||
6573 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) {
6574 /* Stray chunks must be cleaned up */
6575 clean_up_anyway:
6576 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
6577 if (chk->data) {
6578 sctp_m_freem(chk->data);
6579 chk->data = NULL;
6580 }
6581 asoc->ctrl_queue_cnt--;
|
9740 /* no more to look at */
9741 break;
9742 }
9743 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) {
9744 /* We don't report these */
9745 continue;
9746 }
9747 cnt_of_skipped++;
9748 }
9749 space_needed = (sizeof(struct sctp_forward_tsn_chunk) +
9750 (cnt_of_skipped * sizeof(struct sctp_strseq)));
9751
9752 cnt_of_space = M_TRAILINGSPACE(chk->data);
9753
9754 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
9755 ovh = SCTP_MIN_OVERHEAD;
9756 } else {
9757 ovh = SCTP_MIN_V4_OVERHEAD;
9758 }
9759 if (cnt_of_space > (asoc->smallest_mtu - ovh)) {
9760 /* trim to a mtu size */
9761 cnt_of_space = asoc->smallest_mtu - ovh;
9762 }
9763 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
9764 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
9765 0xff, 0, cnt_of_skipped,
9766 asoc->advanced_peer_ack_point);
9767
9768 }
9769 advance_peer_ack_point = asoc->advanced_peer_ack_point;
9770 if (cnt_of_space < space_needed) {
9771 /*-
9772 * ok we must trim down the chunk by lowering the
9773 * advance peer ack point.
9774 */
9775 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
9776 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
9777 0xff, 0xff, cnt_of_space,
9778 space_needed);
9779 }
9780 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk);
9781 cnt_of_skipped /= sizeof(struct sctp_strseq);
9782 /*-
9783 * Go through and find the TSN that will be the one
9784 * we report.
9785 */
9786 at = TAILQ_FIRST(&asoc->sent_queue);
9787 for (i = 0; i < cnt_of_skipped; i++) {
9788 tp1 = TAILQ_NEXT(at, sctp_next);
9789 at = tp1;
9790 }
9791 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
9792 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
9793 0xff, cnt_of_skipped, at->rec.data.TSN_seq,
9794 asoc->advanced_peer_ack_point);
9795 }
9796 last = at;
9797 /*-
9798 * last now points to last one I can report, update
9799 * peer ack point
9800 */
9801 advance_peer_ack_point = last->rec.data.TSN_seq;
9802 space_needed = sizeof(struct sctp_forward_tsn_chunk) +
9803 cnt_of_skipped * sizeof(struct sctp_strseq);
9804 }
9805 chk->send_size = space_needed;
9806 /* Setup the chunk */
9807 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *);
9808 fwdtsn->ch.chunk_length = htons(chk->send_size);
9809 fwdtsn->ch.chunk_flags = 0;
9810 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN;
9811 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point);
9812 SCTP_BUF_LEN(chk->data) = chk->send_size;
9813 fwdtsn++;
9814 /*-
9815 * Move pointer to after the fwdtsn and transfer to the
9816 * strseq pointer.
9817 */
9818 strseq = (struct sctp_strseq *)fwdtsn;
9819 /*-
9820 * Now populate the strseq list. This is done blindly
9821 * without pulling out duplicate stream info. This is
9822 * inefficent but won't harm the process since the peer will
9823 * look at these in sequence and will thus release anything.
9824 * It could mean we exceed the PMTU and chop off some that
9825 * we could have included.. but this is unlikely (aka 1432/4
9826 * would mean 300+ stream seq's would have to be reported in
9827 * one FWD-TSN. With a bit of work we can later FIX this to
9828 * optimize and pull out duplcates.. but it does add more
9829 * overhead. So for now... not!
9830 */
9831 at = TAILQ_FIRST(&asoc->sent_queue);
9832 for (i = 0; i < cnt_of_skipped; i++) {
9833 tp1 = TAILQ_NEXT(at, sctp_next);
9834 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) {
9835 /* We don't report these */
9836 i--;
9837 at = tp1;
9838 continue;
9839 }
9840 if (at->rec.data.TSN_seq == advance_peer_ack_point) {
9841 at->rec.data.fwd_tsn_cnt = 0;
9842 }
9843 strseq->stream = ntohs(at->rec.data.stream_number);
9844 strseq->sequence = ntohs(at->rec.data.stream_seq);
9845 strseq++;
9846 at = tp1;
9847 }
9848 }
9849 return;
9850
9851}
9852
9853void
9854sctp_send_sack(struct sctp_tcb *stcb)
9855{
9856 /*-
9857 * Queue up a SACK or NR-SACK in the control queue.
9858 * We must first check to see if a SACK or NR-SACK is
9859 * somehow on the control queue.
9860 * If so, we will take and and remove the old one.
9861 */
9862 struct sctp_association *asoc;
9863 struct sctp_tmit_chunk *chk, *a_chk;
9864 struct sctp_sack_chunk *sack;
9865 struct sctp_nr_sack_chunk *nr_sack;
9866 struct sctp_gap_ack_block *gap_descriptor;
9867 struct sack_track *selector;
9868 int mergeable = 0;
9869 int offset;
9870 caddr_t limit;
9871 uint32_t *dup;
9872 int limit_reached = 0;
9873 unsigned int i, sel_start, siz, j, starting_index;
9874 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space;
9875 int num_dups = 0;
9876 int space_req;
9877 uint32_t highest_tsn;
9878 uint8_t flags;
9879 uint8_t type;
9880
9881 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) &&
9882 stcb->asoc.peer_supports_nr_sack) {
9883 type = SCTP_NR_SELECTIVE_ACK;
9884 } else {
9885 type = SCTP_SELECTIVE_ACK;
9886 }
9887 a_chk = NULL;
9888 asoc = &stcb->asoc;
9889 SCTP_TCB_LOCK_ASSERT(stcb);
9890 if (asoc->last_data_chunk_from == NULL) {
9891 /* Hmm we never received anything */
9892 return;
9893 }
9894 sctp_slide_mapping_arrays(stcb);
9895 sctp_set_rwnd(stcb, asoc);
9896 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
9897 if (chk->rec.chunk_id.id == type) {
9898 /* Hmm, found a sack already on queue, remove it */
9899 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
9900 asoc->ctrl_queue_cnt++;
9901 a_chk = chk;
9902 if (a_chk->data) {
9903 sctp_m_freem(a_chk->data);
9904 a_chk->data = NULL;
9905 }
9906 sctp_free_remote_addr(a_chk->whoTo);
9907 a_chk->whoTo = NULL;
9908 break;
9909 }
9910 }
9911 if (a_chk == NULL) {
9912 sctp_alloc_a_chunk(stcb, a_chk);
9913 if (a_chk == NULL) {
9914 /* No memory so we drop the idea, and set a timer */
9915 if (stcb->asoc.delayed_ack) {
9916 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
9917 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5);
9918 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
9919 stcb->sctp_ep, stcb, NULL);
9920 } else {
9921 stcb->asoc.send_sack = 1;
9922 }
9923 return;
9924 }
9925 a_chk->copy_by_ref = 0;
9926 a_chk->rec.chunk_id.id = type;
9927 a_chk->rec.chunk_id.can_take_data = 1;
9928 }
9929 /* Clear our pkt counts */
9930 asoc->data_pkts_seen = 0;
9931
9932 a_chk->asoc = asoc;
9933 a_chk->snd_count = 0;
9934 a_chk->send_size = 0; /* fill in later */
9935 a_chk->sent = SCTP_DATAGRAM_UNSENT;
9936 a_chk->whoTo = NULL;
9937
9938 if ((asoc->numduptsns) ||
9939 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE)
9940 ) {
9941 /*-
9942 * Ok, we have some duplicates or the destination for the
9943 * sack is unreachable, lets see if we can select an
9944 * alternate than asoc->last_data_chunk_from
9945 */
9946 if ((!(asoc->last_data_chunk_from->dest_state &
9947 SCTP_ADDR_NOT_REACHABLE)) &&
9948 (asoc->used_alt_onsack > asoc->numnets)) {
9949 /* We used an alt last time, don't this time */
9950 a_chk->whoTo = NULL;
9951 } else {
9952 asoc->used_alt_onsack++;
9953 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0);
9954 }
9955 if (a_chk->whoTo == NULL) {
9956 /* Nope, no alternate */
9957 a_chk->whoTo = asoc->last_data_chunk_from;
9958 asoc->used_alt_onsack = 0;
9959 }
9960 } else {
9961 /*
9962 * No duplicates so we use the last place we received data
9963 * from.
9964 */
9965 asoc->used_alt_onsack = 0;
9966 a_chk->whoTo = asoc->last_data_chunk_from;
9967 }
9968 if (a_chk->whoTo) {
9969 atomic_add_int(&a_chk->whoTo->ref_count, 1);
9970 }
9971 if (compare_with_wrap(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map, MAX_TSN)) {
9972 highest_tsn = asoc->highest_tsn_inside_map;
9973 } else {
9974 highest_tsn = asoc->highest_tsn_inside_nr_map;
9975 }
9976 if (highest_tsn == asoc->cumulative_tsn) {
9977 /* no gaps */
9978 if (type == SCTP_SELECTIVE_ACK) {
9979 space_req = sizeof(struct sctp_sack_chunk);
9980 } else {
9981 space_req = sizeof(struct sctp_nr_sack_chunk);
9982 }
9983 } else {
9984 /* gaps get a cluster */
9985 space_req = MCLBYTES;
9986 }
9987 /* Ok now lets formulate a MBUF with our sack */
9988 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_DONTWAIT, 1, MT_DATA);
9989 if ((a_chk->data == NULL) ||
9990 (a_chk->whoTo == NULL)) {
9991 /* rats, no mbuf memory */
9992 if (a_chk->data) {
9993 /* was a problem with the destination */
9994 sctp_m_freem(a_chk->data);
9995 a_chk->data = NULL;
9996 }
9997 sctp_free_a_chunk(stcb, a_chk);
9998 /* sa_ignore NO_NULL_CHK */
9999 if (stcb->asoc.delayed_ack) {
10000 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
10001 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6);
10002 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
10003 stcb->sctp_ep, stcb, NULL);
10004 } else {
10005 stcb->asoc.send_sack = 1;
10006 }
10007 return;
10008 }
10009 /* ok, lets go through and fill it in */
10010 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD);
10011 space = M_TRAILINGSPACE(a_chk->data);
10012 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) {
10013 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD);
10014 }
10015 limit = mtod(a_chk->data, caddr_t);
10016 limit += space;
10017
10018 /* 0x01 is used by nonce for ecn */
10019 if ((SCTP_BASE_SYSCTL(sctp_ecn_enable)) &&
10020 (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) &&
10021 (asoc->peer_supports_ecn_nonce))
10022 flags = (asoc->receiver_nonce_sum & SCTP_SACK_NONCE_SUM);
10023 else
10024 flags = 0;
10025
10026 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
10027 /*-
10028 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been
10029 * received, then set high bit to 1, else 0. Reset
10030 * pkts_rcvd.
10031 */
10032 flags |= (asoc->cmt_dac_pkts_rcvd << 6);
10033 asoc->cmt_dac_pkts_rcvd = 0;
10034 }
10035#ifdef SCTP_ASOCLOG_OF_TSNS
10036 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn;
10037 stcb->asoc.cumack_log_atsnt++;
10038 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) {
10039 stcb->asoc.cumack_log_atsnt = 0;
10040 }
10041#endif
10042 /* reset the readers interpretation */
10043 stcb->freed_by_sorcv_sincelast = 0;
10044
10045 if (type == SCTP_SELECTIVE_ACK) {
10046 sack = mtod(a_chk->data, struct sctp_sack_chunk *);
10047 nr_sack = NULL;
10048 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk));
10049 if (highest_tsn > asoc->mapping_array_base_tsn) {
10050 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
10051 } else {
10052 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8;
10053 }
10054 } else {
10055 sack = NULL;
10056 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *);
10057 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk));
10058 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) {
10059 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
10060 } else {
10061 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8;
10062 }
10063 }
10064
10065 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) {
10066 offset = 1;
10067 /*-
10068 * The base TSN is intialized to be the first TSN the peer
10069 * will send us. If the cum-ack is behind this then when they
10070 * send us the next in sequence it will mark the base_tsn bit.
10071 * Thus we need to use the very first selector and the offset
10072 * is 1. Our table is built for this case.
10073 */
10074 starting_index = 0;
10075 sel_start = 0;
10076 } else {
10077 /*-
10078 * we skip the first selector when the cum-ack is at or above the
10079 * mapping array base. This is because the bits at the base or above
10080 * are turned on and our first selector in the table assumes they are
10081 * off. We thus will use the second selector (first is 0). We use
10082 * the reverse of our macro to fix the offset, in bits, that our
10083 * table is at. Note that this method assumes that the cum-tsn is
10084 * within the first bit, i.e. its value is 0-7 which means the
10085 * result to our offset will be either a 0 - -7. If the cumack
10086 * is NOT in the first byte (0) (which it should be since we did
10087 * a mapping array slide above) then we need to calculate the starting
10088 * index i.e. which byte of the mapping array we should start at. We
10089 * do this by dividing by 8 and pushing the remainder (mod) into offset.
10090 * then we multiply the offset to be negative, since we need a negative
10091 * offset into the selector table.
10092 */
10093 SCTP_CALC_TSN_TO_GAP(offset, asoc->cumulative_tsn, asoc->mapping_array_base_tsn);
10094 if (offset > 7) {
10095 starting_index = offset / 8;
10096 offset = offset % 8;
10097 printf("Strange starting index is %d offset:%d (not 0/x)\n",
10098 starting_index, offset);
10099 } else {
10100 starting_index = 0;
10101 }
10102 /* We need a negative offset in our table */
10103 offset *= -1;
10104 sel_start = 1;
10105 }
10106 if (((type == SCTP_SELECTIVE_ACK) &&
10107 compare_with_wrap(highest_tsn, asoc->cumulative_tsn, MAX_TSN)) ||
10108 ((type == SCTP_NR_SELECTIVE_ACK) &&
10109 compare_with_wrap(asoc->highest_tsn_inside_map, asoc->cumulative_tsn, MAX_TSN))) {
10110 /* we have a gap .. maybe */
10111 for (i = starting_index; i < siz; i++) {
10112 if (type == SCTP_SELECTIVE_ACK) {
10113 selector = &sack_array[asoc->mapping_array[i] | asoc->nr_mapping_array[i]];
10114 } else {
10115 selector = &sack_array[asoc->mapping_array[i]];
10116 }
10117 if (mergeable && selector->right_edge) {
10118 /*
10119 * Backup, left and right edges were ok to
10120 * merge.
10121 */
10122 num_gap_blocks--;
10123 gap_descriptor--;
10124 }
10125 if (selector->num_entries == 0)
10126 mergeable = 0;
10127 else {
10128 for (j = sel_start; j < selector->num_entries; j++) {
10129 if (mergeable && selector->right_edge) {
10130 /*
10131 * do a merge by NOT setting
10132 * the left side
10133 */
10134 mergeable = 0;
10135 } else {
10136 /*
10137 * no merge, set the left
10138 * side
10139 */
10140 mergeable = 0;
10141 gap_descriptor->start = htons((selector->gaps[j].start + offset));
10142 }
10143 gap_descriptor->end = htons((selector->gaps[j].end + offset));
10144 num_gap_blocks++;
10145 gap_descriptor++;
10146 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) {
10147 /* no more room */
10148 limit_reached = 1;
10149 break;
10150 }
10151 }
10152 if (selector->left_edge) {
10153 mergeable = 1;
10154 }
10155 }
10156 if (limit_reached) {
10157 /* Reached the limit stop */
10158 break;
10159 }
10160 sel_start = 0;
10161 offset += 8;
10162 }
10163 }
10164 if ((type == SCTP_NR_SELECTIVE_ACK) &&
10165 (limit_reached == 0)) {
10166
10167 mergeable = 0;
10168
10169 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn)
10170 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
10171 else
10172 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8;
10173
10174 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) {
10175 offset = 1;
10176 /*-
10177 * cum-ack behind the mapping array, so we start and use all
10178 * entries.
10179 */
10180 sel_start = 0;
10181 } else {
10182 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn;
10183 /*-
10184 * we skip the first one when the cum-ack is at or above the
10185 * mapping array base. Note this only works if
10186 */
10187 sel_start = 1;
10188 }
10189 if (compare_with_wrap(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn, MAX_TSN)) {
10190 /* we have a gap .. maybe */
10191 for (i = 0; i < siz; i++) {
10192 selector = &sack_array[asoc->nr_mapping_array[i]];
10193 if (mergeable && selector->right_edge) {
10194 /*
10195 * Backup, left and right edges were
10196 * ok to merge.
10197 */
10198 num_nr_gap_blocks--;
10199 gap_descriptor--;
10200 }
10201 if (selector->num_entries == 0)
10202 mergeable = 0;
10203 else {
10204 for (j = sel_start; j < selector->num_entries; j++) {
10205 if (mergeable && selector->right_edge) {
10206 /*
10207 * do a merge by NOT
10208 * setting the left
10209 * side
10210 */
10211 mergeable = 0;
10212 } else {
10213 /*
10214 * no merge, set the
10215 * left side
10216 */
10217 mergeable = 0;
10218 gap_descriptor->start = htons((selector->gaps[j].start + offset));
10219 }
10220 gap_descriptor->end = htons((selector->gaps[j].end + offset));
10221 num_nr_gap_blocks++;
10222 gap_descriptor++;
10223 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) {
10224 /* no more room */
10225 limit_reached = 1;
10226 break;
10227 }
10228 }
10229 if (selector->left_edge) {
10230 mergeable = 1;
10231 }
10232 }
10233 if (limit_reached) {
10234 /* Reached the limit stop */
10235 break;
10236 }
10237 sel_start = 0;
10238 offset += 8;
10239 }
10240 }
10241 }
10242 /* now we must add any dups we are going to report. */
10243 if ((limit_reached == 0) && (asoc->numduptsns)) {
10244 dup = (uint32_t *) gap_descriptor;
10245 for (i = 0; i < asoc->numduptsns; i++) {
10246 *dup = htonl(asoc->dup_tsns[i]);
10247 dup++;
10248 num_dups++;
10249 if (((caddr_t)dup + sizeof(uint32_t)) > limit) {
10250 /* no more room */
10251 break;
10252 }
10253 }
10254 asoc->numduptsns = 0;
10255 }
10256 /*
10257 * now that the chunk is prepared queue it to the control chunk
10258 * queue.
10259 */
10260 if (type == SCTP_SELECTIVE_ACK) {
10261 a_chk->send_size = sizeof(struct sctp_sack_chunk) +
10262 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) +
10263 num_dups * sizeof(int32_t);
10264 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size;
10265 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn);
10266 sack->sack.a_rwnd = htonl(asoc->my_rwnd);
10267 sack->sack.num_gap_ack_blks = htons(num_gap_blocks);
10268 sack->sack.num_dup_tsns = htons(num_dups);
10269 sack->ch.chunk_type = type;
10270 sack->ch.chunk_flags = flags;
10271 sack->ch.chunk_length = htons(a_chk->send_size);
10272 } else {
10273 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) +
10274 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) +
10275 num_dups * sizeof(int32_t);
10276 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size;
10277 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn);
10278 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd);
10279 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks);
10280 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks);
10281 nr_sack->nr_sack.num_dup_tsns = htons(num_dups);
10282 nr_sack->nr_sack.reserved = 0;
10283 nr_sack->ch.chunk_type = type;
10284 nr_sack->ch.chunk_flags = flags;
10285 nr_sack->ch.chunk_length = htons(a_chk->send_size);
10286 }
10287 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next);
10288 asoc->my_last_reported_rwnd = asoc->my_rwnd;
10289 asoc->ctrl_queue_cnt++;
10290 asoc->send_sack = 0;
10291 SCTP_STAT_INCR(sctps_sendsacks);
10292 return;
10293}
10294
10295void
10296sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked
10297#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
10298 SCTP_UNUSED
10299#endif
10300)
10301{
10302 struct mbuf *m_abort;
10303 struct mbuf *m_out = NULL, *m_end = NULL;
10304 struct sctp_abort_chunk *abort = NULL;
10305 int sz;
10306 uint32_t auth_offset = 0;
10307 struct sctp_auth_chunk *auth = NULL;
10308
10309 /*-
10310 * Add an AUTH chunk, if chunk requires it and save the offset into
10311 * the chain for AUTH
10312 */
10313 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION,
10314 stcb->asoc.peer_auth_chunks)) {
10315 m_out = sctp_add_auth_chunk(m_out, &m_end, &auth, &auth_offset,
10316 stcb, SCTP_ABORT_ASSOCIATION);
10317 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10318 }
10319 SCTP_TCB_LOCK_ASSERT(stcb);
10320 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_DONTWAIT, 1, MT_HEADER);
10321 if (m_abort == NULL) {
10322 /* no mbuf's */
10323 if (m_out)
10324 sctp_m_freem(m_out);
10325 return;
10326 }
10327 /* link in any error */
10328 SCTP_BUF_NEXT(m_abort) = operr;
10329 sz = 0;
10330 if (operr) {
10331 struct mbuf *n;
10332
10333 n = operr;
10334 while (n) {
10335 sz += SCTP_BUF_LEN(n);
10336 n = SCTP_BUF_NEXT(n);
10337 }
10338 }
10339 SCTP_BUF_LEN(m_abort) = sizeof(*abort);
10340 if (m_out == NULL) {
10341 /* NO Auth chunk prepended, so reserve space in front */
10342 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD);
10343 m_out = m_abort;
10344 } else {
10345 /* Put AUTH chunk at the front of the chain */
10346 SCTP_BUF_NEXT(m_end) = m_abort;
10347 }
10348
10349 /* fill in the ABORT chunk */
10350 abort = mtod(m_abort, struct sctp_abort_chunk *);
10351 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION;
10352 abort->ch.chunk_flags = 0;
10353 abort->ch.chunk_length = htons(sizeof(*abort) + sz);
10354
10355 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb,
10356 stcb->asoc.primary_destination,
10357 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr,
10358 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, NULL, 0,
10359 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag),
10360 stcb->asoc.primary_destination->port, so_locked, NULL);
10361 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10362}
10363
10364void
10365sctp_send_shutdown_complete(struct sctp_tcb *stcb,
10366 struct sctp_nets *net,
10367 int reflect_vtag)
10368{
10369 /* formulate and SEND a SHUTDOWN-COMPLETE */
10370 struct mbuf *m_shutdown_comp;
10371 struct sctp_shutdown_complete_chunk *shutdown_complete;
10372 uint32_t vtag;
10373 uint8_t flags;
10374
10375 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER);
10376 if (m_shutdown_comp == NULL) {
10377 /* no mbuf's */
10378 return;
10379 }
10380 if (reflect_vtag) {
10381 flags = SCTP_HAD_NO_TCB;
10382 vtag = stcb->asoc.my_vtag;
10383 } else {
10384 flags = 0;
10385 vtag = stcb->asoc.peer_vtag;
10386 }
10387 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *);
10388 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE;
10389 shutdown_complete->ch.chunk_flags = flags;
10390 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk));
10391 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk);
10392 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net,
10393 (struct sockaddr *)&net->ro._l_addr,
10394 m_shutdown_comp, 0, NULL, 0, 1, 0, NULL, 0,
10395 stcb->sctp_ep->sctp_lport, stcb->rport,
10396 htonl(vtag),
10397 net->port, SCTP_SO_NOT_LOCKED, NULL);
10398 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10399 return;
10400}
10401
10402void
10403sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh,
10404 uint32_t vrf_id, uint16_t port)
10405{
10406 /* formulate and SEND a SHUTDOWN-COMPLETE */
10407 struct mbuf *o_pak;
10408 struct mbuf *mout;
10409 struct ip *iph, *iph_out;
10410 struct udphdr *udp = NULL;
10411
10412#ifdef INET6
10413 struct ip6_hdr *ip6, *ip6_out;
10414
10415#endif
10416 int offset_out, len, mlen;
10417 struct sctp_shutdown_complete_msg *comp_cp;
10418
10419 iph = mtod(m, struct ip *);
10420 switch (iph->ip_v) {
10421 case IPVERSION:
10422 len = (sizeof(struct ip) + sizeof(struct sctp_shutdown_complete_msg));
10423 break;
10424#ifdef INET6
10425 case IPV6_VERSION >> 4:
10426 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_shutdown_complete_msg));
10427 break;
10428#endif
10429 default:
10430 return;
10431 }
10432 if (port) {
10433 len += sizeof(struct udphdr);
10434 }
10435 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA);
10436 if (mout == NULL) {
10437 return;
10438 }
10439 SCTP_BUF_RESV_UF(mout, max_linkhdr);
10440 SCTP_BUF_LEN(mout) = len;
10441 SCTP_BUF_NEXT(mout) = NULL;
10442 iph_out = NULL;
10443#ifdef INET6
10444 ip6_out = NULL;
10445#endif
10446 offset_out = 0;
10447
10448 switch (iph->ip_v) {
10449 case IPVERSION:
10450 iph_out = mtod(mout, struct ip *);
10451
10452 /* Fill in the IP header for the ABORT */
10453 iph_out->ip_v = IPVERSION;
10454 iph_out->ip_hl = (sizeof(struct ip) / 4);
10455 iph_out->ip_tos = (u_char)0;
10456 iph_out->ip_id = 0;
10457 iph_out->ip_off = 0;
10458 iph_out->ip_ttl = MAXTTL;
10459 if (port) {
10460 iph_out->ip_p = IPPROTO_UDP;
10461 } else {
10462 iph_out->ip_p = IPPROTO_SCTP;
10463 }
10464 iph_out->ip_src.s_addr = iph->ip_dst.s_addr;
10465 iph_out->ip_dst.s_addr = iph->ip_src.s_addr;
10466
10467 /* let IP layer calculate this */
10468 iph_out->ip_sum = 0;
10469 offset_out += sizeof(*iph_out);
10470 comp_cp = (struct sctp_shutdown_complete_msg *)(
10471 (caddr_t)iph_out + offset_out);
10472 break;
10473#ifdef INET6
10474 case IPV6_VERSION >> 4:
10475 ip6 = (struct ip6_hdr *)iph;
10476 ip6_out = mtod(mout, struct ip6_hdr *);
10477
10478 /* Fill in the IPv6 header for the ABORT */
10479 ip6_out->ip6_flow = ip6->ip6_flow;
10480 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
10481 if (port) {
10482 ip6_out->ip6_nxt = IPPROTO_UDP;
10483 } else {
10484 ip6_out->ip6_nxt = IPPROTO_SCTP;
10485 }
10486 ip6_out->ip6_src = ip6->ip6_dst;
10487 ip6_out->ip6_dst = ip6->ip6_src;
10488 /*
10489 * ?? The old code had both the iph len + payload, I think
10490 * this is wrong and would never have worked
10491 */
10492 ip6_out->ip6_plen = sizeof(struct sctp_shutdown_complete_msg);
10493 offset_out += sizeof(*ip6_out);
10494 comp_cp = (struct sctp_shutdown_complete_msg *)(
10495 (caddr_t)ip6_out + offset_out);
10496 break;
10497#endif /* INET6 */
10498 default:
10499 /* Currently not supported. */
10500 sctp_m_freem(mout);
10501 return;
10502 }
10503 if (port) {
10504 udp = (struct udphdr *)comp_cp;
10505 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
10506 udp->uh_dport = port;
10507 udp->uh_ulen = htons(sizeof(struct sctp_shutdown_complete_msg) + sizeof(struct udphdr));
10508 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
10509 offset_out += sizeof(struct udphdr);
10510 comp_cp = (struct sctp_shutdown_complete_msg *)((caddr_t)comp_cp + sizeof(struct udphdr));
10511 }
10512 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
10513 /* no mbuf's */
10514 sctp_m_freem(mout);
10515 return;
10516 }
10517 /* Now copy in and fill in the ABORT tags etc. */
10518 comp_cp->sh.src_port = sh->dest_port;
10519 comp_cp->sh.dest_port = sh->src_port;
10520 comp_cp->sh.checksum = 0;
10521 comp_cp->sh.v_tag = sh->v_tag;
10522 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB;
10523 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE;
10524 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk));
10525
10526 if (iph_out != NULL) {
10527 sctp_route_t ro;
10528 int ret;
10529 struct sctp_tcb *stcb = NULL;
10530
10531 mlen = SCTP_BUF_LEN(mout);
10532 bzero(&ro, sizeof ro);
10533 /* set IPv4 length */
10534 iph_out->ip_len = mlen;
10535#ifdef SCTP_PACKET_LOGGING
10536 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
10537 sctp_packet_log(mout, mlen);
10538#endif
10539 if (port) {
10540 comp_cp->sh.checksum = sctp_calculate_cksum(mout, offset_out);
10541 SCTP_STAT_INCR(sctps_sendswcrc);
10542 SCTP_ENABLE_UDP_CSUM(mout);
10543 } else {
10544 mout->m_pkthdr.csum_flags = CSUM_SCTP;
10545 mout->m_pkthdr.csum_data = 0;
10546 SCTP_STAT_INCR(sctps_sendhwcrc);
10547 }
10548 SCTP_ATTACH_CHAIN(o_pak, mout, mlen);
10549 /* out it goes */
10550 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id);
10551
10552 /* Free the route if we got one back */
10553 if (ro.ro_rt)
10554 RTFREE(ro.ro_rt);
10555 }
10556#ifdef INET6
10557 if (ip6_out != NULL) {
10558 struct route_in6 ro;
10559 int ret;
10560 struct sctp_tcb *stcb = NULL;
10561 struct ifnet *ifp = NULL;
10562
10563 bzero(&ro, sizeof(ro));
10564 mlen = SCTP_BUF_LEN(mout);
10565#ifdef SCTP_PACKET_LOGGING
10566 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
10567 sctp_packet_log(mout, mlen);
10568#endif
10569 SCTP_ATTACH_CHAIN(o_pak, mout, mlen);
10570 if (port) {
10571 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
10572 (stcb) &&
10573 (stcb->asoc.loopback_scope))) {
10574 comp_cp->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
10575 SCTP_STAT_INCR(sctps_sendswcrc);
10576 } else {
10577 SCTP_STAT_INCR(sctps_sendnocrc);
10578 }
10579 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), mlen - sizeof(struct ip6_hdr))) == 0) {
10580 udp->uh_sum = 0xffff;
10581 }
10582 } else {
10583 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
10584 (stcb) &&
10585 (stcb->asoc.loopback_scope))) {
10586 mout->m_pkthdr.csum_flags = CSUM_SCTP;
10587 mout->m_pkthdr.csum_data = 0;
10588 SCTP_STAT_INCR(sctps_sendhwcrc);
10589 } else {
10590 SCTP_STAT_INCR(sctps_sendnocrc);
10591 }
10592 }
10593 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id);
10594
10595 /* Free the route if we got one back */
10596 if (ro.ro_rt)
10597 RTFREE(ro.ro_rt);
10598 }
10599#endif
10600 SCTP_STAT_INCR(sctps_sendpackets);
10601 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
10602 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10603 return;
10604
10605}
10606
10607static struct sctp_nets *
10608sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now)
10609{
10610 struct sctp_nets *net, *hnet;
10611 int ms_goneby, highest_ms, state_overide = 0;
10612
10613 (void)SCTP_GETTIME_TIMEVAL(now);
10614 highest_ms = 0;
10615 hnet = NULL;
10616 SCTP_TCB_LOCK_ASSERT(stcb);
10617 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
10618 if (
10619 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) ||
10620 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)
10621 ) {
10622 /*
10623 * Skip this guy from consideration if HB is off AND
10624 * its confirmed
10625 */
10626 continue;
10627 }
10628 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro._l_addr) == 0) {
10629 /* skip this dest net from consideration */
10630 continue;
10631 }
10632 if (net->last_sent_time.tv_sec) {
10633 /* Sent to so we subtract */
10634 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000;
10635 } else
10636 /* Never been sent to */
10637 ms_goneby = 0x7fffffff;
10638 /*-
10639 * When the address state is unconfirmed but still
10640 * considered reachable, we HB at a higher rate. Once it
10641 * goes confirmed OR reaches the "unreachable" state, thenw
10642 * we cut it back to HB at a more normal pace.
10643 */
10644 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) {
10645 state_overide = 1;
10646 } else {
10647 state_overide = 0;
10648 }
10649
10650 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) &&
10651 (ms_goneby > highest_ms)) {
10652 highest_ms = ms_goneby;
10653 hnet = net;
10654 }
10655 }
10656 if (hnet &&
10657 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) {
10658 state_overide = 1;
10659 } else {
10660 state_overide = 0;
10661 }
10662
10663 if (hnet && highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) {
10664 /*-
10665 * Found the one with longest delay bounds OR it is
10666 * unconfirmed and still not marked unreachable.
10667 */
10668 SCTPDBG(SCTP_DEBUG_OUTPUT4, "net:%p is the hb winner -", hnet);
10669#ifdef SCTP_DEBUG
10670 if (hnet) {
10671 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT4,
10672 (struct sockaddr *)&hnet->ro._l_addr);
10673 } else {
10674 SCTPDBG(SCTP_DEBUG_OUTPUT4, " none\n");
10675 }
10676#endif
10677 /* update the timer now */
10678 hnet->last_sent_time = *now;
10679 return (hnet);
10680 }
10681 /* Nothing to HB */
10682 return (NULL);
10683}
10684
10685int
10686sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net)
10687{
10688 struct sctp_tmit_chunk *chk;
10689 struct sctp_nets *net;
10690 struct sctp_heartbeat_chunk *hb;
10691 struct timeval now;
10692 struct sockaddr_in *sin;
10693 struct sockaddr_in6 *sin6;
10694
10695 SCTP_TCB_LOCK_ASSERT(stcb);
10696 if (user_req == 0) {
10697 net = sctp_select_hb_destination(stcb, &now);
10698 if (net == NULL) {
10699 /*-
10700 * All our busy none to send to, just start the
10701 * timer again.
10702 */
10703 if (stcb->asoc.state == 0) {
10704 return (0);
10705 }
10706 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT,
10707 stcb->sctp_ep,
10708 stcb,
10709 net);
10710 return (0);
10711 }
10712 } else {
10713 net = u_net;
10714 if (net == NULL) {
10715 return (0);
10716 }
10717 (void)SCTP_GETTIME_TIMEVAL(&now);
10718 }
10719 sin = (struct sockaddr_in *)&net->ro._l_addr;
10720 if (sin->sin_family != AF_INET) {
10721 if (sin->sin_family != AF_INET6) {
10722 /* huh */
10723 return (0);
10724 }
10725 }
10726 sctp_alloc_a_chunk(stcb, chk);
10727 if (chk == NULL) {
10728 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n");
10729 return (0);
10730 }
10731 chk->copy_by_ref = 0;
10732 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST;
10733 chk->rec.chunk_id.can_take_data = 1;
10734 chk->asoc = &stcb->asoc;
10735 chk->send_size = sizeof(struct sctp_heartbeat_chunk);
10736
10737 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER);
10738 if (chk->data == NULL) {
10739 sctp_free_a_chunk(stcb, chk);
10740 return (0);
10741 }
10742 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
10743 SCTP_BUF_LEN(chk->data) = chk->send_size;
10744 chk->sent = SCTP_DATAGRAM_UNSENT;
10745 chk->snd_count = 0;
10746 chk->whoTo = net;
10747 atomic_add_int(&chk->whoTo->ref_count, 1);
10748 /* Now we have a mbuf that we can fill in with the details */
10749 hb = mtod(chk->data, struct sctp_heartbeat_chunk *);
10750 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk));
10751 /* fill out chunk header */
10752 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST;
10753 hb->ch.chunk_flags = 0;
10754 hb->ch.chunk_length = htons(chk->send_size);
10755 /* Fill out hb parameter */
10756 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO);
10757 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param));
10758 hb->heartbeat.hb_info.time_value_1 = now.tv_sec;
10759 hb->heartbeat.hb_info.time_value_2 = now.tv_usec;
10760 /* Did our user request this one, put it in */
10761 hb->heartbeat.hb_info.user_req = user_req;
10762 hb->heartbeat.hb_info.addr_family = sin->sin_family;
10763 hb->heartbeat.hb_info.addr_len = sin->sin_len;
10764 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
10765 /*
10766 * we only take from the entropy pool if the address is not
10767 * confirmed.
10768 */
10769 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
10770 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
10771 } else {
10772 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0;
10773 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0;
10774 }
10775 if (sin->sin_family == AF_INET) {
10776 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr));
10777 } else if (sin->sin_family == AF_INET6) {
10778 /* We leave the scope the way it is in our lookup table. */
10779 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
10780 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr));
10781 } else {
10782 /* huh compiler bug */
10783 return (0);
10784 }
10785
10786 /*
10787 * JRS 5/14/07 - In CMT PF, the T3 timer is used to track
10788 * PF-heartbeats. Because of this, threshold management is done by
10789 * the t3 timer handler, and does not need to be done upon the send
10790 * of a PF-heartbeat. If CMT PF is on and the destination to which a
10791 * heartbeat is being sent is in PF state, do NOT do threshold
10792 * management.
10793 */
10794 if ((SCTP_BASE_SYSCTL(sctp_cmt_pf) == 0) || ((net->dest_state & SCTP_ADDR_PF) != SCTP_ADDR_PF)) {
10795 /* ok we have a destination that needs a beat */
10796 /* lets do the theshold management Qiaobing style */
10797 if (sctp_threshold_management(stcb->sctp_ep, stcb, net,
10798 stcb->asoc.max_send_times)) {
10799 /*-
10800 * we have lost the association, in a way this is
10801 * quite bad since we really are one less time since
10802 * we really did not send yet. This is the down side
10803 * to the Q's style as defined in the RFC and not my
10804 * alternate style defined in the RFC.
10805 */
10806 if (chk->data != NULL) {
10807 sctp_m_freem(chk->data);
10808 chk->data = NULL;
10809 }
10810 /*
10811 * Here we do NOT use the macro since the
10812 * association is now gone.
10813 */
10814 if (chk->whoTo) {
10815 sctp_free_remote_addr(chk->whoTo);
10816 chk->whoTo = NULL;
10817 }
10818 sctp_free_a_chunk((struct sctp_tcb *)NULL, chk);
10819 return (-1);
10820 }
10821 }
10822 net->hb_responded = 0;
10823 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
10824 stcb->asoc.ctrl_queue_cnt++;
10825 SCTP_STAT_INCR(sctps_sendheartbeat);
10826 /*-
10827 * Call directly med level routine to put out the chunk. It will
10828 * always tumble out control chunks aka HB but it may even tumble
10829 * out data too.
10830 */
10831 return (1);
10832}
10833
10834void
10835sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net,
10836 uint32_t high_tsn)
10837{
10838 struct sctp_association *asoc;
10839 struct sctp_ecne_chunk *ecne;
10840 struct sctp_tmit_chunk *chk;
10841
10842 asoc = &stcb->asoc;
10843 SCTP_TCB_LOCK_ASSERT(stcb);
10844 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
10845 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) {
10846 /* found a previous ECN_ECHO update it if needed */
10847 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
10848 ecne->tsn = htonl(high_tsn);
10849 return;
10850 }
10851 }
10852 /* nope could not find one to update so we must build one */
10853 sctp_alloc_a_chunk(stcb, chk);
10854 if (chk == NULL) {
10855 return;
10856 }
10857 chk->copy_by_ref = 0;
10858 SCTP_STAT_INCR(sctps_sendecne);
10859 chk->rec.chunk_id.id = SCTP_ECN_ECHO;
10860 chk->rec.chunk_id.can_take_data = 0;
10861 chk->asoc = &stcb->asoc;
10862 chk->send_size = sizeof(struct sctp_ecne_chunk);
10863 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER);
10864 if (chk->data == NULL) {
10865 sctp_free_a_chunk(stcb, chk);
10866 return;
10867 }
10868 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
10869 SCTP_BUF_LEN(chk->data) = chk->send_size;
10870 chk->sent = SCTP_DATAGRAM_UNSENT;
10871 chk->snd_count = 0;
10872 chk->whoTo = net;
10873 atomic_add_int(&chk->whoTo->ref_count, 1);
10874 stcb->asoc.ecn_echo_cnt_onq++;
10875 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
10876 ecne->ch.chunk_type = SCTP_ECN_ECHO;
10877 ecne->ch.chunk_flags = 0;
10878 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk));
10879 ecne->tsn = htonl(high_tsn);
10880 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
10881 asoc->ctrl_queue_cnt++;
10882}
10883
10884void
10885sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net,
10886 struct mbuf *m, int iphlen, int bad_crc)
10887{
10888 struct sctp_association *asoc;
10889 struct sctp_pktdrop_chunk *drp;
10890 struct sctp_tmit_chunk *chk;
10891 uint8_t *datap;
10892 int len;
10893 int was_trunc = 0;
10894 struct ip *iph;
10895
10896#ifdef INET6
10897 struct ip6_hdr *ip6h;
10898
10899#endif
10900 int fullsz = 0, extra = 0;
10901 long spc;
10902 int offset;
10903 struct sctp_chunkhdr *ch, chunk_buf;
10904 unsigned int chk_length;
10905
10906 if (!stcb) {
10907 return;
10908 }
10909 asoc = &stcb->asoc;
10910 SCTP_TCB_LOCK_ASSERT(stcb);
10911 if (asoc->peer_supports_pktdrop == 0) {
10912 /*-
10913 * peer must declare support before I send one.
10914 */
10915 return;
10916 }
10917 if (stcb->sctp_socket == NULL) {
10918 return;
10919 }
10920 sctp_alloc_a_chunk(stcb, chk);
10921 if (chk == NULL) {
10922 return;
10923 }
10924 chk->copy_by_ref = 0;
10925 iph = mtod(m, struct ip *);
10926 if (iph == NULL) {
10927 sctp_free_a_chunk(stcb, chk);
10928 return;
10929 }
10930 switch (iph->ip_v) {
10931 case IPVERSION:
10932 /* IPv4 */
10933 len = chk->send_size = iph->ip_len;
10934 break;
10935#ifdef INET6
10936 case IPV6_VERSION >> 4:
10937 /* IPv6 */
10938 ip6h = mtod(m, struct ip6_hdr *);
10939 len = chk->send_size = htons(ip6h->ip6_plen);
10940 break;
10941#endif
10942 default:
10943 return;
10944 }
10945 /* Validate that we do not have an ABORT in here. */
10946 offset = iphlen + sizeof(struct sctphdr);
10947 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
10948 sizeof(*ch), (uint8_t *) & chunk_buf);
10949 while (ch != NULL) {
10950 chk_length = ntohs(ch->chunk_length);
10951 if (chk_length < sizeof(*ch)) {
10952 /* break to abort land */
10953 break;
10954 }
10955 switch (ch->chunk_type) {
10956 case SCTP_PACKET_DROPPED:
10957 case SCTP_ABORT_ASSOCIATION:
10958 /*-
10959 * we don't respond with an PKT-DROP to an ABORT
10960 * or PKT-DROP
10961 */
10962 sctp_free_a_chunk(stcb, chk);
10963 return;
10964 default:
10965 break;
10966 }
10967 offset += SCTP_SIZE32(chk_length);
10968 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
10969 sizeof(*ch), (uint8_t *) & chunk_buf);
10970 }
10971
10972 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) >
10973 min(stcb->asoc.smallest_mtu, MCLBYTES)) {
10974 /*
10975 * only send 1 mtu worth, trim off the excess on the end.
10976 */
10977 fullsz = len - extra;
10978 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD;
10979 was_trunc = 1;
10980 }
10981 chk->asoc = &stcb->asoc;
10982 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
10983 if (chk->data == NULL) {
10984jump_out:
10985 sctp_free_a_chunk(stcb, chk);
10986 return;
10987 }
10988 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
10989 drp = mtod(chk->data, struct sctp_pktdrop_chunk *);
10990 if (drp == NULL) {
10991 sctp_m_freem(chk->data);
10992 chk->data = NULL;
10993 goto jump_out;
10994 }
10995 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) +
10996 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD));
10997 chk->book_size_scale = 0;
10998 if (was_trunc) {
10999 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED;
11000 drp->trunc_len = htons(fullsz);
11001 /*
11002 * Len is already adjusted to size minus overhead above take
11003 * out the pkt_drop chunk itself from it.
11004 */
11005 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk);
11006 len = chk->send_size;
11007 } else {
11008 /* no truncation needed */
11009 drp->ch.chunk_flags = 0;
11010 drp->trunc_len = htons(0);
11011 }
11012 if (bad_crc) {
11013 drp->ch.chunk_flags |= SCTP_BADCRC;
11014 }
11015 chk->send_size += sizeof(struct sctp_pktdrop_chunk);
11016 SCTP_BUF_LEN(chk->data) = chk->send_size;
11017 chk->sent = SCTP_DATAGRAM_UNSENT;
11018 chk->snd_count = 0;
11019 if (net) {
11020 /* we should hit here */
11021 chk->whoTo = net;
11022 } else {
11023 chk->whoTo = asoc->primary_destination;
11024 }
11025 atomic_add_int(&chk->whoTo->ref_count, 1);
11026 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED;
11027 chk->rec.chunk_id.can_take_data = 1;
11028 drp->ch.chunk_type = SCTP_PACKET_DROPPED;
11029 drp->ch.chunk_length = htons(chk->send_size);
11030 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket);
11031 if (spc < 0) {
11032 spc = 0;
11033 }
11034 drp->bottle_bw = htonl(spc);
11035 if (asoc->my_rwnd) {
11036 drp->current_onq = htonl(asoc->size_on_reasm_queue +
11037 asoc->size_on_all_streams +
11038 asoc->my_rwnd_control_len +
11039 stcb->sctp_socket->so_rcv.sb_cc);
11040 } else {
11041 /*-
11042 * If my rwnd is 0, possibly from mbuf depletion as well as
11043 * space used, tell the peer there is NO space aka onq == bw
11044 */
11045 drp->current_onq = htonl(spc);
11046 }
11047 drp->reserved = 0;
11048 datap = drp->data;
11049 m_copydata(m, iphlen, len, (caddr_t)datap);
11050 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
11051 asoc->ctrl_queue_cnt++;
11052}
11053
11054void
11055sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn)
11056{
11057 struct sctp_association *asoc;
11058 struct sctp_cwr_chunk *cwr;
11059 struct sctp_tmit_chunk *chk;
11060
11061 asoc = &stcb->asoc;
11062 SCTP_TCB_LOCK_ASSERT(stcb);
11063 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
11064 if (chk->rec.chunk_id.id == SCTP_ECN_CWR) {
11065 /* found a previous ECN_CWR update it if needed */
11066 cwr = mtod(chk->data, struct sctp_cwr_chunk *);
11067 if (compare_with_wrap(high_tsn, ntohl(cwr->tsn),
11068 MAX_TSN)) {
11069 cwr->tsn = htonl(high_tsn);
11070 }
11071 return;
11072 }
11073 }
11074 /* nope could not find one to update so we must build one */
11075 sctp_alloc_a_chunk(stcb, chk);
11076 if (chk == NULL) {
11077 return;
11078 }
11079 chk->copy_by_ref = 0;
11080 chk->rec.chunk_id.id = SCTP_ECN_CWR;
11081 chk->rec.chunk_id.can_take_data = 1;
11082 chk->asoc = &stcb->asoc;
11083 chk->send_size = sizeof(struct sctp_cwr_chunk);
11084 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER);
11085 if (chk->data == NULL) {
11086 sctp_free_a_chunk(stcb, chk);
11087 return;
11088 }
11089 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
11090 SCTP_BUF_LEN(chk->data) = chk->send_size;
11091 chk->sent = SCTP_DATAGRAM_UNSENT;
11092 chk->snd_count = 0;
11093 chk->whoTo = net;
11094 atomic_add_int(&chk->whoTo->ref_count, 1);
11095 cwr = mtod(chk->data, struct sctp_cwr_chunk *);
11096 cwr->ch.chunk_type = SCTP_ECN_CWR;
11097 cwr->ch.chunk_flags = 0;
11098 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk));
11099 cwr->tsn = htonl(high_tsn);
11100 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
11101 asoc->ctrl_queue_cnt++;
11102}
11103
11104void
11105sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk,
11106 int number_entries, uint16_t * list,
11107 uint32_t seq, uint32_t resp_seq, uint32_t last_sent)
11108{
11109 int len, old_len, i;
11110 struct sctp_stream_reset_out_request *req_out;
11111 struct sctp_chunkhdr *ch;
11112
11113 ch = mtod(chk->data, struct sctp_chunkhdr *);
11114
11115
11116 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11117
11118 /* get to new offset for the param. */
11119 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len);
11120 /* now how long will this param be? */
11121 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries));
11122 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST);
11123 req_out->ph.param_length = htons(len);
11124 req_out->request_seq = htonl(seq);
11125 req_out->response_seq = htonl(resp_seq);
11126 req_out->send_reset_at_tsn = htonl(last_sent);
11127 if (number_entries) {
11128 for (i = 0; i < number_entries; i++) {
11129 req_out->list_of_streams[i] = htons(list[i]);
11130 }
11131 }
11132 if (SCTP_SIZE32(len) > len) {
11133 /*-
11134 * Need to worry about the pad we may end up adding to the
11135 * end. This is easy since the struct is either aligned to 4
11136 * bytes or 2 bytes off.
11137 */
11138 req_out->list_of_streams[number_entries] = 0;
11139 }
11140 /* now fix the chunk length */
11141 ch->chunk_length = htons(len + old_len);
11142 chk->book_size = len + old_len;
11143 chk->book_size_scale = 0;
11144 chk->send_size = SCTP_SIZE32(chk->book_size);
11145 SCTP_BUF_LEN(chk->data) = chk->send_size;
11146 return;
11147}
11148
11149
11150void
11151sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk,
11152 int number_entries, uint16_t * list,
11153 uint32_t seq)
11154{
11155 int len, old_len, i;
11156 struct sctp_stream_reset_in_request *req_in;
11157 struct sctp_chunkhdr *ch;
11158
11159 ch = mtod(chk->data, struct sctp_chunkhdr *);
11160
11161
11162 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11163
11164 /* get to new offset for the param. */
11165 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len);
11166 /* now how long will this param be? */
11167 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries));
11168 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST);
11169 req_in->ph.param_length = htons(len);
11170 req_in->request_seq = htonl(seq);
11171 if (number_entries) {
11172 for (i = 0; i < number_entries; i++) {
11173 req_in->list_of_streams[i] = htons(list[i]);
11174 }
11175 }
11176 if (SCTP_SIZE32(len) > len) {
11177 /*-
11178 * Need to worry about the pad we may end up adding to the
11179 * end. This is easy since the struct is either aligned to 4
11180 * bytes or 2 bytes off.
11181 */
11182 req_in->list_of_streams[number_entries] = 0;
11183 }
11184 /* now fix the chunk length */
11185 ch->chunk_length = htons(len + old_len);
11186 chk->book_size = len + old_len;
11187 chk->book_size_scale = 0;
11188 chk->send_size = SCTP_SIZE32(chk->book_size);
11189 SCTP_BUF_LEN(chk->data) = chk->send_size;
11190 return;
11191}
11192
11193
11194void
11195sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk,
11196 uint32_t seq)
11197{
11198 int len, old_len;
11199 struct sctp_stream_reset_tsn_request *req_tsn;
11200 struct sctp_chunkhdr *ch;
11201
11202 ch = mtod(chk->data, struct sctp_chunkhdr *);
11203
11204
11205 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11206
11207 /* get to new offset for the param. */
11208 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len);
11209 /* now how long will this param be? */
11210 len = sizeof(struct sctp_stream_reset_tsn_request);
11211 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST);
11212 req_tsn->ph.param_length = htons(len);
11213 req_tsn->request_seq = htonl(seq);
11214
11215 /* now fix the chunk length */
11216 ch->chunk_length = htons(len + old_len);
11217 chk->send_size = len + old_len;
11218 chk->book_size = SCTP_SIZE32(chk->send_size);
11219 chk->book_size_scale = 0;
11220 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
11221 return;
11222}
11223
11224void
11225sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk,
11226 uint32_t resp_seq, uint32_t result)
11227{
11228 int len, old_len;
11229 struct sctp_stream_reset_response *resp;
11230 struct sctp_chunkhdr *ch;
11231
11232 ch = mtod(chk->data, struct sctp_chunkhdr *);
11233
11234
11235 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11236
11237 /* get to new offset for the param. */
11238 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len);
11239 /* now how long will this param be? */
11240 len = sizeof(struct sctp_stream_reset_response);
11241 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE);
11242 resp->ph.param_length = htons(len);
11243 resp->response_seq = htonl(resp_seq);
11244 resp->result = ntohl(result);
11245
11246 /* now fix the chunk length */
11247 ch->chunk_length = htons(len + old_len);
11248 chk->book_size = len + old_len;
11249 chk->book_size_scale = 0;
11250 chk->send_size = SCTP_SIZE32(chk->book_size);
11251 SCTP_BUF_LEN(chk->data) = chk->send_size;
11252 return;
11253
11254}
11255
11256
11257void
11258sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk,
11259 uint32_t resp_seq, uint32_t result,
11260 uint32_t send_una, uint32_t recv_next)
11261{
11262 int len, old_len;
11263 struct sctp_stream_reset_response_tsn *resp;
11264 struct sctp_chunkhdr *ch;
11265
11266 ch = mtod(chk->data, struct sctp_chunkhdr *);
11267
11268
11269 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11270
11271 /* get to new offset for the param. */
11272 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len);
11273 /* now how long will this param be? */
11274 len = sizeof(struct sctp_stream_reset_response_tsn);
11275 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE);
11276 resp->ph.param_length = htons(len);
11277 resp->response_seq = htonl(resp_seq);
11278 resp->result = htonl(result);
11279 resp->senders_next_tsn = htonl(send_una);
11280 resp->receivers_next_tsn = htonl(recv_next);
11281
11282 /* now fix the chunk length */
11283 ch->chunk_length = htons(len + old_len);
11284 chk->book_size = len + old_len;
11285 chk->send_size = SCTP_SIZE32(chk->book_size);
11286 chk->book_size_scale = 0;
11287 SCTP_BUF_LEN(chk->data) = chk->send_size;
11288 return;
11289}
11290
11291static void
11292sctp_add_a_stream(struct sctp_tmit_chunk *chk,
11293 uint32_t seq,
11294 uint16_t adding)
11295{
11296 int len, old_len;
11297 struct sctp_chunkhdr *ch;
11298 struct sctp_stream_reset_add_strm *addstr;
11299
11300 ch = mtod(chk->data, struct sctp_chunkhdr *);
11301 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11302
11303 /* get to new offset for the param. */
11304 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len);
11305 /* now how long will this param be? */
11306 len = sizeof(struct sctp_stream_reset_add_strm);
11307
11308 /* Fill it out. */
11309 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_STREAMS);
11310 addstr->ph.param_length = htons(len);
11311 addstr->request_seq = htonl(seq);
11312 addstr->number_of_streams = htons(adding);
11313 addstr->reserved = 0;
11314
11315 /* now fix the chunk length */
11316 ch->chunk_length = htons(len + old_len);
11317 chk->send_size = len + old_len;
11318 chk->book_size = SCTP_SIZE32(chk->send_size);
11319 chk->book_size_scale = 0;
11320 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
11321 return;
11322}
11323
11324int
11325sctp_send_str_reset_req(struct sctp_tcb *stcb,
11326 int number_entries, uint16_t * list,
11327 uint8_t send_out_req,
11328 uint32_t resp_seq,
11329 uint8_t send_in_req,
11330 uint8_t send_tsn_req,
11331 uint8_t add_stream,
11332 uint16_t adding
11333)
11334{
11335
11336 struct sctp_association *asoc;
11337 struct sctp_tmit_chunk *chk;
11338 struct sctp_chunkhdr *ch;
11339 uint32_t seq;
11340
11341 asoc = &stcb->asoc;
11342 if (asoc->stream_reset_outstanding) {
11343 /*-
11344 * Already one pending, must get ACK back to clear the flag.
11345 */
11346 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY);
11347 return (EBUSY);
11348 }
11349 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0) &&
11350 (add_stream == 0)) {
11351 /* nothing to do */
11352 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
11353 return (EINVAL);
11354 }
11355 if (send_tsn_req && (send_out_req || send_in_req)) {
11356 /* error, can't do that */
11357 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
11358 return (EINVAL);
11359 }
11360 sctp_alloc_a_chunk(stcb, chk);
11361 if (chk == NULL) {
11362 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11363 return (ENOMEM);
11364 }
11365 chk->copy_by_ref = 0;
11366 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
11367 chk->rec.chunk_id.can_take_data = 0;
11368 chk->asoc = &stcb->asoc;
11369 chk->book_size = sizeof(struct sctp_chunkhdr);
11370 chk->send_size = SCTP_SIZE32(chk->book_size);
11371 chk->book_size_scale = 0;
11372
11373 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
11374 if (chk->data == NULL) {
11375 sctp_free_a_chunk(stcb, chk);
11376 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11377 return (ENOMEM);
11378 }
11379 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
11380
11381 /* setup chunk parameters */
11382 chk->sent = SCTP_DATAGRAM_UNSENT;
11383 chk->snd_count = 0;
11384 chk->whoTo = asoc->primary_destination;
11385 atomic_add_int(&chk->whoTo->ref_count, 1);
11386
11387 ch = mtod(chk->data, struct sctp_chunkhdr *);
11388 ch->chunk_type = SCTP_STREAM_RESET;
11389 ch->chunk_flags = 0;
11390 ch->chunk_length = htons(chk->book_size);
11391 SCTP_BUF_LEN(chk->data) = chk->send_size;
11392
11393 seq = stcb->asoc.str_reset_seq_out;
11394 if (send_out_req) {
11395 sctp_add_stream_reset_out(chk, number_entries, list,
11396 seq, resp_seq, (stcb->asoc.sending_seq - 1));
11397 asoc->stream_reset_out_is_outstanding = 1;
11398 seq++;
11399 asoc->stream_reset_outstanding++;
11400 }
11401 if (add_stream) {
11402 sctp_add_a_stream(chk, seq, adding);
11403 seq++;
11404 asoc->stream_reset_outstanding++;
11405 }
11406 if (send_in_req) {
11407 sctp_add_stream_reset_in(chk, number_entries, list, seq);
11408 asoc->stream_reset_outstanding++;
11409 }
11410 if (send_tsn_req) {
11411 sctp_add_stream_reset_tsn(chk, seq);
11412 asoc->stream_reset_outstanding++;
11413 }
11414 asoc->str_reset = chk;
11415
11416 /* insert the chunk for sending */
11417 TAILQ_INSERT_TAIL(&asoc->control_send_queue,
11418 chk,
11419 sctp_next);
11420 asoc->ctrl_queue_cnt++;
11421 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
11422 return (0);
11423}
11424
11425void
11426sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag,
11427 struct mbuf *err_cause, uint32_t vrf_id, uint16_t port)
11428{
11429 /*-
11430 * Formulate the abort message, and send it back down.
11431 */
11432 struct mbuf *o_pak;
11433 struct mbuf *mout;
11434 struct sctp_abort_msg *abm;
11435 struct ip *iph, *iph_out;
11436 struct udphdr *udp;
11437
11438#ifdef INET6
11439 struct ip6_hdr *ip6, *ip6_out;
11440
11441#endif
11442 int iphlen_out, len;
11443
11444 /* don't respond to ABORT with ABORT */
11445 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) {
11446 if (err_cause)
11447 sctp_m_freem(err_cause);
11448 return;
11449 }
11450 iph = mtod(m, struct ip *);
11451 switch (iph->ip_v) {
11452 case IPVERSION:
11453 len = (sizeof(struct ip) + sizeof(struct sctp_abort_msg));
11454 break;
11455#ifdef INET6
11456 case IPV6_VERSION >> 4:
11457 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_abort_msg));
11458 break;
11459#endif
11460 default:
11461 if (err_cause) {
11462 sctp_m_freem(err_cause);
11463 }
11464 return;
11465 }
11466 if (port) {
11467 len += sizeof(struct udphdr);
11468 }
11469 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA);
11470 if (mout == NULL) {
11471 if (err_cause) {
11472 sctp_m_freem(err_cause);
11473 }
11474 return;
11475 }
11476 SCTP_BUF_RESV_UF(mout, max_linkhdr);
11477 SCTP_BUF_LEN(mout) = len;
11478 SCTP_BUF_NEXT(mout) = err_cause;
11479 iph_out = NULL;
11480#ifdef INET6
11481 ip6_out = NULL;
11482#endif
11483 switch (iph->ip_v) {
11484 case IPVERSION:
11485 iph_out = mtod(mout, struct ip *);
11486
11487 /* Fill in the IP header for the ABORT */
11488 iph_out->ip_v = IPVERSION;
11489 iph_out->ip_hl = (sizeof(struct ip) / 4);
11490 iph_out->ip_tos = (u_char)0;
11491 iph_out->ip_id = 0;
11492 iph_out->ip_off = 0;
11493 iph_out->ip_ttl = MAXTTL;
11494 if (port) {
11495 iph_out->ip_p = IPPROTO_UDP;
11496 } else {
11497 iph_out->ip_p = IPPROTO_SCTP;
11498 }
11499 iph_out->ip_src.s_addr = iph->ip_dst.s_addr;
11500 iph_out->ip_dst.s_addr = iph->ip_src.s_addr;
11501 /* let IP layer calculate this */
11502 iph_out->ip_sum = 0;
11503
11504 iphlen_out = sizeof(*iph_out);
11505 abm = (struct sctp_abort_msg *)((caddr_t)iph_out + iphlen_out);
11506 break;
11507#ifdef INET6
11508 case IPV6_VERSION >> 4:
11509 ip6 = (struct ip6_hdr *)iph;
11510 ip6_out = mtod(mout, struct ip6_hdr *);
11511
11512 /* Fill in the IP6 header for the ABORT */
11513 ip6_out->ip6_flow = ip6->ip6_flow;
11514 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
11515 if (port) {
11516 ip6_out->ip6_nxt = IPPROTO_UDP;
11517 } else {
11518 ip6_out->ip6_nxt = IPPROTO_SCTP;
11519 }
11520 ip6_out->ip6_src = ip6->ip6_dst;
11521 ip6_out->ip6_dst = ip6->ip6_src;
11522
11523 iphlen_out = sizeof(*ip6_out);
11524 abm = (struct sctp_abort_msg *)((caddr_t)ip6_out + iphlen_out);
11525 break;
11526#endif /* INET6 */
11527 default:
11528 /* Currently not supported */
11529 sctp_m_freem(mout);
11530 return;
11531 }
11532
11533 udp = (struct udphdr *)abm;
11534 if (port) {
11535 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
11536 udp->uh_dport = port;
11537 /* set udp->uh_ulen later */
11538 udp->uh_sum = 0;
11539 iphlen_out += sizeof(struct udphdr);
11540 abm = (struct sctp_abort_msg *)((caddr_t)abm + sizeof(struct udphdr));
11541 }
11542 abm->sh.src_port = sh->dest_port;
11543 abm->sh.dest_port = sh->src_port;
11544 abm->sh.checksum = 0;
11545 if (vtag == 0) {
11546 abm->sh.v_tag = sh->v_tag;
11547 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB;
11548 } else {
11549 abm->sh.v_tag = htonl(vtag);
11550 abm->msg.ch.chunk_flags = 0;
11551 }
11552 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION;
11553
11554 if (err_cause) {
11555 struct mbuf *m_tmp = err_cause;
11556 int err_len = 0;
11557
11558 /* get length of the err_cause chain */
11559 while (m_tmp != NULL) {
11560 err_len += SCTP_BUF_LEN(m_tmp);
11561 m_tmp = SCTP_BUF_NEXT(m_tmp);
11562 }
11563 len = SCTP_BUF_LEN(mout) + err_len;
11564 if (err_len % 4) {
11565 /* need pad at end of chunk */
11566 uint32_t cpthis = 0;
11567 int padlen;
11568
11569 padlen = 4 - (len % 4);
11570 m_copyback(mout, len, padlen, (caddr_t)&cpthis);
11571 len += padlen;
11572 }
11573 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len);
11574 } else {
11575 len = SCTP_BUF_LEN(mout);
11576 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch));
11577 }
11578
11579 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
11580 /* no mbuf's */
11581 sctp_m_freem(mout);
11582 return;
11583 }
11584 if (iph_out != NULL) {
11585 sctp_route_t ro;
11586 struct sctp_tcb *stcb = NULL;
11587 int ret;
11588
11589 /* zap the stack pointer to the route */
11590 bzero(&ro, sizeof ro);
11591 if (port) {
11592 udp->uh_ulen = htons(len - sizeof(struct ip));
11593 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
11594 }
11595 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip_output:\n");
11596 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, iph_out, &abm->sh);
11597 /* set IPv4 length */
11598 iph_out->ip_len = len;
11599 /* out it goes */
11600#ifdef SCTP_PACKET_LOGGING
11601 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11602 sctp_packet_log(mout, len);
11603#endif
11604 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11605 if (port) {
11606 abm->sh.checksum = sctp_calculate_cksum(mout, iphlen_out);
11607 SCTP_STAT_INCR(sctps_sendswcrc);
11608 SCTP_ENABLE_UDP_CSUM(o_pak);
11609 } else {
11610 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11611 mout->m_pkthdr.csum_data = 0;
11612 SCTP_STAT_INCR(sctps_sendhwcrc);
11613 }
11614 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id);
11615
11616 /* Free the route if we got one back */
11617 if (ro.ro_rt)
11618 RTFREE(ro.ro_rt);
11619 }
11620#ifdef INET6
11621 if (ip6_out != NULL) {
11622 struct route_in6 ro;
11623 int ret;
11624 struct sctp_tcb *stcb = NULL;
11625 struct ifnet *ifp = NULL;
11626
11627 /* zap the stack pointer to the route */
11628 bzero(&ro, sizeof(ro));
11629 if (port) {
11630 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr));
11631 }
11632 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip6_output:\n");
11633 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, (struct ip *)ip6_out, &abm->sh);
11634 ip6_out->ip6_plen = len - sizeof(*ip6_out);
11635#ifdef SCTP_PACKET_LOGGING
11636 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11637 sctp_packet_log(mout, len);
11638#endif
11639 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11640 if (port) {
11641 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11642 (stcb) &&
11643 (stcb->asoc.loopback_scope))) {
11644 abm->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
11645 SCTP_STAT_INCR(sctps_sendswcrc);
11646 } else {
11647 SCTP_STAT_INCR(sctps_sendnocrc);
11648 }
11649 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) {
11650 udp->uh_sum = 0xffff;
11651 }
11652 } else {
11653 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11654 (stcb) &&
11655 (stcb->asoc.loopback_scope))) {
11656 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11657 mout->m_pkthdr.csum_data = 0;
11658 SCTP_STAT_INCR(sctps_sendhwcrc);
11659 } else {
11660 SCTP_STAT_INCR(sctps_sendnocrc);
11661 }
11662 }
11663 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id);
11664
11665 /* Free the route if we got one back */
11666 if (ro.ro_rt)
11667 RTFREE(ro.ro_rt);
11668 }
11669#endif
11670 SCTP_STAT_INCR(sctps_sendpackets);
11671 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
11672 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
11673}
11674
11675void
11676sctp_send_operr_to(struct mbuf *m, int iphlen, struct mbuf *scm, uint32_t vtag,
11677 uint32_t vrf_id, uint16_t port)
11678{
11679 struct mbuf *o_pak;
11680 struct sctphdr *sh, *sh_out;
11681 struct sctp_chunkhdr *ch;
11682 struct ip *iph, *iph_out;
11683 struct udphdr *udp = NULL;
11684 struct mbuf *mout;
11685
11686#ifdef INET6
11687 struct ip6_hdr *ip6, *ip6_out;
11688
11689#endif
11690 int iphlen_out, len;
11691
11692 iph = mtod(m, struct ip *);
11693 sh = (struct sctphdr *)((caddr_t)iph + iphlen);
11694 switch (iph->ip_v) {
11695 case IPVERSION:
11696 len = (sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr));
11697 break;
11698#ifdef INET6
11699 case IPV6_VERSION >> 4:
11700 len = (sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr));
11701 break;
11702#endif
11703 default:
11704 if (scm) {
11705 sctp_m_freem(scm);
11706 }
11707 return;
11708 }
11709 if (port) {
11710 len += sizeof(struct udphdr);
11711 }
11712 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA);
11713 if (mout == NULL) {
11714 if (scm) {
11715 sctp_m_freem(scm);
11716 }
11717 return;
11718 }
11719 SCTP_BUF_RESV_UF(mout, max_linkhdr);
11720 SCTP_BUF_LEN(mout) = len;
11721 SCTP_BUF_NEXT(mout) = scm;
11722 iph_out = NULL;
11723#ifdef INET6
11724 ip6_out = NULL;
11725#endif
11726 switch (iph->ip_v) {
11727 case IPVERSION:
11728 iph_out = mtod(mout, struct ip *);
11729
11730 /* Fill in the IP header for the ABORT */
11731 iph_out->ip_v = IPVERSION;
11732 iph_out->ip_hl = (sizeof(struct ip) / 4);
11733 iph_out->ip_tos = (u_char)0;
11734 iph_out->ip_id = 0;
11735 iph_out->ip_off = 0;
11736 iph_out->ip_ttl = MAXTTL;
11737 if (port) {
11738 iph_out->ip_p = IPPROTO_UDP;
11739 } else {
11740 iph_out->ip_p = IPPROTO_SCTP;
11741 }
11742 iph_out->ip_src.s_addr = iph->ip_dst.s_addr;
11743 iph_out->ip_dst.s_addr = iph->ip_src.s_addr;
11744 /* let IP layer calculate this */
11745 iph_out->ip_sum = 0;
11746
11747 iphlen_out = sizeof(struct ip);
11748 sh_out = (struct sctphdr *)((caddr_t)iph_out + iphlen_out);
11749 break;
11750#ifdef INET6
11751 case IPV6_VERSION >> 4:
11752 ip6 = (struct ip6_hdr *)iph;
11753 ip6_out = mtod(mout, struct ip6_hdr *);
11754
11755 /* Fill in the IP6 header for the ABORT */
11756 ip6_out->ip6_flow = ip6->ip6_flow;
11757 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
11758 if (port) {
11759 ip6_out->ip6_nxt = IPPROTO_UDP;
11760 } else {
11761 ip6_out->ip6_nxt = IPPROTO_SCTP;
11762 }
11763 ip6_out->ip6_src = ip6->ip6_dst;
11764 ip6_out->ip6_dst = ip6->ip6_src;
11765
11766 iphlen_out = sizeof(struct ip6_hdr);
11767 sh_out = (struct sctphdr *)((caddr_t)ip6_out + iphlen_out);
11768 break;
11769#endif /* INET6 */
11770 default:
11771 /* Currently not supported */
11772 sctp_m_freem(mout);
11773 return;
11774 }
11775
11776 udp = (struct udphdr *)sh_out;
11777 if (port) {
11778 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
11779 udp->uh_dport = port;
11780 /* set udp->uh_ulen later */
11781 udp->uh_sum = 0;
11782 iphlen_out += sizeof(struct udphdr);
11783 sh_out = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
11784 }
11785 sh_out->src_port = sh->dest_port;
11786 sh_out->dest_port = sh->src_port;
11787 sh_out->v_tag = vtag;
11788 sh_out->checksum = 0;
11789
11790 ch = (struct sctp_chunkhdr *)((caddr_t)sh_out + sizeof(struct sctphdr));
11791 ch->chunk_type = SCTP_OPERATION_ERROR;
11792 ch->chunk_flags = 0;
11793
11794 if (scm) {
11795 struct mbuf *m_tmp = scm;
11796 int cause_len = 0;
11797
11798 /* get length of the err_cause chain */
11799 while (m_tmp != NULL) {
11800 cause_len += SCTP_BUF_LEN(m_tmp);
11801 m_tmp = SCTP_BUF_NEXT(m_tmp);
11802 }
11803 len = SCTP_BUF_LEN(mout) + cause_len;
11804 if (cause_len % 4) {
11805 /* need pad at end of chunk */
11806 uint32_t cpthis = 0;
11807 int padlen;
11808
11809 padlen = 4 - (len % 4);
11810 m_copyback(mout, len, padlen, (caddr_t)&cpthis);
11811 len += padlen;
11812 }
11813 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len);
11814 } else {
11815 len = SCTP_BUF_LEN(mout);
11816 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr));
11817 }
11818
11819 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
11820 /* no mbuf's */
11821 sctp_m_freem(mout);
11822 return;
11823 }
11824 if (iph_out != NULL) {
11825 sctp_route_t ro;
11826 struct sctp_tcb *stcb = NULL;
11827 int ret;
11828
11829 /* zap the stack pointer to the route */
11830 bzero(&ro, sizeof ro);
11831 if (port) {
11832 udp->uh_ulen = htons(len - sizeof(struct ip));
11833 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
11834 }
11835 /* set IPv4 length */
11836 iph_out->ip_len = len;
11837 /* out it goes */
11838#ifdef SCTP_PACKET_LOGGING
11839 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11840 sctp_packet_log(mout, len);
11841#endif
11842 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11843 if (port) {
11844 sh_out->checksum = sctp_calculate_cksum(mout, iphlen_out);
11845 SCTP_STAT_INCR(sctps_sendswcrc);
11846 SCTP_ENABLE_UDP_CSUM(o_pak);
11847 } else {
11848 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11849 mout->m_pkthdr.csum_data = 0;
11850 SCTP_STAT_INCR(sctps_sendhwcrc);
11851 }
11852 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id);
11853
11854 /* Free the route if we got one back */
11855 if (ro.ro_rt)
11856 RTFREE(ro.ro_rt);
11857 }
11858#ifdef INET6
11859 if (ip6_out != NULL) {
11860 struct route_in6 ro;
11861 int ret;
11862 struct sctp_tcb *stcb = NULL;
11863 struct ifnet *ifp = NULL;
11864
11865 /* zap the stack pointer to the route */
11866 bzero(&ro, sizeof(ro));
11867 if (port) {
11868 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr));
11869 }
11870 ip6_out->ip6_plen = len - sizeof(*ip6_out);
11871#ifdef SCTP_PACKET_LOGGING
11872 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11873 sctp_packet_log(mout, len);
11874#endif
11875 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11876 if (port) {
11877 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11878 (stcb) &&
11879 (stcb->asoc.loopback_scope))) {
11880 sh_out->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
11881 SCTP_STAT_INCR(sctps_sendswcrc);
11882 } else {
11883 SCTP_STAT_INCR(sctps_sendnocrc);
11884 }
11885 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) {
11886 udp->uh_sum = 0xffff;
11887 }
11888 } else {
11889 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11890 (stcb) &&
11891 (stcb->asoc.loopback_scope))) {
11892 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11893 mout->m_pkthdr.csum_data = 0;
11894 SCTP_STAT_INCR(sctps_sendhwcrc);
11895 } else {
11896 SCTP_STAT_INCR(sctps_sendnocrc);
11897 }
11898 }
11899 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id);
11900
11901 /* Free the route if we got one back */
11902 if (ro.ro_rt)
11903 RTFREE(ro.ro_rt);
11904 }
11905#endif
11906 SCTP_STAT_INCR(sctps_sendpackets);
11907 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
11908 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
11909}
11910
11911static struct mbuf *
11912sctp_copy_resume(struct sctp_stream_queue_pending *sp,
11913 struct uio *uio,
11914 struct sctp_sndrcvinfo *srcv,
11915 int max_send_len,
11916 int user_marks_eor,
11917 int *error,
11918 uint32_t * sndout,
11919 struct mbuf **new_tail)
11920{
11921 struct mbuf *m;
11922
11923 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0,
11924 (M_PKTHDR | (user_marks_eor ? M_EOR : 0)));
11925 if (m == NULL) {
11926 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11927 *error = ENOMEM;
11928 } else {
11929 *sndout = m_length(m, NULL);
11930 *new_tail = m_last(m);
11931 }
11932 return (m);
11933}
11934
11935static int
11936sctp_copy_one(struct sctp_stream_queue_pending *sp,
11937 struct uio *uio,
11938 int resv_upfront)
11939{
11940 int left;
11941
11942 left = sp->length;
11943 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length,
11944 resv_upfront, 0);
11945 if (sp->data == NULL) {
11946 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11947 return (ENOMEM);
11948 }
11949 sp->tail_mbuf = m_last(sp->data);
11950 return (0);
11951}
11952
11953
11954
11955static struct sctp_stream_queue_pending *
11956sctp_copy_it_in(struct sctp_tcb *stcb,
11957 struct sctp_association *asoc,
11958 struct sctp_sndrcvinfo *srcv,
11959 struct uio *uio,
11960 struct sctp_nets *net,
11961 int max_send_len,
11962 int user_marks_eor,
11963 int *error,
11964 int non_blocking)
11965{
11966 /*-
11967 * This routine must be very careful in its work. Protocol
11968 * processing is up and running so care must be taken to spl...()
11969 * when you need to do something that may effect the stcb/asoc. The
11970 * sb is locked however. When data is copied the protocol processing
11971 * should be enabled since this is a slower operation...
11972 */
11973 struct sctp_stream_queue_pending *sp = NULL;
11974 int resv_in_first;
11975
11976 *error = 0;
11977 /* Now can we send this? */
11978 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) ||
11979 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
11980 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
11981 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
11982 /* got data while shutting down */
11983 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
11984 *error = ECONNRESET;
11985 goto out_now;
11986 }
11987 sctp_alloc_a_strmoq(stcb, sp);
11988 if (sp == NULL) {
11989 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11990 *error = ENOMEM;
11991 goto out_now;
11992 }
11993 sp->act_flags = 0;
11994 sp->sender_all_done = 0;
11995 sp->sinfo_flags = srcv->sinfo_flags;
11996 sp->timetolive = srcv->sinfo_timetolive;
11997 sp->ppid = srcv->sinfo_ppid;
11998 sp->context = srcv->sinfo_context;
11999 sp->strseq = 0;
12000 (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
12001
12002 sp->stream = srcv->sinfo_stream;
12003 sp->length = min(uio->uio_resid, max_send_len);
12004 if ((sp->length == (uint32_t) uio->uio_resid) &&
12005 ((user_marks_eor == 0) ||
12006 (srcv->sinfo_flags & SCTP_EOF) ||
12007 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
12008 sp->msg_is_complete = 1;
12009 } else {
12010 sp->msg_is_complete = 0;
12011 }
12012 sp->sender_all_done = 0;
12013 sp->some_taken = 0;
12014 sp->put_last_out = 0;
12015 resv_in_first = sizeof(struct sctp_data_chunk);
12016 sp->data = sp->tail_mbuf = NULL;
12017 if (sp->length == 0) {
12018 *error = 0;
12019 goto skip_copy;
12020 }
12021 sp->auth_keyid = stcb->asoc.authinfo.active_keyid;
12022 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) {
12023 sctp_auth_key_acquire(stcb, stcb->asoc.authinfo.active_keyid);
12024 sp->holds_key_ref = 1;
12025 }
12026 *error = sctp_copy_one(sp, uio, resv_in_first);
12027skip_copy:
12028 if (*error) {
12029 sctp_free_a_strmoq(stcb, sp);
12030 sp = NULL;
12031 } else {
12032 if (sp->sinfo_flags & SCTP_ADDR_OVER) {
12033 sp->net = net;
12034 } else {
12035 sp->net = asoc->primary_destination;
12036 }
12037 atomic_add_int(&sp->net->ref_count, 1);
12038 sctp_set_prsctp_policy(sp);
12039 }
12040out_now:
12041 return (sp);
12042}
12043
12044
12045int
12046sctp_sosend(struct socket *so,
12047 struct sockaddr *addr,
12048 struct uio *uio,
12049 struct mbuf *top,
12050 struct mbuf *control,
12051 int flags,
12052 struct thread *p
12053)
12054{
12055 struct sctp_inpcb *inp;
12056 int error, use_rcvinfo = 0;
12057 struct sctp_sndrcvinfo srcv;
12058 struct sockaddr *addr_to_use;
12059
12060#ifdef INET6
12061 struct sockaddr_in sin;
12062
12063#endif
12064
12065 inp = (struct sctp_inpcb *)so->so_pcb;
12066 if (control) {
12067 /* process cmsg snd/rcv info (maybe a assoc-id) */
12068 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control,
12069 sizeof(srcv))) {
12070 /* got one */
12071 use_rcvinfo = 1;
12072 }
12073 }
12074 addr_to_use = addr;
12075#if defined(INET6) && !defined(__Userspace__) /* TODO port in6_sin6_2_sin */
12076 if ((addr) && (addr->sa_family == AF_INET6)) {
12077 struct sockaddr_in6 *sin6;
12078
12079 sin6 = (struct sockaddr_in6 *)addr;
12080 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
12081 in6_sin6_2_sin(&sin, sin6);
12082 addr_to_use = (struct sockaddr *)&sin;
12083 }
12084 }
12085#endif
12086 error = sctp_lower_sosend(so, addr_to_use, uio, top,
12087 control,
12088 flags,
12089 use_rcvinfo, &srcv
12090 ,p
12091 );
12092 return (error);
12093}
12094
12095
12096int
12097sctp_lower_sosend(struct socket *so,
12098 struct sockaddr *addr,
12099 struct uio *uio,
12100 struct mbuf *i_pak,
12101 struct mbuf *control,
12102 int flags,
12103 int use_rcvinfo,
12104 struct sctp_sndrcvinfo *srcv
12105 ,
12106 struct thread *p
12107)
12108{
12109 unsigned int sndlen = 0, max_len;
12110 int error, len;
12111 struct mbuf *top = NULL;
12112 int queue_only = 0, queue_only_for_init = 0;
12113 int free_cnt_applied = 0;
12114 int un_sent = 0;
12115 int now_filled = 0;
12116 unsigned int inqueue_bytes = 0;
12117 struct sctp_block_entry be;
12118 struct sctp_inpcb *inp;
12119 struct sctp_tcb *stcb = NULL;
12120 struct timeval now;
12121 struct sctp_nets *net;
12122 struct sctp_association *asoc;
12123 struct sctp_inpcb *t_inp;
12124 int user_marks_eor;
12125 int create_lock_applied = 0;
12126 int nagle_applies = 0;
12127 int some_on_control = 0;
12128 int got_all_of_the_send = 0;
12129 int hold_tcblock = 0;
12130 int non_blocking = 0;
12131 int temp_flags = 0;
12132 uint32_t local_add_more, local_soresv = 0;
12133
12134 error = 0;
12135 net = NULL;
12136 stcb = NULL;
12137 asoc = NULL;
12138
12139 t_inp = inp = (struct sctp_inpcb *)so->so_pcb;
12140 if (inp == NULL) {
12141 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12142 error = EINVAL;
12143 if (i_pak) {
12144 SCTP_RELEASE_PKT(i_pak);
12145 }
12146 return (error);
12147 }
12148 if ((uio == NULL) && (i_pak == NULL)) {
12149 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12150 return (EINVAL);
12151 }
12152 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR);
12153 atomic_add_int(&inp->total_sends, 1);
12154 if (uio) {
12155 if (uio->uio_resid < 0) {
12156 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12157 return (EINVAL);
12158 }
12159 sndlen = uio->uio_resid;
12160 } else {
12161 top = SCTP_HEADER_TO_CHAIN(i_pak);
12162 sndlen = SCTP_HEADER_LEN(i_pak);
12163 }
12164 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n",
12165 addr,
12166 sndlen);
12167 /*-
12168 * Pre-screen address, if one is given the sin-len
12169 * must be set correctly!
12170 */
12171 if (addr) {
12172 if ((addr->sa_family == AF_INET) &&
12173 (addr->sa_len != sizeof(struct sockaddr_in))) {
12174 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12175 error = EINVAL;
12176 goto out_unlocked;
12177 } else if ((addr->sa_family == AF_INET6) &&
12178 (addr->sa_len != sizeof(struct sockaddr_in6))) {
12179 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12180 error = EINVAL;
12181 goto out_unlocked;
12182 }
12183 }
12184 hold_tcblock = 0;
12185
12186 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
12187 (inp->sctp_socket->so_qlimit)) {
12188 /* The listener can NOT send */
12189 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12190 error = ENOTCONN;
12191 goto out_unlocked;
12192 }
12193 if ((use_rcvinfo) && srcv) {
12194 if (INVALID_SINFO_FLAG(srcv->sinfo_flags) ||
12195 PR_SCTP_INVALID_POLICY(srcv->sinfo_flags)) {
12196 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12197 error = EINVAL;
12198 goto out_unlocked;
12199 }
12200 if (srcv->sinfo_flags)
12201 SCTP_STAT_INCR(sctps_sends_with_flags);
12202
12203 if (srcv->sinfo_flags & SCTP_SENDALL) {
12204 /* its a sendall */
12205 error = sctp_sendall(inp, uio, top, srcv);
12206 top = NULL;
12207 goto out_unlocked;
12208 }
12209 }
12210 /* now we must find the assoc */
12211 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) ||
12212 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
12213 SCTP_INP_RLOCK(inp);
12214 stcb = LIST_FIRST(&inp->sctp_asoc_list);
12215 if (stcb == NULL) {
12216 SCTP_INP_RUNLOCK(inp);
12217 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12218 error = ENOTCONN;
12219 goto out_unlocked;
12220 }
12221 SCTP_TCB_LOCK(stcb);
12222 hold_tcblock = 1;
12223 SCTP_INP_RUNLOCK(inp);
12224 if (addr) {
12225 /* Must locate the net structure if addr given */
12226 net = sctp_findnet(stcb, addr);
12227 if (net) {
12228 /* validate port was 0 or correct */
12229 struct sockaddr_in *sin;
12230
12231 sin = (struct sockaddr_in *)addr;
12232 if ((sin->sin_port != 0) &&
12233 (sin->sin_port != stcb->rport)) {
12234 net = NULL;
12235 }
12236 }
12237 temp_flags |= SCTP_ADDR_OVER;
12238 } else
12239 net = stcb->asoc.primary_destination;
12240 if (addr && (net == NULL)) {
12241 /* Could not find address, was it legal */
12242 if (addr->sa_family == AF_INET) {
12243 struct sockaddr_in *sin;
12244
12245 sin = (struct sockaddr_in *)addr;
12246 if (sin->sin_addr.s_addr == 0) {
12247 if ((sin->sin_port == 0) ||
12248 (sin->sin_port == stcb->rport)) {
12249 net = stcb->asoc.primary_destination;
12250 }
12251 }
12252 } else {
12253 struct sockaddr_in6 *sin6;
12254
12255 sin6 = (struct sockaddr_in6 *)addr;
12256 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
12257 if ((sin6->sin6_port == 0) ||
12258 (sin6->sin6_port == stcb->rport)) {
12259 net = stcb->asoc.primary_destination;
12260 }
12261 }
12262 }
12263 }
12264 if (net == NULL) {
12265 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12266 error = EINVAL;
12267 goto out_unlocked;
12268 }
12269 } else if (use_rcvinfo && srcv && srcv->sinfo_assoc_id) {
12270 stcb = sctp_findassociation_ep_asocid(inp, srcv->sinfo_assoc_id, 0);
12271 if (stcb) {
12272 if (addr)
12273 /*
12274 * Must locate the net structure if addr
12275 * given
12276 */
12277 net = sctp_findnet(stcb, addr);
12278 else
12279 net = stcb->asoc.primary_destination;
12280 if ((srcv->sinfo_flags & SCTP_ADDR_OVER) &&
12281 ((net == NULL) || (addr == NULL))) {
12282 struct sockaddr_in *sin;
12283
12284 if (addr == NULL) {
12285 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12286 error = EINVAL;
12287 goto out_unlocked;
12288 }
12289 sin = (struct sockaddr_in *)addr;
12290 /* Validate port is 0 or correct */
12291 if ((sin->sin_port != 0) &&
12292 (sin->sin_port != stcb->rport)) {
12293 net = NULL;
12294 }
12295 }
12296 }
12297 hold_tcblock = 0;
12298 } else if (addr) {
12299 /*-
12300 * Since we did not use findep we must
12301 * increment it, and if we don't find a tcb
12302 * decrement it.
12303 */
12304 SCTP_INP_WLOCK(inp);
12305 SCTP_INP_INCR_REF(inp);
12306 SCTP_INP_WUNLOCK(inp);
12307 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL);
12308 if (stcb == NULL) {
12309 SCTP_INP_WLOCK(inp);
12310 SCTP_INP_DECR_REF(inp);
12311 SCTP_INP_WUNLOCK(inp);
12312 } else {
12313 hold_tcblock = 1;
12314 }
12315 }
12316 if ((stcb == NULL) && (addr)) {
12317 /* Possible implicit send? */
12318 SCTP_ASOC_CREATE_LOCK(inp);
12319 create_lock_applied = 1;
12320 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
12321 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
12322 /* Should I really unlock ? */
12323 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12324 error = EINVAL;
12325 goto out_unlocked;
12326
12327 }
12328 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) &&
12329 (addr->sa_family == AF_INET6)) {
12330 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12331 error = EINVAL;
12332 goto out_unlocked;
12333 }
12334 SCTP_INP_WLOCK(inp);
12335 SCTP_INP_INCR_REF(inp);
12336 SCTP_INP_WUNLOCK(inp);
12337 /* With the lock applied look again */
12338 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL);
12339 if (stcb == NULL) {
12340 SCTP_INP_WLOCK(inp);
12341 SCTP_INP_DECR_REF(inp);
12342 SCTP_INP_WUNLOCK(inp);
12343 } else {
12344 hold_tcblock = 1;
12345 }
12346 if (t_inp != inp) {
12347 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12348 error = ENOTCONN;
12349 goto out_unlocked;
12350 }
12351 }
12352 if (stcb == NULL) {
12353 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
12354 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
12355 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12356 error = ENOTCONN;
12357 goto out_unlocked;
12358 }
12359 if (addr == NULL) {
12360 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT);
12361 error = ENOENT;
12362 goto out_unlocked;
12363 } else {
12364 /*
12365 * UDP style, we must go ahead and start the INIT
12366 * process
12367 */
12368 uint32_t vrf_id;
12369
12370 if ((use_rcvinfo) && (srcv) &&
12371 ((srcv->sinfo_flags & SCTP_ABORT) ||
12372 ((srcv->sinfo_flags & SCTP_EOF) &&
12373 (sndlen == 0)))) {
12374 /*-
12375 * User asks to abort a non-existant assoc,
12376 * or EOF a non-existant assoc with no data
12377 */
12378 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT);
12379 error = ENOENT;
12380 goto out_unlocked;
12381 }
12382 /* get an asoc/stcb struct */
12383 vrf_id = inp->def_vrf_id;
12384#ifdef INVARIANTS
12385 if (create_lock_applied == 0) {
12386 panic("Error, should hold create lock and I don't?");
12387 }
12388#endif
12389 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id,
12390 p
12391 );
12392 if (stcb == NULL) {
12393 /* Error is setup for us in the call */
12394 goto out_unlocked;
12395 }
12396 if (create_lock_applied) {
12397 SCTP_ASOC_CREATE_UNLOCK(inp);
12398 create_lock_applied = 0;
12399 } else {
12400 SCTP_PRINTF("Huh-3? create lock should have been on??\n");
12401 }
12402 /*
12403 * Turn on queue only flag to prevent data from
12404 * being sent
12405 */
12406 queue_only = 1;
12407 asoc = &stcb->asoc;
12408 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT);
12409 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
12410
12411 /* initialize authentication params for the assoc */
12412 sctp_initialize_auth_params(inp, stcb);
12413
12414 if (control) {
12415 /*
12416 * see if a init structure exists in cmsg
12417 * headers
12418 */
12419 struct sctp_initmsg initm;
12420 int i;
12421
12422 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control,
12423 sizeof(initm))) {
12424 /*
12425 * we have an INIT override of the
12426 * default
12427 */
12428 if (initm.sinit_max_attempts)
12429 asoc->max_init_times = initm.sinit_max_attempts;
12430 if (initm.sinit_num_ostreams)
12431 asoc->pre_open_streams = initm.sinit_num_ostreams;
12432 if (initm.sinit_max_instreams)
12433 asoc->max_inbound_streams = initm.sinit_max_instreams;
12434 if (initm.sinit_max_init_timeo)
12435 asoc->initial_init_rto_max = initm.sinit_max_init_timeo;
12436 if (asoc->streamoutcnt < asoc->pre_open_streams) {
12437 struct sctp_stream_out *tmp_str;
12438 int had_lock = 0;
12439
12440 /* Default is NOT correct */
12441 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, defout:%d pre_open:%d\n",
12442 asoc->streamoutcnt, asoc->pre_open_streams);
12443 /*
12444 * What happens if this
12445 * fails? we panic ...
12446 */
12447
12448 if (hold_tcblock) {
12449 had_lock = 1;
12450 SCTP_TCB_UNLOCK(stcb);
12451 }
12452 SCTP_MALLOC(tmp_str,
12453 struct sctp_stream_out *,
12454 (asoc->pre_open_streams *
12455 sizeof(struct sctp_stream_out)),
12456 SCTP_M_STRMO);
12457 if (had_lock) {
12458 SCTP_TCB_LOCK(stcb);
12459 }
12460 if (tmp_str != NULL) {
12461 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
12462 asoc->strmout = tmp_str;
12463 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams;
12464 } else {
12465 asoc->pre_open_streams = asoc->streamoutcnt;
12466 }
12467 for (i = 0; i < asoc->streamoutcnt; i++) {
12468 /*-
12469 * inbound side must be set
12470 * to 0xffff, also NOTE when
12471 * we get the INIT-ACK back
12472 * (for INIT sender) we MUST
12473 * reduce the count
12474 * (streamoutcnt) but first
12475 * check if we sent to any
12476 * of the upper streams that
12477 * were dropped (if some
12478 * were). Those that were
12479 * dropped must be notified
12480 * to the upper layer as
12481 * failed to send.
12482 */
12483 asoc->strmout[i].next_sequence_sent = 0x0;
12484 TAILQ_INIT(&asoc->strmout[i].outqueue);
12485 asoc->strmout[i].stream_no = i;
12486 asoc->strmout[i].last_msg_incomplete = 0;
12487 asoc->strmout[i].next_spoke.tqe_next = 0;
12488 asoc->strmout[i].next_spoke.tqe_prev = 0;
12489 }
12490 }
12491 }
12492 }
12493 hold_tcblock = 1;
12494 /* out with the INIT */
12495 queue_only_for_init = 1;
12496 /*-
12497 * we may want to dig in after this call and adjust the MTU
12498 * value. It defaulted to 1500 (constant) but the ro
12499 * structure may now have an update and thus we may need to
12500 * change it BEFORE we append the message.
12501 */
12502 net = stcb->asoc.primary_destination;
12503 asoc = &stcb->asoc;
12504 }
12505 }
12506 if ((SCTP_SO_IS_NBIO(so)
12507 || (flags & MSG_NBIO)
12508 )) {
12509 non_blocking = 1;
12510 }
12511 asoc = &stcb->asoc;
12512 atomic_add_int(&stcb->total_sends, 1);
12513
12514 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) {
12515 if (sndlen > asoc->smallest_mtu) {
12516 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
12517 error = EMSGSIZE;
12518 goto out_unlocked;
12519 }
12520 }
12521 /* would we block? */
12522 if (non_blocking) {
12523 if (hold_tcblock == 0) {
12524 SCTP_TCB_LOCK(stcb);
12525 hold_tcblock = 1;
12526 }
12527 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12528 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) ||
12529 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
12530 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK);
12531 if (sndlen > SCTP_SB_LIMIT_SND(so))
12532 error = EMSGSIZE;
12533 else
12534 error = EWOULDBLOCK;
12535 goto out_unlocked;
12536 }
12537 stcb->asoc.sb_send_resv += sndlen;
12538 SCTP_TCB_UNLOCK(stcb);
12539 hold_tcblock = 0;
12540 } else {
12541 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen);
12542 }
12543 local_soresv = sndlen;
12544 /* Keep the stcb from being freed under our feet */
12545 if (free_cnt_applied) {
12546#ifdef INVARIANTS
12547 panic("refcnt already incremented");
12548#else
12549 printf("refcnt:1 already incremented?\n");
12550#endif
12551 } else {
12552 atomic_add_int(&stcb->asoc.refcnt, 1);
12553 free_cnt_applied = 1;
12554 }
12555 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12556 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
12557 error = ECONNRESET;
12558 goto out_unlocked;
12559 }
12560 if (create_lock_applied) {
12561 SCTP_ASOC_CREATE_UNLOCK(inp);
12562 create_lock_applied = 0;
12563 }
12564 if (asoc->stream_reset_outstanding) {
12565 /*
12566 * Can't queue any data while stream reset is underway.
12567 */
12568 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN);
12569 error = EAGAIN;
12570 goto out_unlocked;
12571 }
12572 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
12573 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
12574 queue_only = 1;
12575 }
12576 if ((use_rcvinfo == 0) || (srcv == NULL)) {
12577 /* Grab the default stuff from the asoc */
12578 srcv = (struct sctp_sndrcvinfo *)&stcb->asoc.def_send;
12579 }
12580 /* we are now done with all control */
12581 if (control) {
12582 sctp_m_freem(control);
12583 control = NULL;
12584 }
12585 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) ||
12586 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
12587 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
12588 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
12589 if ((use_rcvinfo) &&
12590 (srcv->sinfo_flags & SCTP_ABORT)) {
12591 ;
12592 } else {
12593 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
12594 error = ECONNRESET;
12595 goto out_unlocked;
12596 }
12597 }
12598 /* Ok, we will attempt a msgsnd :> */
12599 if (p) {
12600 p->td_ru.ru_msgsnd++;
12601 }
12602 if (stcb) {
12603 if (((srcv->sinfo_flags | temp_flags) & SCTP_ADDR_OVER) == 0) {
12604 net = stcb->asoc.primary_destination;
12605 }
12606 }
12607 if (net == NULL) {
12608 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12609 error = EINVAL;
12610 goto out_unlocked;
12611 }
12612 if ((net->flight_size > net->cwnd) && (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) {
12613 /*-
12614 * CMT: Added check for CMT above. net above is the primary
12615 * dest. If CMT is ON, sender should always attempt to send
12616 * with the output routine sctp_fill_outqueue() that loops
12617 * through all destination addresses. Therefore, if CMT is
12618 * ON, queue_only is NOT set to 1 here, so that
12619 * sctp_chunk_output() can be called below.
12620 */
12621 queue_only = 1;
12622 } else if (asoc->ifp_had_enobuf) {
12623 SCTP_STAT_INCR(sctps_ifnomemqueued);
12624 if (net->flight_size > (net->mtu * 2))
12625 queue_only = 1;
12626 asoc->ifp_had_enobuf = 0;
12627 } else {
12628 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
12629 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
12630 }
12631 /* Are we aborting? */
12632 if (srcv->sinfo_flags & SCTP_ABORT) {
12633 struct mbuf *mm;
12634 int tot_demand, tot_out = 0, max_out;
12635
12636 SCTP_STAT_INCR(sctps_sends_with_abort);
12637 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
12638 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
12639 /* It has to be up before we abort */
12640 /* how big is the user initiated abort? */
12641 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12642 error = EINVAL;
12643 goto out;
12644 }
12645 if (hold_tcblock) {
12646 SCTP_TCB_UNLOCK(stcb);
12647 hold_tcblock = 0;
12648 }
12649 if (top) {
12650 struct mbuf *cntm = NULL;
12651
12652 mm = sctp_get_mbuf_for_msg(1, 0, M_WAIT, 1, MT_DATA);
12653 if (sndlen != 0) {
12654 cntm = top;
12655 while (cntm) {
12656 tot_out += SCTP_BUF_LEN(cntm);
12657 cntm = SCTP_BUF_NEXT(cntm);
12658 }
12659 }
12660 tot_demand = (tot_out + sizeof(struct sctp_paramhdr));
12661 } else {
12662 /* Must fit in a MTU */
12663 tot_out = sndlen;
12664 tot_demand = (tot_out + sizeof(struct sctp_paramhdr));
12665 if (tot_demand > SCTP_DEFAULT_ADD_MORE) {
12666 /* To big */
12667 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
12668 error = EMSGSIZE;
12669 goto out;
12670 }
12671 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAIT, 1, MT_DATA);
12672 }
12673 if (mm == NULL) {
12674 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
12675 error = ENOMEM;
12676 goto out;
12677 }
12678 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr);
12679 max_out -= sizeof(struct sctp_abort_msg);
12680 if (tot_out > max_out) {
12681 tot_out = max_out;
12682 }
12683 if (mm) {
12684 struct sctp_paramhdr *ph;
12685
12686 /* now move forward the data pointer */
12687 ph = mtod(mm, struct sctp_paramhdr *);
12688 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
12689 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out));
12690 ph++;
12691 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr);
12692 if (top == NULL) {
12693 error = uiomove((caddr_t)ph, (int)tot_out, uio);
12694 if (error) {
12695 /*-
12696 * Here if we can't get his data we
12697 * still abort we just don't get to
12698 * send the users note :-0
12699 */
12700 sctp_m_freem(mm);
12701 mm = NULL;
12702 }
12703 } else {
12704 if (sndlen != 0) {
12705 SCTP_BUF_NEXT(mm) = top;
12706 }
12707 }
12708 }
12709 if (hold_tcblock == 0) {
12710 SCTP_TCB_LOCK(stcb);
12711 hold_tcblock = 1;
12712 }
12713 atomic_add_int(&stcb->asoc.refcnt, -1);
12714 free_cnt_applied = 0;
12715 /* release this lock, otherwise we hang on ourselves */
12716 sctp_abort_an_association(stcb->sctp_ep, stcb,
12717 SCTP_RESPONSE_TO_USER_REQ,
12718 mm, SCTP_SO_LOCKED);
12719 /* now relock the stcb so everything is sane */
12720 hold_tcblock = 0;
12721 stcb = NULL;
12722 /*
12723 * In this case top is already chained to mm avoid double
12724 * free, since we free it below if top != NULL and driver
12725 * would free it after sending the packet out
12726 */
12727 if (sndlen != 0) {
12728 top = NULL;
12729 }
12730 goto out_unlocked;
12731 }
12732 /* Calculate the maximum we can send */
12733 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12734 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
12735 if (non_blocking) {
12736 /* we already checked for non-blocking above. */
12737 max_len = sndlen;
12738 } else {
12739 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
12740 }
12741 } else {
12742 max_len = 0;
12743 }
12744 if (hold_tcblock) {
12745 SCTP_TCB_UNLOCK(stcb);
12746 hold_tcblock = 0;
12747 }
12748 /* Is the stream no. valid? */
12749 if (srcv->sinfo_stream >= asoc->streamoutcnt) {
12750 /* Invalid stream number */
12751 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12752 error = EINVAL;
12753 goto out_unlocked;
12754 }
12755 if (asoc->strmout == NULL) {
12756 /* huh? software error */
12757 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
12758 error = EFAULT;
12759 goto out_unlocked;
12760 }
12761 /* Unless E_EOR mode is on, we must make a send FIT in one call. */
12762 if ((user_marks_eor == 0) &&
12763 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
12764 /* It will NEVER fit */
12765 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
12766 error = EMSGSIZE;
12767 goto out_unlocked;
12768 }
12769 if ((uio == NULL) && user_marks_eor) {
12770 /*-
12771 * We do not support eeor mode for
12772 * sending with mbuf chains (like sendfile).
12773 */
12774 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12775 error = EINVAL;
12776 goto out_unlocked;
12777 }
12778 if (user_marks_eor) {
12779 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold));
12780 } else {
12781 /*-
12782 * For non-eeor the whole message must fit in
12783 * the socket send buffer.
12784 */
12785 local_add_more = sndlen;
12786 }
12787 len = 0;
12788 if (non_blocking) {
12789 goto skip_preblock;
12790 }
12791 if (((max_len <= local_add_more) &&
12792 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) ||
12793 (max_len == 0) ||
12794 ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
12795 /* No room right now ! */
12796 SOCKBUF_LOCK(&so->so_snd);
12797 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12798 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) ||
12799 ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
12800 SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n",
12801 (unsigned int)SCTP_SB_LIMIT_SND(so),
12802 inqueue_bytes,
12803 local_add_more,
12804 stcb->asoc.stream_queue_cnt,
12805 stcb->asoc.chunks_on_out_queue,
12806 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue));
12807 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
12808 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, so, asoc, sndlen);
12809 }
12810 be.error = 0;
12811 stcb->block_entry = &be;
12812 error = sbwait(&so->so_snd);
12813 stcb->block_entry = NULL;
12814 if (error || so->so_error || be.error) {
12815 if (error == 0) {
12816 if (so->so_error)
12817 error = so->so_error;
12818 if (be.error) {
12819 error = be.error;
12820 }
12821 }
12822 SOCKBUF_UNLOCK(&so->so_snd);
12823 goto out_unlocked;
12824 }
12825 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
12826 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
12827 so, asoc, stcb->asoc.total_output_queue_size);
12828 }
12829 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12830 goto out_unlocked;
12831 }
12832 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12833 }
12834 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12835 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
12836 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
12837 } else {
12838 max_len = 0;
12839 }
12840 SOCKBUF_UNLOCK(&so->so_snd);
12841 }
12842skip_preblock:
12843 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12844 goto out_unlocked;
12845 }
12846 /*
12847 * sndlen covers for mbuf case uio_resid covers for the non-mbuf
12848 * case NOTE: uio will be null when top/mbuf is passed
12849 */
12850 if (sndlen == 0) {
12851 if (srcv->sinfo_flags & SCTP_EOF) {
12852 got_all_of_the_send = 1;
12853 goto dataless_eof;
12854 } else {
12855 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12856 error = EINVAL;
12857 goto out;
12858 }
12859 }
12860 if (top == NULL) {
12861 struct sctp_stream_queue_pending *sp;
12862 struct sctp_stream_out *strm;
12863 uint32_t sndout, initial_out;
12864
12865 initial_out = uio->uio_resid;
12866
12867 SCTP_TCB_SEND_LOCK(stcb);
12868 if ((asoc->stream_locked) &&
12869 (asoc->stream_locked_on != srcv->sinfo_stream)) {
12870 SCTP_TCB_SEND_UNLOCK(stcb);
12871 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12872 error = EINVAL;
12873 goto out;
12874 }
12875 SCTP_TCB_SEND_UNLOCK(stcb);
12876
12877 strm = &stcb->asoc.strmout[srcv->sinfo_stream];
12878 if (strm->last_msg_incomplete == 0) {
12879 do_a_copy_in:
12880 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error, non_blocking);
12881 if ((sp == NULL) || (error)) {
12882 goto out;
12883 }
12884 SCTP_TCB_SEND_LOCK(stcb);
12885 if (sp->msg_is_complete) {
12886 strm->last_msg_incomplete = 0;
12887 asoc->stream_locked = 0;
12888 } else {
12889 /*
12890 * Just got locked to this guy in case of an
12891 * interrupt.
12892 */
12893 strm->last_msg_incomplete = 1;
12894 asoc->stream_locked = 1;
12895 asoc->stream_locked_on = srcv->sinfo_stream;
12896 sp->sender_all_done = 0;
12897 }
12898 sctp_snd_sb_alloc(stcb, sp->length);
12899 atomic_add_int(&asoc->stream_queue_cnt, 1);
12900 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) {
12901 sp->strseq = strm->next_sequence_sent;
12902 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_SCTP) {
12903 sctp_misc_ints(SCTP_STRMOUT_LOG_ASSIGN,
12904 (uintptr_t) stcb, sp->length,
12905 (uint32_t) ((srcv->sinfo_stream << 16) | sp->strseq), 0);
12906 }
12907 strm->next_sequence_sent++;
12908 } else {
12909 SCTP_STAT_INCR(sctps_sends_with_unord);
12910 }
12911 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
12912 if ((strm->next_spoke.tqe_next == NULL) &&
12913 (strm->next_spoke.tqe_prev == NULL)) {
12914 /* Not on wheel, insert */
12915 sctp_insert_on_wheel(stcb, asoc, strm, 1);
12916 }
12917 SCTP_TCB_SEND_UNLOCK(stcb);
12918 } else {
12919 SCTP_TCB_SEND_LOCK(stcb);
12920 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead);
12921 SCTP_TCB_SEND_UNLOCK(stcb);
12922 if (sp == NULL) {
12923 /* ???? Huh ??? last msg is gone */
12924#ifdef INVARIANTS
12925 panic("Warning: Last msg marked incomplete, yet nothing left?");
12926#else
12927 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n");
12928 strm->last_msg_incomplete = 0;
12929#endif
12930 goto do_a_copy_in;
12931
12932 }
12933 }
12934 while (uio->uio_resid > 0) {
12935 /* How much room do we have? */
12936 struct mbuf *new_tail, *mm;
12937
12938 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size)
12939 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size;
12940 else
12941 max_len = 0;
12942
12943 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) ||
12944 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) ||
12945 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) {
12946 sndout = 0;
12947 new_tail = NULL;
12948 if (hold_tcblock) {
12949 SCTP_TCB_UNLOCK(stcb);
12950 hold_tcblock = 0;
12951 }
12952 mm = sctp_copy_resume(sp, uio, srcv, max_len, user_marks_eor, &error, &sndout, &new_tail);
12953 if ((mm == NULL) || error) {
12954 if (mm) {
12955 sctp_m_freem(mm);
12956 }
12957 goto out;
12958 }
12959 /* Update the mbuf and count */
12960 SCTP_TCB_SEND_LOCK(stcb);
12961 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12962 /*
12963 * we need to get out. Peer probably
12964 * aborted.
12965 */
12966 sctp_m_freem(mm);
12967 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) {
12968 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
12969 error = ECONNRESET;
12970 }
12971 SCTP_TCB_SEND_UNLOCK(stcb);
12972 goto out;
12973 }
12974 if (sp->tail_mbuf) {
12975 /* tack it to the end */
12976 SCTP_BUF_NEXT(sp->tail_mbuf) = mm;
12977 sp->tail_mbuf = new_tail;
12978 } else {
12979 /* A stolen mbuf */
12980 sp->data = mm;
12981 sp->tail_mbuf = new_tail;
12982 }
12983 sctp_snd_sb_alloc(stcb, sndout);
12984 atomic_add_int(&sp->length, sndout);
12985 len += sndout;
12986
12987 /* Did we reach EOR? */
12988 if ((uio->uio_resid == 0) &&
12989 ((user_marks_eor == 0) ||
12990 (srcv->sinfo_flags & SCTP_EOF) ||
12991 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
12992 sp->msg_is_complete = 1;
12993 } else {
12994 sp->msg_is_complete = 0;
12995 }
12996 SCTP_TCB_SEND_UNLOCK(stcb);
12997 }
12998 if (uio->uio_resid == 0) {
12999 /* got it all? */
13000 continue;
13001 }
13002 /* PR-SCTP? */
13003 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) {
13004 /*
13005 * This is ugly but we must assure locking
13006 * order
13007 */
13008 if (hold_tcblock == 0) {
13009 SCTP_TCB_LOCK(stcb);
13010 hold_tcblock = 1;
13011 }
13012 sctp_prune_prsctp(stcb, asoc, srcv, sndlen);
13013 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
13014 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size)
13015 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
13016 else
13017 max_len = 0;
13018 if (max_len > 0) {
13019 continue;
13020 }
13021 SCTP_TCB_UNLOCK(stcb);
13022 hold_tcblock = 0;
13023 }
13024 /* wait for space now */
13025 if (non_blocking) {
13026 /* Non-blocking io in place out */
13027 goto skip_out_eof;
13028 }
13029 if ((net->flight_size > net->cwnd) &&
13030 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) {
13031 queue_only = 1;
13032 } else if (asoc->ifp_had_enobuf) {
13033 SCTP_STAT_INCR(sctps_ifnomemqueued);
13034 if (net->flight_size > (net->mtu * 2)) {
13035 queue_only = 1;
13036 } else {
13037 queue_only = 0;
13038 }
13039 asoc->ifp_had_enobuf = 0;
13040 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13041 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13042 } else {
13043 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13044 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13045 if (net->flight_size > net->cwnd) {
13046 queue_only = 1;
13047 SCTP_STAT_INCR(sctps_send_cwnd_avoid);
13048 } else {
13049 queue_only = 0;
13050 }
13051 }
13052 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
13053 (stcb->asoc.total_flight > 0) &&
13054 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) &&
13055 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) {
13056
13057 /*-
13058 * Ok, Nagle is set on and we have data outstanding.
13059 * Don't send anything and let SACKs drive out the
13060 * data unless wen have a "full" segment to send.
13061 */
13062 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13063 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED);
13064 }
13065 SCTP_STAT_INCR(sctps_naglequeued);
13066 nagle_applies = 1;
13067 } else {
13068 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13069 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY))
13070 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED);
13071 }
13072 SCTP_STAT_INCR(sctps_naglesent);
13073 nagle_applies = 0;
13074 }
13075 /* What about the INIT, send it maybe */
13076 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
13077
13078 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only,
13079 nagle_applies, un_sent);
13080 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size,
13081 stcb->asoc.total_flight,
13082 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count);
13083 }
13084 if (queue_only_for_init) {
13085 if (hold_tcblock == 0) {
13086 SCTP_TCB_LOCK(stcb);
13087 hold_tcblock = 1;
13088 }
13089 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) {
13090 /* a collision took us forward? */
13091 queue_only_for_init = 0;
13092 queue_only = 0;
13093 } else {
13094 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED);
13095 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT);
13096 queue_only_for_init = 0;
13097 queue_only = 1;
13098 }
13099 }
13100 if ((queue_only == 0) && (nagle_applies == 0)) {
13101 /*-
13102 * need to start chunk output
13103 * before blocking.. note that if
13104 * a lock is already applied, then
13105 * the input via the net is happening
13106 * and I don't need to start output :-D
13107 */
13108 if (hold_tcblock == 0) {
13109 if (SCTP_TCB_TRYLOCK(stcb)) {
13110 hold_tcblock = 1;
13111 sctp_chunk_output(inp,
13112 stcb,
13113 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13114 }
13115 } else {
13116 sctp_chunk_output(inp,
13117 stcb,
13118 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13119 }
13120 if (hold_tcblock == 1) {
13121 SCTP_TCB_UNLOCK(stcb);
13122 hold_tcblock = 0;
13123 }
13124 }
13125 SOCKBUF_LOCK(&so->so_snd);
13126 /*-
13127 * This is a bit strange, but I think it will
13128 * work. The total_output_queue_size is locked and
13129 * protected by the TCB_LOCK, which we just released.
13130 * There is a race that can occur between releasing it
13131 * above, and me getting the socket lock, where sacks
13132 * come in but we have not put the SB_WAIT on the
13133 * so_snd buffer to get the wakeup. After the LOCK
13134 * is applied the sack_processing will also need to
13135 * LOCK the so->so_snd to do the actual sowwakeup(). So
13136 * once we have the socket buffer lock if we recheck the
13137 * size we KNOW we will get to sleep safely with the
13138 * wakeup flag in place.
13139 */
13140 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size +
13141 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) {
13142 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
13143 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK,
13144 so, asoc, uio->uio_resid);
13145 }
13146 be.error = 0;
13147 stcb->block_entry = &be;
13148 error = sbwait(&so->so_snd);
13149 stcb->block_entry = NULL;
13150
13151 if (error || so->so_error || be.error) {
13152 if (error == 0) {
13153 if (so->so_error)
13154 error = so->so_error;
13155 if (be.error) {
13156 error = be.error;
13157 }
13158 }
13159 SOCKBUF_UNLOCK(&so->so_snd);
13160 goto out_unlocked;
13161 }
13162 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
13163 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
13164 so, asoc, stcb->asoc.total_output_queue_size);
13165 }
13166 }
13167 SOCKBUF_UNLOCK(&so->so_snd);
13168 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
13169 goto out_unlocked;
13170 }
13171 }
13172 SCTP_TCB_SEND_LOCK(stcb);
13173 if (sp) {
13174 if (sp->msg_is_complete == 0) {
13175 strm->last_msg_incomplete = 1;
13176 asoc->stream_locked = 1;
13177 asoc->stream_locked_on = srcv->sinfo_stream;
13178 } else {
13179 sp->sender_all_done = 1;
13180 strm->last_msg_incomplete = 0;
13181 asoc->stream_locked = 0;
13182 }
13183 } else {
13184 SCTP_PRINTF("Huh no sp TSNH?\n");
13185 strm->last_msg_incomplete = 0;
13186 asoc->stream_locked = 0;
13187 }
13188 SCTP_TCB_SEND_UNLOCK(stcb);
13189 if (uio->uio_resid == 0) {
13190 got_all_of_the_send = 1;
13191 }
13192 } else if (top) {
13193 /* We send in a 0, since we do NOT have any locks */
13194 error = sctp_msg_append(stcb, net, top, srcv, 0);
13195 top = NULL;
13196 if (srcv->sinfo_flags & SCTP_EOF) {
13197 /*
13198 * This should only happen for Panda for the mbuf
13199 * send case, which does NOT yet support EEOR mode.
13200 * Thus, we can just set this flag to do the proper
13201 * EOF handling.
13202 */
13203 got_all_of_the_send = 1;
13204 }
13205 }
13206 if (error) {
13207 goto out;
13208 }
13209dataless_eof:
13210 /* EOF thing ? */
13211 if ((srcv->sinfo_flags & SCTP_EOF) &&
13212 (got_all_of_the_send == 1) &&
13213 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
13214 int cnt;
13215
13216 SCTP_STAT_INCR(sctps_sends_with_eof);
13217 error = 0;
13218 if (hold_tcblock == 0) {
13219 SCTP_TCB_LOCK(stcb);
13220 hold_tcblock = 1;
13221 }
13222 cnt = sctp_is_there_unsent_data(stcb);
13223 if (TAILQ_EMPTY(&asoc->send_queue) &&
13224 TAILQ_EMPTY(&asoc->sent_queue) &&
13225 (cnt == 0)) {
13226 if (asoc->locked_on_sending) {
13227 goto abort_anyway;
13228 }
13229 /* there is nothing queued to send, so I'm done... */
13230 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
13231 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
13232 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
13233 /* only send SHUTDOWN the first time through */
13234 sctp_send_shutdown(stcb, stcb->asoc.primary_destination);
13235 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
13236 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
13237 }
13238 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
13239 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
13240 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
13241 asoc->primary_destination);
13242 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
13243 asoc->primary_destination);
13244 }
13245 } else {
13246 /*-
13247 * we still got (or just got) data to send, so set
13248 * SHUTDOWN_PENDING
13249 */
13250 /*-
13251 * XXX sockets draft says that SCTP_EOF should be
13252 * sent with no data. currently, we will allow user
13253 * data to be sent first and move to
13254 * SHUTDOWN-PENDING
13255 */
13256 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
13257 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
13258 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
13259 if (hold_tcblock == 0) {
13260 SCTP_TCB_LOCK(stcb);
13261 hold_tcblock = 1;
13262 }
13263 if (asoc->locked_on_sending) {
13264 /* Locked to send out the data */
13265 struct sctp_stream_queue_pending *sp;
13266
13267 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead);
13268 if (sp) {
13269 if ((sp->length == 0) && (sp->msg_is_complete == 0))
13270 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
13271 }
13272 }
13273 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING;
13274 if (TAILQ_EMPTY(&asoc->send_queue) &&
13275 TAILQ_EMPTY(&asoc->sent_queue) &&
13276 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
13277 abort_anyway:
13278 if (free_cnt_applied) {
13279 atomic_add_int(&stcb->asoc.refcnt, -1);
13280 free_cnt_applied = 0;
13281 }
13282 sctp_abort_an_association(stcb->sctp_ep, stcb,
13283 SCTP_RESPONSE_TO_USER_REQ,
13284 NULL, SCTP_SO_LOCKED);
13285 /*
13286 * now relock the stcb so everything
13287 * is sane
13288 */
13289 hold_tcblock = 0;
13290 stcb = NULL;
13291 goto out;
13292 }
13293 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
13294 asoc->primary_destination);
13295 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY);
13296 }
13297 }
13298 }
13299skip_out_eof:
13300 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
13301 some_on_control = 1;
13302 }
13303 if ((net->flight_size > net->cwnd) &&
13304 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) {
13305 queue_only = 1;
13306 } else if (asoc->ifp_had_enobuf) {
13307 SCTP_STAT_INCR(sctps_ifnomemqueued);
13308 if (net->flight_size > (net->mtu * 2)) {
13309 queue_only = 1;
13310 } else {
13311 queue_only = 0;
13312 }
13313 asoc->ifp_had_enobuf = 0;
13314 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13315 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13316 } else {
13317 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13318 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13319 if (net->flight_size > net->cwnd) {
13320 queue_only = 1;
13321 SCTP_STAT_INCR(sctps_send_cwnd_avoid);
13322 } else {
13323 queue_only = 0;
13324 }
13325 }
13326 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
13327 (stcb->asoc.total_flight > 0) &&
13328 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) &&
13329 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) {
13330 /*-
13331 * Ok, Nagle is set on and we have data outstanding.
13332 * Don't send anything and let SACKs drive out the
13333 * data unless wen have a "full" segment to send.
13334 */
13335 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13336 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED);
13337 }
13338 SCTP_STAT_INCR(sctps_naglequeued);
13339 nagle_applies = 1;
13340 } else {
13341 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13342 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY))
13343 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED);
13344 }
13345 SCTP_STAT_INCR(sctps_naglesent);
13346 nagle_applies = 0;
13347 }
13348 if (queue_only_for_init) {
13349 if (hold_tcblock == 0) {
13350 SCTP_TCB_LOCK(stcb);
13351 hold_tcblock = 1;
13352 }
13353 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) {
13354 /* a collision took us forward? */
13355 queue_only_for_init = 0;
13356 queue_only = 0;
13357 } else {
13358 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED);
13359 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT);
13360 queue_only_for_init = 0;
13361 queue_only = 1;
13362 }
13363 }
13364 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) {
13365 /* we can attempt to send too. */
13366 if (hold_tcblock == 0) {
13367 /*
13368 * If there is activity recv'ing sacks no need to
13369 * send
13370 */
13371 if (SCTP_TCB_TRYLOCK(stcb)) {
13372 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13373 hold_tcblock = 1;
13374 }
13375 } else {
13376 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13377 }
13378 } else if ((queue_only == 0) &&
13379 (stcb->asoc.peers_rwnd == 0) &&
13380 (stcb->asoc.total_flight == 0)) {
13381 /* We get to have a probe outstanding */
13382 if (hold_tcblock == 0) {
13383 hold_tcblock = 1;
13384 SCTP_TCB_LOCK(stcb);
13385 }
13386 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13387 } else if (some_on_control) {
13388 int num_out, reason, frag_point;
13389
13390 /* Here we do control only */
13391 if (hold_tcblock == 0) {
13392 hold_tcblock = 1;
13393 SCTP_TCB_LOCK(stcb);
13394 }
13395 frag_point = sctp_get_frag_point(stcb, &stcb->asoc);
13396 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out,
13397 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED);
13398 }
13399 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n",
13400 queue_only, stcb->asoc.peers_rwnd, un_sent,
13401 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue,
13402 stcb->asoc.total_output_queue_size, error);
13403
13404out:
13405out_unlocked:
13406
13407 if (local_soresv && stcb) {
13408 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen);
13409 local_soresv = 0;
13410 }
13411 if (create_lock_applied) {
13412 SCTP_ASOC_CREATE_UNLOCK(inp);
13413 create_lock_applied = 0;
13414 }
13415 if ((stcb) && hold_tcblock) {
13416 SCTP_TCB_UNLOCK(stcb);
13417 }
13418 if (stcb && free_cnt_applied) {
13419 atomic_add_int(&stcb->asoc.refcnt, -1);
13420 }
13421#ifdef INVARIANTS
13422 if (stcb) {
13423 if (mtx_owned(&stcb->tcb_mtx)) {
13424 panic("Leaving with tcb mtx owned?");
13425 }
13426 if (mtx_owned(&stcb->tcb_send_mtx)) {
13427 panic("Leaving with tcb send mtx owned?");
13428 }
13429 }
13430#endif
13431#ifdef INVARIANTS
13432 if (inp) {
13433 sctp_validate_no_locks(inp);
13434 } else {
13435 printf("Warning - inp is NULL so cant validate locks\n");
13436 }
13437#endif
13438 if (top) {
13439 sctp_m_freem(top);
13440 }
13441 if (control) {
13442 sctp_m_freem(control);
13443 }
13444 return (error);
13445}
13446
13447
13448/*
13449 * generate an AUTHentication chunk, if required
13450 */
13451struct mbuf *
13452sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end,
13453 struct sctp_auth_chunk **auth_ret, uint32_t * offset,
13454 struct sctp_tcb *stcb, uint8_t chunk)
13455{
13456 struct mbuf *m_auth;
13457 struct sctp_auth_chunk *auth;
13458 int chunk_len;
13459
13460 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) ||
13461 (stcb == NULL))
13462 return (m);
13463
13464 /* sysctl disabled auth? */
13465 if (SCTP_BASE_SYSCTL(sctp_auth_disable))
13466 return (m);
13467
13468 /* peer doesn't do auth... */
13469 if (!stcb->asoc.peer_supports_auth) {
13470 return (m);
13471 }
13472 /* does the requested chunk require auth? */
13473 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) {
13474 return (m);
13475 }
13476 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_DONTWAIT, 1, MT_HEADER);
13477 if (m_auth == NULL) {
13478 /* no mbuf's */
13479 return (m);
13480 }
13481 /* reserve some space if this will be the first mbuf */
13482 if (m == NULL)
13483 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD);
13484 /* fill in the AUTH chunk details */
13485 auth = mtod(m_auth, struct sctp_auth_chunk *);
13486 bzero(auth, sizeof(*auth));
13487 auth->ch.chunk_type = SCTP_AUTHENTICATION;
13488 auth->ch.chunk_flags = 0;
13489 chunk_len = sizeof(*auth) +
13490 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id);
13491 auth->ch.chunk_length = htons(chunk_len);
13492 auth->hmac_id = htons(stcb->asoc.peer_hmac_id);
13493 /* key id and hmac digest will be computed and filled in upon send */
13494
13495 /* save the offset where the auth was inserted into the chain */
13496 if (m != NULL) {
13497 struct mbuf *cn;
13498
13499 *offset = 0;
13500 cn = m;
13501 while (cn) {
13502 *offset += SCTP_BUF_LEN(cn);
13503 cn = SCTP_BUF_NEXT(cn);
13504 }
13505 } else
13506 *offset = 0;
13507
13508 /* update length and return pointer to the auth chunk */
13509 SCTP_BUF_LEN(m_auth) = chunk_len;
13510 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0);
13511 if (auth_ret != NULL)
13512 *auth_ret = auth;
13513
13514 return (m);
13515}
13516
13517#ifdef INET6
13518int
13519sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro)
13520{
13521 struct nd_prefix *pfx = NULL;
13522 struct nd_pfxrouter *pfxrtr = NULL;
13523 struct sockaddr_in6 gw6;
13524
13525 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6)
13526 return (0);
13527
13528 /* get prefix entry of address */
13529 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) {
13530 if (pfx->ndpr_stateflags & NDPRF_DETACHED)
13531 continue;
13532 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr,
13533 &src6->sin6_addr, &pfx->ndpr_mask))
13534 break;
13535 }
13536 /* no prefix entry in the prefix list */
13537 if (pfx == NULL) {
13538 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for ");
13539 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6);
13540 return (0);
13541 }
13542 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is ");
13543 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6);
13544
13545 /* search installed gateway from prefix entry */
13546 for (pfxrtr = pfx->ndpr_advrtrs.lh_first; pfxrtr; pfxrtr =
13547 pfxrtr->pfr_next) {
13548 memset(&gw6, 0, sizeof(struct sockaddr_in6));
13549 gw6.sin6_family = AF_INET6;
13550 gw6.sin6_len = sizeof(struct sockaddr_in6);
13551 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr,
13552 sizeof(struct in6_addr));
13553 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is ");
13554 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6);
13555 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is ");
13556 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway);
13557 if (sctp_cmpaddr((struct sockaddr *)&gw6,
13558 ro->ro_rt->rt_gateway)) {
13559 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n");
13560 return (1);
13561 }
13562 }
13563 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n");
13564 return (0);
13565}
13566
13567#endif
13568
13569int
13570sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t * ro)
13571{
13572 struct sockaddr_in *sin, *mask;
13573 struct ifaddr *ifa;
13574 struct in_addr srcnetaddr, gwnetaddr;
13575
13576 if (ro == NULL || ro->ro_rt == NULL ||
13577 sifa->address.sa.sa_family != AF_INET) {
13578 return (0);
13579 }
13580 ifa = (struct ifaddr *)sifa->ifa;
13581 mask = (struct sockaddr_in *)(ifa->ifa_netmask);
13582 sin = (struct sockaddr_in *)&sifa->address.sin;
13583 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr);
13584 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is ");
13585 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
13586 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr);
13587
13588 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
13589 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr);
13590 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is ");
13591 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway);
13592 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr);
13593 if (srcnetaddr.s_addr == gwnetaddr.s_addr) {
13594 return (1);
13595 }
13596 return (0);
13597}
| 9743 /* no more to look at */
9744 break;
9745 }
9746 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) {
9747 /* We don't report these */
9748 continue;
9749 }
9750 cnt_of_skipped++;
9751 }
9752 space_needed = (sizeof(struct sctp_forward_tsn_chunk) +
9753 (cnt_of_skipped * sizeof(struct sctp_strseq)));
9754
9755 cnt_of_space = M_TRAILINGSPACE(chk->data);
9756
9757 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
9758 ovh = SCTP_MIN_OVERHEAD;
9759 } else {
9760 ovh = SCTP_MIN_V4_OVERHEAD;
9761 }
9762 if (cnt_of_space > (asoc->smallest_mtu - ovh)) {
9763 /* trim to a mtu size */
9764 cnt_of_space = asoc->smallest_mtu - ovh;
9765 }
9766 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
9767 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
9768 0xff, 0, cnt_of_skipped,
9769 asoc->advanced_peer_ack_point);
9770
9771 }
9772 advance_peer_ack_point = asoc->advanced_peer_ack_point;
9773 if (cnt_of_space < space_needed) {
9774 /*-
9775 * ok we must trim down the chunk by lowering the
9776 * advance peer ack point.
9777 */
9778 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
9779 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
9780 0xff, 0xff, cnt_of_space,
9781 space_needed);
9782 }
9783 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk);
9784 cnt_of_skipped /= sizeof(struct sctp_strseq);
9785 /*-
9786 * Go through and find the TSN that will be the one
9787 * we report.
9788 */
9789 at = TAILQ_FIRST(&asoc->sent_queue);
9790 for (i = 0; i < cnt_of_skipped; i++) {
9791 tp1 = TAILQ_NEXT(at, sctp_next);
9792 at = tp1;
9793 }
9794 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
9795 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
9796 0xff, cnt_of_skipped, at->rec.data.TSN_seq,
9797 asoc->advanced_peer_ack_point);
9798 }
9799 last = at;
9800 /*-
9801 * last now points to last one I can report, update
9802 * peer ack point
9803 */
9804 advance_peer_ack_point = last->rec.data.TSN_seq;
9805 space_needed = sizeof(struct sctp_forward_tsn_chunk) +
9806 cnt_of_skipped * sizeof(struct sctp_strseq);
9807 }
9808 chk->send_size = space_needed;
9809 /* Setup the chunk */
9810 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *);
9811 fwdtsn->ch.chunk_length = htons(chk->send_size);
9812 fwdtsn->ch.chunk_flags = 0;
9813 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN;
9814 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point);
9815 SCTP_BUF_LEN(chk->data) = chk->send_size;
9816 fwdtsn++;
9817 /*-
9818 * Move pointer to after the fwdtsn and transfer to the
9819 * strseq pointer.
9820 */
9821 strseq = (struct sctp_strseq *)fwdtsn;
9822 /*-
9823 * Now populate the strseq list. This is done blindly
9824 * without pulling out duplicate stream info. This is
9825 * inefficent but won't harm the process since the peer will
9826 * look at these in sequence and will thus release anything.
9827 * It could mean we exceed the PMTU and chop off some that
9828 * we could have included.. but this is unlikely (aka 1432/4
9829 * would mean 300+ stream seq's would have to be reported in
9830 * one FWD-TSN. With a bit of work we can later FIX this to
9831 * optimize and pull out duplcates.. but it does add more
9832 * overhead. So for now... not!
9833 */
9834 at = TAILQ_FIRST(&asoc->sent_queue);
9835 for (i = 0; i < cnt_of_skipped; i++) {
9836 tp1 = TAILQ_NEXT(at, sctp_next);
9837 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) {
9838 /* We don't report these */
9839 i--;
9840 at = tp1;
9841 continue;
9842 }
9843 if (at->rec.data.TSN_seq == advance_peer_ack_point) {
9844 at->rec.data.fwd_tsn_cnt = 0;
9845 }
9846 strseq->stream = ntohs(at->rec.data.stream_number);
9847 strseq->sequence = ntohs(at->rec.data.stream_seq);
9848 strseq++;
9849 at = tp1;
9850 }
9851 }
9852 return;
9853
9854}
9855
9856void
9857sctp_send_sack(struct sctp_tcb *stcb)
9858{
9859 /*-
9860 * Queue up a SACK or NR-SACK in the control queue.
9861 * We must first check to see if a SACK or NR-SACK is
9862 * somehow on the control queue.
9863 * If so, we will take and and remove the old one.
9864 */
9865 struct sctp_association *asoc;
9866 struct sctp_tmit_chunk *chk, *a_chk;
9867 struct sctp_sack_chunk *sack;
9868 struct sctp_nr_sack_chunk *nr_sack;
9869 struct sctp_gap_ack_block *gap_descriptor;
9870 struct sack_track *selector;
9871 int mergeable = 0;
9872 int offset;
9873 caddr_t limit;
9874 uint32_t *dup;
9875 int limit_reached = 0;
9876 unsigned int i, sel_start, siz, j, starting_index;
9877 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space;
9878 int num_dups = 0;
9879 int space_req;
9880 uint32_t highest_tsn;
9881 uint8_t flags;
9882 uint8_t type;
9883
9884 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) &&
9885 stcb->asoc.peer_supports_nr_sack) {
9886 type = SCTP_NR_SELECTIVE_ACK;
9887 } else {
9888 type = SCTP_SELECTIVE_ACK;
9889 }
9890 a_chk = NULL;
9891 asoc = &stcb->asoc;
9892 SCTP_TCB_LOCK_ASSERT(stcb);
9893 if (asoc->last_data_chunk_from == NULL) {
9894 /* Hmm we never received anything */
9895 return;
9896 }
9897 sctp_slide_mapping_arrays(stcb);
9898 sctp_set_rwnd(stcb, asoc);
9899 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
9900 if (chk->rec.chunk_id.id == type) {
9901 /* Hmm, found a sack already on queue, remove it */
9902 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
9903 asoc->ctrl_queue_cnt++;
9904 a_chk = chk;
9905 if (a_chk->data) {
9906 sctp_m_freem(a_chk->data);
9907 a_chk->data = NULL;
9908 }
9909 sctp_free_remote_addr(a_chk->whoTo);
9910 a_chk->whoTo = NULL;
9911 break;
9912 }
9913 }
9914 if (a_chk == NULL) {
9915 sctp_alloc_a_chunk(stcb, a_chk);
9916 if (a_chk == NULL) {
9917 /* No memory so we drop the idea, and set a timer */
9918 if (stcb->asoc.delayed_ack) {
9919 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
9920 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5);
9921 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
9922 stcb->sctp_ep, stcb, NULL);
9923 } else {
9924 stcb->asoc.send_sack = 1;
9925 }
9926 return;
9927 }
9928 a_chk->copy_by_ref = 0;
9929 a_chk->rec.chunk_id.id = type;
9930 a_chk->rec.chunk_id.can_take_data = 1;
9931 }
9932 /* Clear our pkt counts */
9933 asoc->data_pkts_seen = 0;
9934
9935 a_chk->asoc = asoc;
9936 a_chk->snd_count = 0;
9937 a_chk->send_size = 0; /* fill in later */
9938 a_chk->sent = SCTP_DATAGRAM_UNSENT;
9939 a_chk->whoTo = NULL;
9940
9941 if ((asoc->numduptsns) ||
9942 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE)
9943 ) {
9944 /*-
9945 * Ok, we have some duplicates or the destination for the
9946 * sack is unreachable, lets see if we can select an
9947 * alternate than asoc->last_data_chunk_from
9948 */
9949 if ((!(asoc->last_data_chunk_from->dest_state &
9950 SCTP_ADDR_NOT_REACHABLE)) &&
9951 (asoc->used_alt_onsack > asoc->numnets)) {
9952 /* We used an alt last time, don't this time */
9953 a_chk->whoTo = NULL;
9954 } else {
9955 asoc->used_alt_onsack++;
9956 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0);
9957 }
9958 if (a_chk->whoTo == NULL) {
9959 /* Nope, no alternate */
9960 a_chk->whoTo = asoc->last_data_chunk_from;
9961 asoc->used_alt_onsack = 0;
9962 }
9963 } else {
9964 /*
9965 * No duplicates so we use the last place we received data
9966 * from.
9967 */
9968 asoc->used_alt_onsack = 0;
9969 a_chk->whoTo = asoc->last_data_chunk_from;
9970 }
9971 if (a_chk->whoTo) {
9972 atomic_add_int(&a_chk->whoTo->ref_count, 1);
9973 }
9974 if (compare_with_wrap(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map, MAX_TSN)) {
9975 highest_tsn = asoc->highest_tsn_inside_map;
9976 } else {
9977 highest_tsn = asoc->highest_tsn_inside_nr_map;
9978 }
9979 if (highest_tsn == asoc->cumulative_tsn) {
9980 /* no gaps */
9981 if (type == SCTP_SELECTIVE_ACK) {
9982 space_req = sizeof(struct sctp_sack_chunk);
9983 } else {
9984 space_req = sizeof(struct sctp_nr_sack_chunk);
9985 }
9986 } else {
9987 /* gaps get a cluster */
9988 space_req = MCLBYTES;
9989 }
9990 /* Ok now lets formulate a MBUF with our sack */
9991 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_DONTWAIT, 1, MT_DATA);
9992 if ((a_chk->data == NULL) ||
9993 (a_chk->whoTo == NULL)) {
9994 /* rats, no mbuf memory */
9995 if (a_chk->data) {
9996 /* was a problem with the destination */
9997 sctp_m_freem(a_chk->data);
9998 a_chk->data = NULL;
9999 }
10000 sctp_free_a_chunk(stcb, a_chk);
10001 /* sa_ignore NO_NULL_CHK */
10002 if (stcb->asoc.delayed_ack) {
10003 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
10004 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6);
10005 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
10006 stcb->sctp_ep, stcb, NULL);
10007 } else {
10008 stcb->asoc.send_sack = 1;
10009 }
10010 return;
10011 }
10012 /* ok, lets go through and fill it in */
10013 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD);
10014 space = M_TRAILINGSPACE(a_chk->data);
10015 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) {
10016 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD);
10017 }
10018 limit = mtod(a_chk->data, caddr_t);
10019 limit += space;
10020
10021 /* 0x01 is used by nonce for ecn */
10022 if ((SCTP_BASE_SYSCTL(sctp_ecn_enable)) &&
10023 (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) &&
10024 (asoc->peer_supports_ecn_nonce))
10025 flags = (asoc->receiver_nonce_sum & SCTP_SACK_NONCE_SUM);
10026 else
10027 flags = 0;
10028
10029 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
10030 /*-
10031 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been
10032 * received, then set high bit to 1, else 0. Reset
10033 * pkts_rcvd.
10034 */
10035 flags |= (asoc->cmt_dac_pkts_rcvd << 6);
10036 asoc->cmt_dac_pkts_rcvd = 0;
10037 }
10038#ifdef SCTP_ASOCLOG_OF_TSNS
10039 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn;
10040 stcb->asoc.cumack_log_atsnt++;
10041 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) {
10042 stcb->asoc.cumack_log_atsnt = 0;
10043 }
10044#endif
10045 /* reset the readers interpretation */
10046 stcb->freed_by_sorcv_sincelast = 0;
10047
10048 if (type == SCTP_SELECTIVE_ACK) {
10049 sack = mtod(a_chk->data, struct sctp_sack_chunk *);
10050 nr_sack = NULL;
10051 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk));
10052 if (highest_tsn > asoc->mapping_array_base_tsn) {
10053 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
10054 } else {
10055 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8;
10056 }
10057 } else {
10058 sack = NULL;
10059 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *);
10060 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk));
10061 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) {
10062 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
10063 } else {
10064 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8;
10065 }
10066 }
10067
10068 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) {
10069 offset = 1;
10070 /*-
10071 * The base TSN is intialized to be the first TSN the peer
10072 * will send us. If the cum-ack is behind this then when they
10073 * send us the next in sequence it will mark the base_tsn bit.
10074 * Thus we need to use the very first selector and the offset
10075 * is 1. Our table is built for this case.
10076 */
10077 starting_index = 0;
10078 sel_start = 0;
10079 } else {
10080 /*-
10081 * we skip the first selector when the cum-ack is at or above the
10082 * mapping array base. This is because the bits at the base or above
10083 * are turned on and our first selector in the table assumes they are
10084 * off. We thus will use the second selector (first is 0). We use
10085 * the reverse of our macro to fix the offset, in bits, that our
10086 * table is at. Note that this method assumes that the cum-tsn is
10087 * within the first bit, i.e. its value is 0-7 which means the
10088 * result to our offset will be either a 0 - -7. If the cumack
10089 * is NOT in the first byte (0) (which it should be since we did
10090 * a mapping array slide above) then we need to calculate the starting
10091 * index i.e. which byte of the mapping array we should start at. We
10092 * do this by dividing by 8 and pushing the remainder (mod) into offset.
10093 * then we multiply the offset to be negative, since we need a negative
10094 * offset into the selector table.
10095 */
10096 SCTP_CALC_TSN_TO_GAP(offset, asoc->cumulative_tsn, asoc->mapping_array_base_tsn);
10097 if (offset > 7) {
10098 starting_index = offset / 8;
10099 offset = offset % 8;
10100 printf("Strange starting index is %d offset:%d (not 0/x)\n",
10101 starting_index, offset);
10102 } else {
10103 starting_index = 0;
10104 }
10105 /* We need a negative offset in our table */
10106 offset *= -1;
10107 sel_start = 1;
10108 }
10109 if (((type == SCTP_SELECTIVE_ACK) &&
10110 compare_with_wrap(highest_tsn, asoc->cumulative_tsn, MAX_TSN)) ||
10111 ((type == SCTP_NR_SELECTIVE_ACK) &&
10112 compare_with_wrap(asoc->highest_tsn_inside_map, asoc->cumulative_tsn, MAX_TSN))) {
10113 /* we have a gap .. maybe */
10114 for (i = starting_index; i < siz; i++) {
10115 if (type == SCTP_SELECTIVE_ACK) {
10116 selector = &sack_array[asoc->mapping_array[i] | asoc->nr_mapping_array[i]];
10117 } else {
10118 selector = &sack_array[asoc->mapping_array[i]];
10119 }
10120 if (mergeable && selector->right_edge) {
10121 /*
10122 * Backup, left and right edges were ok to
10123 * merge.
10124 */
10125 num_gap_blocks--;
10126 gap_descriptor--;
10127 }
10128 if (selector->num_entries == 0)
10129 mergeable = 0;
10130 else {
10131 for (j = sel_start; j < selector->num_entries; j++) {
10132 if (mergeable && selector->right_edge) {
10133 /*
10134 * do a merge by NOT setting
10135 * the left side
10136 */
10137 mergeable = 0;
10138 } else {
10139 /*
10140 * no merge, set the left
10141 * side
10142 */
10143 mergeable = 0;
10144 gap_descriptor->start = htons((selector->gaps[j].start + offset));
10145 }
10146 gap_descriptor->end = htons((selector->gaps[j].end + offset));
10147 num_gap_blocks++;
10148 gap_descriptor++;
10149 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) {
10150 /* no more room */
10151 limit_reached = 1;
10152 break;
10153 }
10154 }
10155 if (selector->left_edge) {
10156 mergeable = 1;
10157 }
10158 }
10159 if (limit_reached) {
10160 /* Reached the limit stop */
10161 break;
10162 }
10163 sel_start = 0;
10164 offset += 8;
10165 }
10166 }
10167 if ((type == SCTP_NR_SELECTIVE_ACK) &&
10168 (limit_reached == 0)) {
10169
10170 mergeable = 0;
10171
10172 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn)
10173 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
10174 else
10175 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8;
10176
10177 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) {
10178 offset = 1;
10179 /*-
10180 * cum-ack behind the mapping array, so we start and use all
10181 * entries.
10182 */
10183 sel_start = 0;
10184 } else {
10185 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn;
10186 /*-
10187 * we skip the first one when the cum-ack is at or above the
10188 * mapping array base. Note this only works if
10189 */
10190 sel_start = 1;
10191 }
10192 if (compare_with_wrap(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn, MAX_TSN)) {
10193 /* we have a gap .. maybe */
10194 for (i = 0; i < siz; i++) {
10195 selector = &sack_array[asoc->nr_mapping_array[i]];
10196 if (mergeable && selector->right_edge) {
10197 /*
10198 * Backup, left and right edges were
10199 * ok to merge.
10200 */
10201 num_nr_gap_blocks--;
10202 gap_descriptor--;
10203 }
10204 if (selector->num_entries == 0)
10205 mergeable = 0;
10206 else {
10207 for (j = sel_start; j < selector->num_entries; j++) {
10208 if (mergeable && selector->right_edge) {
10209 /*
10210 * do a merge by NOT
10211 * setting the left
10212 * side
10213 */
10214 mergeable = 0;
10215 } else {
10216 /*
10217 * no merge, set the
10218 * left side
10219 */
10220 mergeable = 0;
10221 gap_descriptor->start = htons((selector->gaps[j].start + offset));
10222 }
10223 gap_descriptor->end = htons((selector->gaps[j].end + offset));
10224 num_nr_gap_blocks++;
10225 gap_descriptor++;
10226 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) {
10227 /* no more room */
10228 limit_reached = 1;
10229 break;
10230 }
10231 }
10232 if (selector->left_edge) {
10233 mergeable = 1;
10234 }
10235 }
10236 if (limit_reached) {
10237 /* Reached the limit stop */
10238 break;
10239 }
10240 sel_start = 0;
10241 offset += 8;
10242 }
10243 }
10244 }
10245 /* now we must add any dups we are going to report. */
10246 if ((limit_reached == 0) && (asoc->numduptsns)) {
10247 dup = (uint32_t *) gap_descriptor;
10248 for (i = 0; i < asoc->numduptsns; i++) {
10249 *dup = htonl(asoc->dup_tsns[i]);
10250 dup++;
10251 num_dups++;
10252 if (((caddr_t)dup + sizeof(uint32_t)) > limit) {
10253 /* no more room */
10254 break;
10255 }
10256 }
10257 asoc->numduptsns = 0;
10258 }
10259 /*
10260 * now that the chunk is prepared queue it to the control chunk
10261 * queue.
10262 */
10263 if (type == SCTP_SELECTIVE_ACK) {
10264 a_chk->send_size = sizeof(struct sctp_sack_chunk) +
10265 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) +
10266 num_dups * sizeof(int32_t);
10267 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size;
10268 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn);
10269 sack->sack.a_rwnd = htonl(asoc->my_rwnd);
10270 sack->sack.num_gap_ack_blks = htons(num_gap_blocks);
10271 sack->sack.num_dup_tsns = htons(num_dups);
10272 sack->ch.chunk_type = type;
10273 sack->ch.chunk_flags = flags;
10274 sack->ch.chunk_length = htons(a_chk->send_size);
10275 } else {
10276 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) +
10277 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) +
10278 num_dups * sizeof(int32_t);
10279 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size;
10280 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn);
10281 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd);
10282 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks);
10283 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks);
10284 nr_sack->nr_sack.num_dup_tsns = htons(num_dups);
10285 nr_sack->nr_sack.reserved = 0;
10286 nr_sack->ch.chunk_type = type;
10287 nr_sack->ch.chunk_flags = flags;
10288 nr_sack->ch.chunk_length = htons(a_chk->send_size);
10289 }
10290 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next);
10291 asoc->my_last_reported_rwnd = asoc->my_rwnd;
10292 asoc->ctrl_queue_cnt++;
10293 asoc->send_sack = 0;
10294 SCTP_STAT_INCR(sctps_sendsacks);
10295 return;
10296}
10297
10298void
10299sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked
10300#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
10301 SCTP_UNUSED
10302#endif
10303)
10304{
10305 struct mbuf *m_abort;
10306 struct mbuf *m_out = NULL, *m_end = NULL;
10307 struct sctp_abort_chunk *abort = NULL;
10308 int sz;
10309 uint32_t auth_offset = 0;
10310 struct sctp_auth_chunk *auth = NULL;
10311
10312 /*-
10313 * Add an AUTH chunk, if chunk requires it and save the offset into
10314 * the chain for AUTH
10315 */
10316 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION,
10317 stcb->asoc.peer_auth_chunks)) {
10318 m_out = sctp_add_auth_chunk(m_out, &m_end, &auth, &auth_offset,
10319 stcb, SCTP_ABORT_ASSOCIATION);
10320 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10321 }
10322 SCTP_TCB_LOCK_ASSERT(stcb);
10323 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_DONTWAIT, 1, MT_HEADER);
10324 if (m_abort == NULL) {
10325 /* no mbuf's */
10326 if (m_out)
10327 sctp_m_freem(m_out);
10328 return;
10329 }
10330 /* link in any error */
10331 SCTP_BUF_NEXT(m_abort) = operr;
10332 sz = 0;
10333 if (operr) {
10334 struct mbuf *n;
10335
10336 n = operr;
10337 while (n) {
10338 sz += SCTP_BUF_LEN(n);
10339 n = SCTP_BUF_NEXT(n);
10340 }
10341 }
10342 SCTP_BUF_LEN(m_abort) = sizeof(*abort);
10343 if (m_out == NULL) {
10344 /* NO Auth chunk prepended, so reserve space in front */
10345 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD);
10346 m_out = m_abort;
10347 } else {
10348 /* Put AUTH chunk at the front of the chain */
10349 SCTP_BUF_NEXT(m_end) = m_abort;
10350 }
10351
10352 /* fill in the ABORT chunk */
10353 abort = mtod(m_abort, struct sctp_abort_chunk *);
10354 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION;
10355 abort->ch.chunk_flags = 0;
10356 abort->ch.chunk_length = htons(sizeof(*abort) + sz);
10357
10358 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb,
10359 stcb->asoc.primary_destination,
10360 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr,
10361 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, NULL, 0,
10362 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag),
10363 stcb->asoc.primary_destination->port, so_locked, NULL);
10364 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10365}
10366
10367void
10368sctp_send_shutdown_complete(struct sctp_tcb *stcb,
10369 struct sctp_nets *net,
10370 int reflect_vtag)
10371{
10372 /* formulate and SEND a SHUTDOWN-COMPLETE */
10373 struct mbuf *m_shutdown_comp;
10374 struct sctp_shutdown_complete_chunk *shutdown_complete;
10375 uint32_t vtag;
10376 uint8_t flags;
10377
10378 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER);
10379 if (m_shutdown_comp == NULL) {
10380 /* no mbuf's */
10381 return;
10382 }
10383 if (reflect_vtag) {
10384 flags = SCTP_HAD_NO_TCB;
10385 vtag = stcb->asoc.my_vtag;
10386 } else {
10387 flags = 0;
10388 vtag = stcb->asoc.peer_vtag;
10389 }
10390 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *);
10391 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE;
10392 shutdown_complete->ch.chunk_flags = flags;
10393 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk));
10394 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk);
10395 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net,
10396 (struct sockaddr *)&net->ro._l_addr,
10397 m_shutdown_comp, 0, NULL, 0, 1, 0, NULL, 0,
10398 stcb->sctp_ep->sctp_lport, stcb->rport,
10399 htonl(vtag),
10400 net->port, SCTP_SO_NOT_LOCKED, NULL);
10401 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10402 return;
10403}
10404
10405void
10406sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh,
10407 uint32_t vrf_id, uint16_t port)
10408{
10409 /* formulate and SEND a SHUTDOWN-COMPLETE */
10410 struct mbuf *o_pak;
10411 struct mbuf *mout;
10412 struct ip *iph, *iph_out;
10413 struct udphdr *udp = NULL;
10414
10415#ifdef INET6
10416 struct ip6_hdr *ip6, *ip6_out;
10417
10418#endif
10419 int offset_out, len, mlen;
10420 struct sctp_shutdown_complete_msg *comp_cp;
10421
10422 iph = mtod(m, struct ip *);
10423 switch (iph->ip_v) {
10424 case IPVERSION:
10425 len = (sizeof(struct ip) + sizeof(struct sctp_shutdown_complete_msg));
10426 break;
10427#ifdef INET6
10428 case IPV6_VERSION >> 4:
10429 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_shutdown_complete_msg));
10430 break;
10431#endif
10432 default:
10433 return;
10434 }
10435 if (port) {
10436 len += sizeof(struct udphdr);
10437 }
10438 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA);
10439 if (mout == NULL) {
10440 return;
10441 }
10442 SCTP_BUF_RESV_UF(mout, max_linkhdr);
10443 SCTP_BUF_LEN(mout) = len;
10444 SCTP_BUF_NEXT(mout) = NULL;
10445 iph_out = NULL;
10446#ifdef INET6
10447 ip6_out = NULL;
10448#endif
10449 offset_out = 0;
10450
10451 switch (iph->ip_v) {
10452 case IPVERSION:
10453 iph_out = mtod(mout, struct ip *);
10454
10455 /* Fill in the IP header for the ABORT */
10456 iph_out->ip_v = IPVERSION;
10457 iph_out->ip_hl = (sizeof(struct ip) / 4);
10458 iph_out->ip_tos = (u_char)0;
10459 iph_out->ip_id = 0;
10460 iph_out->ip_off = 0;
10461 iph_out->ip_ttl = MAXTTL;
10462 if (port) {
10463 iph_out->ip_p = IPPROTO_UDP;
10464 } else {
10465 iph_out->ip_p = IPPROTO_SCTP;
10466 }
10467 iph_out->ip_src.s_addr = iph->ip_dst.s_addr;
10468 iph_out->ip_dst.s_addr = iph->ip_src.s_addr;
10469
10470 /* let IP layer calculate this */
10471 iph_out->ip_sum = 0;
10472 offset_out += sizeof(*iph_out);
10473 comp_cp = (struct sctp_shutdown_complete_msg *)(
10474 (caddr_t)iph_out + offset_out);
10475 break;
10476#ifdef INET6
10477 case IPV6_VERSION >> 4:
10478 ip6 = (struct ip6_hdr *)iph;
10479 ip6_out = mtod(mout, struct ip6_hdr *);
10480
10481 /* Fill in the IPv6 header for the ABORT */
10482 ip6_out->ip6_flow = ip6->ip6_flow;
10483 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
10484 if (port) {
10485 ip6_out->ip6_nxt = IPPROTO_UDP;
10486 } else {
10487 ip6_out->ip6_nxt = IPPROTO_SCTP;
10488 }
10489 ip6_out->ip6_src = ip6->ip6_dst;
10490 ip6_out->ip6_dst = ip6->ip6_src;
10491 /*
10492 * ?? The old code had both the iph len + payload, I think
10493 * this is wrong and would never have worked
10494 */
10495 ip6_out->ip6_plen = sizeof(struct sctp_shutdown_complete_msg);
10496 offset_out += sizeof(*ip6_out);
10497 comp_cp = (struct sctp_shutdown_complete_msg *)(
10498 (caddr_t)ip6_out + offset_out);
10499 break;
10500#endif /* INET6 */
10501 default:
10502 /* Currently not supported. */
10503 sctp_m_freem(mout);
10504 return;
10505 }
10506 if (port) {
10507 udp = (struct udphdr *)comp_cp;
10508 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
10509 udp->uh_dport = port;
10510 udp->uh_ulen = htons(sizeof(struct sctp_shutdown_complete_msg) + sizeof(struct udphdr));
10511 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
10512 offset_out += sizeof(struct udphdr);
10513 comp_cp = (struct sctp_shutdown_complete_msg *)((caddr_t)comp_cp + sizeof(struct udphdr));
10514 }
10515 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
10516 /* no mbuf's */
10517 sctp_m_freem(mout);
10518 return;
10519 }
10520 /* Now copy in and fill in the ABORT tags etc. */
10521 comp_cp->sh.src_port = sh->dest_port;
10522 comp_cp->sh.dest_port = sh->src_port;
10523 comp_cp->sh.checksum = 0;
10524 comp_cp->sh.v_tag = sh->v_tag;
10525 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB;
10526 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE;
10527 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk));
10528
10529 if (iph_out != NULL) {
10530 sctp_route_t ro;
10531 int ret;
10532 struct sctp_tcb *stcb = NULL;
10533
10534 mlen = SCTP_BUF_LEN(mout);
10535 bzero(&ro, sizeof ro);
10536 /* set IPv4 length */
10537 iph_out->ip_len = mlen;
10538#ifdef SCTP_PACKET_LOGGING
10539 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
10540 sctp_packet_log(mout, mlen);
10541#endif
10542 if (port) {
10543 comp_cp->sh.checksum = sctp_calculate_cksum(mout, offset_out);
10544 SCTP_STAT_INCR(sctps_sendswcrc);
10545 SCTP_ENABLE_UDP_CSUM(mout);
10546 } else {
10547 mout->m_pkthdr.csum_flags = CSUM_SCTP;
10548 mout->m_pkthdr.csum_data = 0;
10549 SCTP_STAT_INCR(sctps_sendhwcrc);
10550 }
10551 SCTP_ATTACH_CHAIN(o_pak, mout, mlen);
10552 /* out it goes */
10553 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id);
10554
10555 /* Free the route if we got one back */
10556 if (ro.ro_rt)
10557 RTFREE(ro.ro_rt);
10558 }
10559#ifdef INET6
10560 if (ip6_out != NULL) {
10561 struct route_in6 ro;
10562 int ret;
10563 struct sctp_tcb *stcb = NULL;
10564 struct ifnet *ifp = NULL;
10565
10566 bzero(&ro, sizeof(ro));
10567 mlen = SCTP_BUF_LEN(mout);
10568#ifdef SCTP_PACKET_LOGGING
10569 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
10570 sctp_packet_log(mout, mlen);
10571#endif
10572 SCTP_ATTACH_CHAIN(o_pak, mout, mlen);
10573 if (port) {
10574 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
10575 (stcb) &&
10576 (stcb->asoc.loopback_scope))) {
10577 comp_cp->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
10578 SCTP_STAT_INCR(sctps_sendswcrc);
10579 } else {
10580 SCTP_STAT_INCR(sctps_sendnocrc);
10581 }
10582 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), mlen - sizeof(struct ip6_hdr))) == 0) {
10583 udp->uh_sum = 0xffff;
10584 }
10585 } else {
10586 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
10587 (stcb) &&
10588 (stcb->asoc.loopback_scope))) {
10589 mout->m_pkthdr.csum_flags = CSUM_SCTP;
10590 mout->m_pkthdr.csum_data = 0;
10591 SCTP_STAT_INCR(sctps_sendhwcrc);
10592 } else {
10593 SCTP_STAT_INCR(sctps_sendnocrc);
10594 }
10595 }
10596 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id);
10597
10598 /* Free the route if we got one back */
10599 if (ro.ro_rt)
10600 RTFREE(ro.ro_rt);
10601 }
10602#endif
10603 SCTP_STAT_INCR(sctps_sendpackets);
10604 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
10605 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
10606 return;
10607
10608}
10609
10610static struct sctp_nets *
10611sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now)
10612{
10613 struct sctp_nets *net, *hnet;
10614 int ms_goneby, highest_ms, state_overide = 0;
10615
10616 (void)SCTP_GETTIME_TIMEVAL(now);
10617 highest_ms = 0;
10618 hnet = NULL;
10619 SCTP_TCB_LOCK_ASSERT(stcb);
10620 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
10621 if (
10622 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) ||
10623 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)
10624 ) {
10625 /*
10626 * Skip this guy from consideration if HB is off AND
10627 * its confirmed
10628 */
10629 continue;
10630 }
10631 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro._l_addr) == 0) {
10632 /* skip this dest net from consideration */
10633 continue;
10634 }
10635 if (net->last_sent_time.tv_sec) {
10636 /* Sent to so we subtract */
10637 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000;
10638 } else
10639 /* Never been sent to */
10640 ms_goneby = 0x7fffffff;
10641 /*-
10642 * When the address state is unconfirmed but still
10643 * considered reachable, we HB at a higher rate. Once it
10644 * goes confirmed OR reaches the "unreachable" state, thenw
10645 * we cut it back to HB at a more normal pace.
10646 */
10647 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) {
10648 state_overide = 1;
10649 } else {
10650 state_overide = 0;
10651 }
10652
10653 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) &&
10654 (ms_goneby > highest_ms)) {
10655 highest_ms = ms_goneby;
10656 hnet = net;
10657 }
10658 }
10659 if (hnet &&
10660 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) {
10661 state_overide = 1;
10662 } else {
10663 state_overide = 0;
10664 }
10665
10666 if (hnet && highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) {
10667 /*-
10668 * Found the one with longest delay bounds OR it is
10669 * unconfirmed and still not marked unreachable.
10670 */
10671 SCTPDBG(SCTP_DEBUG_OUTPUT4, "net:%p is the hb winner -", hnet);
10672#ifdef SCTP_DEBUG
10673 if (hnet) {
10674 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT4,
10675 (struct sockaddr *)&hnet->ro._l_addr);
10676 } else {
10677 SCTPDBG(SCTP_DEBUG_OUTPUT4, " none\n");
10678 }
10679#endif
10680 /* update the timer now */
10681 hnet->last_sent_time = *now;
10682 return (hnet);
10683 }
10684 /* Nothing to HB */
10685 return (NULL);
10686}
10687
10688int
10689sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net)
10690{
10691 struct sctp_tmit_chunk *chk;
10692 struct sctp_nets *net;
10693 struct sctp_heartbeat_chunk *hb;
10694 struct timeval now;
10695 struct sockaddr_in *sin;
10696 struct sockaddr_in6 *sin6;
10697
10698 SCTP_TCB_LOCK_ASSERT(stcb);
10699 if (user_req == 0) {
10700 net = sctp_select_hb_destination(stcb, &now);
10701 if (net == NULL) {
10702 /*-
10703 * All our busy none to send to, just start the
10704 * timer again.
10705 */
10706 if (stcb->asoc.state == 0) {
10707 return (0);
10708 }
10709 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT,
10710 stcb->sctp_ep,
10711 stcb,
10712 net);
10713 return (0);
10714 }
10715 } else {
10716 net = u_net;
10717 if (net == NULL) {
10718 return (0);
10719 }
10720 (void)SCTP_GETTIME_TIMEVAL(&now);
10721 }
10722 sin = (struct sockaddr_in *)&net->ro._l_addr;
10723 if (sin->sin_family != AF_INET) {
10724 if (sin->sin_family != AF_INET6) {
10725 /* huh */
10726 return (0);
10727 }
10728 }
10729 sctp_alloc_a_chunk(stcb, chk);
10730 if (chk == NULL) {
10731 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n");
10732 return (0);
10733 }
10734 chk->copy_by_ref = 0;
10735 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST;
10736 chk->rec.chunk_id.can_take_data = 1;
10737 chk->asoc = &stcb->asoc;
10738 chk->send_size = sizeof(struct sctp_heartbeat_chunk);
10739
10740 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER);
10741 if (chk->data == NULL) {
10742 sctp_free_a_chunk(stcb, chk);
10743 return (0);
10744 }
10745 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
10746 SCTP_BUF_LEN(chk->data) = chk->send_size;
10747 chk->sent = SCTP_DATAGRAM_UNSENT;
10748 chk->snd_count = 0;
10749 chk->whoTo = net;
10750 atomic_add_int(&chk->whoTo->ref_count, 1);
10751 /* Now we have a mbuf that we can fill in with the details */
10752 hb = mtod(chk->data, struct sctp_heartbeat_chunk *);
10753 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk));
10754 /* fill out chunk header */
10755 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST;
10756 hb->ch.chunk_flags = 0;
10757 hb->ch.chunk_length = htons(chk->send_size);
10758 /* Fill out hb parameter */
10759 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO);
10760 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param));
10761 hb->heartbeat.hb_info.time_value_1 = now.tv_sec;
10762 hb->heartbeat.hb_info.time_value_2 = now.tv_usec;
10763 /* Did our user request this one, put it in */
10764 hb->heartbeat.hb_info.user_req = user_req;
10765 hb->heartbeat.hb_info.addr_family = sin->sin_family;
10766 hb->heartbeat.hb_info.addr_len = sin->sin_len;
10767 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
10768 /*
10769 * we only take from the entropy pool if the address is not
10770 * confirmed.
10771 */
10772 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
10773 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
10774 } else {
10775 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0;
10776 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0;
10777 }
10778 if (sin->sin_family == AF_INET) {
10779 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr));
10780 } else if (sin->sin_family == AF_INET6) {
10781 /* We leave the scope the way it is in our lookup table. */
10782 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
10783 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr));
10784 } else {
10785 /* huh compiler bug */
10786 return (0);
10787 }
10788
10789 /*
10790 * JRS 5/14/07 - In CMT PF, the T3 timer is used to track
10791 * PF-heartbeats. Because of this, threshold management is done by
10792 * the t3 timer handler, and does not need to be done upon the send
10793 * of a PF-heartbeat. If CMT PF is on and the destination to which a
10794 * heartbeat is being sent is in PF state, do NOT do threshold
10795 * management.
10796 */
10797 if ((SCTP_BASE_SYSCTL(sctp_cmt_pf) == 0) || ((net->dest_state & SCTP_ADDR_PF) != SCTP_ADDR_PF)) {
10798 /* ok we have a destination that needs a beat */
10799 /* lets do the theshold management Qiaobing style */
10800 if (sctp_threshold_management(stcb->sctp_ep, stcb, net,
10801 stcb->asoc.max_send_times)) {
10802 /*-
10803 * we have lost the association, in a way this is
10804 * quite bad since we really are one less time since
10805 * we really did not send yet. This is the down side
10806 * to the Q's style as defined in the RFC and not my
10807 * alternate style defined in the RFC.
10808 */
10809 if (chk->data != NULL) {
10810 sctp_m_freem(chk->data);
10811 chk->data = NULL;
10812 }
10813 /*
10814 * Here we do NOT use the macro since the
10815 * association is now gone.
10816 */
10817 if (chk->whoTo) {
10818 sctp_free_remote_addr(chk->whoTo);
10819 chk->whoTo = NULL;
10820 }
10821 sctp_free_a_chunk((struct sctp_tcb *)NULL, chk);
10822 return (-1);
10823 }
10824 }
10825 net->hb_responded = 0;
10826 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
10827 stcb->asoc.ctrl_queue_cnt++;
10828 SCTP_STAT_INCR(sctps_sendheartbeat);
10829 /*-
10830 * Call directly med level routine to put out the chunk. It will
10831 * always tumble out control chunks aka HB but it may even tumble
10832 * out data too.
10833 */
10834 return (1);
10835}
10836
10837void
10838sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net,
10839 uint32_t high_tsn)
10840{
10841 struct sctp_association *asoc;
10842 struct sctp_ecne_chunk *ecne;
10843 struct sctp_tmit_chunk *chk;
10844
10845 asoc = &stcb->asoc;
10846 SCTP_TCB_LOCK_ASSERT(stcb);
10847 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
10848 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) {
10849 /* found a previous ECN_ECHO update it if needed */
10850 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
10851 ecne->tsn = htonl(high_tsn);
10852 return;
10853 }
10854 }
10855 /* nope could not find one to update so we must build one */
10856 sctp_alloc_a_chunk(stcb, chk);
10857 if (chk == NULL) {
10858 return;
10859 }
10860 chk->copy_by_ref = 0;
10861 SCTP_STAT_INCR(sctps_sendecne);
10862 chk->rec.chunk_id.id = SCTP_ECN_ECHO;
10863 chk->rec.chunk_id.can_take_data = 0;
10864 chk->asoc = &stcb->asoc;
10865 chk->send_size = sizeof(struct sctp_ecne_chunk);
10866 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER);
10867 if (chk->data == NULL) {
10868 sctp_free_a_chunk(stcb, chk);
10869 return;
10870 }
10871 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
10872 SCTP_BUF_LEN(chk->data) = chk->send_size;
10873 chk->sent = SCTP_DATAGRAM_UNSENT;
10874 chk->snd_count = 0;
10875 chk->whoTo = net;
10876 atomic_add_int(&chk->whoTo->ref_count, 1);
10877 stcb->asoc.ecn_echo_cnt_onq++;
10878 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
10879 ecne->ch.chunk_type = SCTP_ECN_ECHO;
10880 ecne->ch.chunk_flags = 0;
10881 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk));
10882 ecne->tsn = htonl(high_tsn);
10883 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
10884 asoc->ctrl_queue_cnt++;
10885}
10886
10887void
10888sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net,
10889 struct mbuf *m, int iphlen, int bad_crc)
10890{
10891 struct sctp_association *asoc;
10892 struct sctp_pktdrop_chunk *drp;
10893 struct sctp_tmit_chunk *chk;
10894 uint8_t *datap;
10895 int len;
10896 int was_trunc = 0;
10897 struct ip *iph;
10898
10899#ifdef INET6
10900 struct ip6_hdr *ip6h;
10901
10902#endif
10903 int fullsz = 0, extra = 0;
10904 long spc;
10905 int offset;
10906 struct sctp_chunkhdr *ch, chunk_buf;
10907 unsigned int chk_length;
10908
10909 if (!stcb) {
10910 return;
10911 }
10912 asoc = &stcb->asoc;
10913 SCTP_TCB_LOCK_ASSERT(stcb);
10914 if (asoc->peer_supports_pktdrop == 0) {
10915 /*-
10916 * peer must declare support before I send one.
10917 */
10918 return;
10919 }
10920 if (stcb->sctp_socket == NULL) {
10921 return;
10922 }
10923 sctp_alloc_a_chunk(stcb, chk);
10924 if (chk == NULL) {
10925 return;
10926 }
10927 chk->copy_by_ref = 0;
10928 iph = mtod(m, struct ip *);
10929 if (iph == NULL) {
10930 sctp_free_a_chunk(stcb, chk);
10931 return;
10932 }
10933 switch (iph->ip_v) {
10934 case IPVERSION:
10935 /* IPv4 */
10936 len = chk->send_size = iph->ip_len;
10937 break;
10938#ifdef INET6
10939 case IPV6_VERSION >> 4:
10940 /* IPv6 */
10941 ip6h = mtod(m, struct ip6_hdr *);
10942 len = chk->send_size = htons(ip6h->ip6_plen);
10943 break;
10944#endif
10945 default:
10946 return;
10947 }
10948 /* Validate that we do not have an ABORT in here. */
10949 offset = iphlen + sizeof(struct sctphdr);
10950 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
10951 sizeof(*ch), (uint8_t *) & chunk_buf);
10952 while (ch != NULL) {
10953 chk_length = ntohs(ch->chunk_length);
10954 if (chk_length < sizeof(*ch)) {
10955 /* break to abort land */
10956 break;
10957 }
10958 switch (ch->chunk_type) {
10959 case SCTP_PACKET_DROPPED:
10960 case SCTP_ABORT_ASSOCIATION:
10961 /*-
10962 * we don't respond with an PKT-DROP to an ABORT
10963 * or PKT-DROP
10964 */
10965 sctp_free_a_chunk(stcb, chk);
10966 return;
10967 default:
10968 break;
10969 }
10970 offset += SCTP_SIZE32(chk_length);
10971 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
10972 sizeof(*ch), (uint8_t *) & chunk_buf);
10973 }
10974
10975 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) >
10976 min(stcb->asoc.smallest_mtu, MCLBYTES)) {
10977 /*
10978 * only send 1 mtu worth, trim off the excess on the end.
10979 */
10980 fullsz = len - extra;
10981 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD;
10982 was_trunc = 1;
10983 }
10984 chk->asoc = &stcb->asoc;
10985 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
10986 if (chk->data == NULL) {
10987jump_out:
10988 sctp_free_a_chunk(stcb, chk);
10989 return;
10990 }
10991 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
10992 drp = mtod(chk->data, struct sctp_pktdrop_chunk *);
10993 if (drp == NULL) {
10994 sctp_m_freem(chk->data);
10995 chk->data = NULL;
10996 goto jump_out;
10997 }
10998 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) +
10999 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD));
11000 chk->book_size_scale = 0;
11001 if (was_trunc) {
11002 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED;
11003 drp->trunc_len = htons(fullsz);
11004 /*
11005 * Len is already adjusted to size minus overhead above take
11006 * out the pkt_drop chunk itself from it.
11007 */
11008 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk);
11009 len = chk->send_size;
11010 } else {
11011 /* no truncation needed */
11012 drp->ch.chunk_flags = 0;
11013 drp->trunc_len = htons(0);
11014 }
11015 if (bad_crc) {
11016 drp->ch.chunk_flags |= SCTP_BADCRC;
11017 }
11018 chk->send_size += sizeof(struct sctp_pktdrop_chunk);
11019 SCTP_BUF_LEN(chk->data) = chk->send_size;
11020 chk->sent = SCTP_DATAGRAM_UNSENT;
11021 chk->snd_count = 0;
11022 if (net) {
11023 /* we should hit here */
11024 chk->whoTo = net;
11025 } else {
11026 chk->whoTo = asoc->primary_destination;
11027 }
11028 atomic_add_int(&chk->whoTo->ref_count, 1);
11029 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED;
11030 chk->rec.chunk_id.can_take_data = 1;
11031 drp->ch.chunk_type = SCTP_PACKET_DROPPED;
11032 drp->ch.chunk_length = htons(chk->send_size);
11033 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket);
11034 if (spc < 0) {
11035 spc = 0;
11036 }
11037 drp->bottle_bw = htonl(spc);
11038 if (asoc->my_rwnd) {
11039 drp->current_onq = htonl(asoc->size_on_reasm_queue +
11040 asoc->size_on_all_streams +
11041 asoc->my_rwnd_control_len +
11042 stcb->sctp_socket->so_rcv.sb_cc);
11043 } else {
11044 /*-
11045 * If my rwnd is 0, possibly from mbuf depletion as well as
11046 * space used, tell the peer there is NO space aka onq == bw
11047 */
11048 drp->current_onq = htonl(spc);
11049 }
11050 drp->reserved = 0;
11051 datap = drp->data;
11052 m_copydata(m, iphlen, len, (caddr_t)datap);
11053 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
11054 asoc->ctrl_queue_cnt++;
11055}
11056
11057void
11058sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn)
11059{
11060 struct sctp_association *asoc;
11061 struct sctp_cwr_chunk *cwr;
11062 struct sctp_tmit_chunk *chk;
11063
11064 asoc = &stcb->asoc;
11065 SCTP_TCB_LOCK_ASSERT(stcb);
11066 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
11067 if (chk->rec.chunk_id.id == SCTP_ECN_CWR) {
11068 /* found a previous ECN_CWR update it if needed */
11069 cwr = mtod(chk->data, struct sctp_cwr_chunk *);
11070 if (compare_with_wrap(high_tsn, ntohl(cwr->tsn),
11071 MAX_TSN)) {
11072 cwr->tsn = htonl(high_tsn);
11073 }
11074 return;
11075 }
11076 }
11077 /* nope could not find one to update so we must build one */
11078 sctp_alloc_a_chunk(stcb, chk);
11079 if (chk == NULL) {
11080 return;
11081 }
11082 chk->copy_by_ref = 0;
11083 chk->rec.chunk_id.id = SCTP_ECN_CWR;
11084 chk->rec.chunk_id.can_take_data = 1;
11085 chk->asoc = &stcb->asoc;
11086 chk->send_size = sizeof(struct sctp_cwr_chunk);
11087 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER);
11088 if (chk->data == NULL) {
11089 sctp_free_a_chunk(stcb, chk);
11090 return;
11091 }
11092 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
11093 SCTP_BUF_LEN(chk->data) = chk->send_size;
11094 chk->sent = SCTP_DATAGRAM_UNSENT;
11095 chk->snd_count = 0;
11096 chk->whoTo = net;
11097 atomic_add_int(&chk->whoTo->ref_count, 1);
11098 cwr = mtod(chk->data, struct sctp_cwr_chunk *);
11099 cwr->ch.chunk_type = SCTP_ECN_CWR;
11100 cwr->ch.chunk_flags = 0;
11101 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk));
11102 cwr->tsn = htonl(high_tsn);
11103 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
11104 asoc->ctrl_queue_cnt++;
11105}
11106
11107void
11108sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk,
11109 int number_entries, uint16_t * list,
11110 uint32_t seq, uint32_t resp_seq, uint32_t last_sent)
11111{
11112 int len, old_len, i;
11113 struct sctp_stream_reset_out_request *req_out;
11114 struct sctp_chunkhdr *ch;
11115
11116 ch = mtod(chk->data, struct sctp_chunkhdr *);
11117
11118
11119 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11120
11121 /* get to new offset for the param. */
11122 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len);
11123 /* now how long will this param be? */
11124 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries));
11125 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST);
11126 req_out->ph.param_length = htons(len);
11127 req_out->request_seq = htonl(seq);
11128 req_out->response_seq = htonl(resp_seq);
11129 req_out->send_reset_at_tsn = htonl(last_sent);
11130 if (number_entries) {
11131 for (i = 0; i < number_entries; i++) {
11132 req_out->list_of_streams[i] = htons(list[i]);
11133 }
11134 }
11135 if (SCTP_SIZE32(len) > len) {
11136 /*-
11137 * Need to worry about the pad we may end up adding to the
11138 * end. This is easy since the struct is either aligned to 4
11139 * bytes or 2 bytes off.
11140 */
11141 req_out->list_of_streams[number_entries] = 0;
11142 }
11143 /* now fix the chunk length */
11144 ch->chunk_length = htons(len + old_len);
11145 chk->book_size = len + old_len;
11146 chk->book_size_scale = 0;
11147 chk->send_size = SCTP_SIZE32(chk->book_size);
11148 SCTP_BUF_LEN(chk->data) = chk->send_size;
11149 return;
11150}
11151
11152
11153void
11154sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk,
11155 int number_entries, uint16_t * list,
11156 uint32_t seq)
11157{
11158 int len, old_len, i;
11159 struct sctp_stream_reset_in_request *req_in;
11160 struct sctp_chunkhdr *ch;
11161
11162 ch = mtod(chk->data, struct sctp_chunkhdr *);
11163
11164
11165 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11166
11167 /* get to new offset for the param. */
11168 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len);
11169 /* now how long will this param be? */
11170 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries));
11171 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST);
11172 req_in->ph.param_length = htons(len);
11173 req_in->request_seq = htonl(seq);
11174 if (number_entries) {
11175 for (i = 0; i < number_entries; i++) {
11176 req_in->list_of_streams[i] = htons(list[i]);
11177 }
11178 }
11179 if (SCTP_SIZE32(len) > len) {
11180 /*-
11181 * Need to worry about the pad we may end up adding to the
11182 * end. This is easy since the struct is either aligned to 4
11183 * bytes or 2 bytes off.
11184 */
11185 req_in->list_of_streams[number_entries] = 0;
11186 }
11187 /* now fix the chunk length */
11188 ch->chunk_length = htons(len + old_len);
11189 chk->book_size = len + old_len;
11190 chk->book_size_scale = 0;
11191 chk->send_size = SCTP_SIZE32(chk->book_size);
11192 SCTP_BUF_LEN(chk->data) = chk->send_size;
11193 return;
11194}
11195
11196
11197void
11198sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk,
11199 uint32_t seq)
11200{
11201 int len, old_len;
11202 struct sctp_stream_reset_tsn_request *req_tsn;
11203 struct sctp_chunkhdr *ch;
11204
11205 ch = mtod(chk->data, struct sctp_chunkhdr *);
11206
11207
11208 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11209
11210 /* get to new offset for the param. */
11211 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len);
11212 /* now how long will this param be? */
11213 len = sizeof(struct sctp_stream_reset_tsn_request);
11214 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST);
11215 req_tsn->ph.param_length = htons(len);
11216 req_tsn->request_seq = htonl(seq);
11217
11218 /* now fix the chunk length */
11219 ch->chunk_length = htons(len + old_len);
11220 chk->send_size = len + old_len;
11221 chk->book_size = SCTP_SIZE32(chk->send_size);
11222 chk->book_size_scale = 0;
11223 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
11224 return;
11225}
11226
11227void
11228sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk,
11229 uint32_t resp_seq, uint32_t result)
11230{
11231 int len, old_len;
11232 struct sctp_stream_reset_response *resp;
11233 struct sctp_chunkhdr *ch;
11234
11235 ch = mtod(chk->data, struct sctp_chunkhdr *);
11236
11237
11238 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11239
11240 /* get to new offset for the param. */
11241 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len);
11242 /* now how long will this param be? */
11243 len = sizeof(struct sctp_stream_reset_response);
11244 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE);
11245 resp->ph.param_length = htons(len);
11246 resp->response_seq = htonl(resp_seq);
11247 resp->result = ntohl(result);
11248
11249 /* now fix the chunk length */
11250 ch->chunk_length = htons(len + old_len);
11251 chk->book_size = len + old_len;
11252 chk->book_size_scale = 0;
11253 chk->send_size = SCTP_SIZE32(chk->book_size);
11254 SCTP_BUF_LEN(chk->data) = chk->send_size;
11255 return;
11256
11257}
11258
11259
11260void
11261sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk,
11262 uint32_t resp_seq, uint32_t result,
11263 uint32_t send_una, uint32_t recv_next)
11264{
11265 int len, old_len;
11266 struct sctp_stream_reset_response_tsn *resp;
11267 struct sctp_chunkhdr *ch;
11268
11269 ch = mtod(chk->data, struct sctp_chunkhdr *);
11270
11271
11272 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11273
11274 /* get to new offset for the param. */
11275 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len);
11276 /* now how long will this param be? */
11277 len = sizeof(struct sctp_stream_reset_response_tsn);
11278 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE);
11279 resp->ph.param_length = htons(len);
11280 resp->response_seq = htonl(resp_seq);
11281 resp->result = htonl(result);
11282 resp->senders_next_tsn = htonl(send_una);
11283 resp->receivers_next_tsn = htonl(recv_next);
11284
11285 /* now fix the chunk length */
11286 ch->chunk_length = htons(len + old_len);
11287 chk->book_size = len + old_len;
11288 chk->send_size = SCTP_SIZE32(chk->book_size);
11289 chk->book_size_scale = 0;
11290 SCTP_BUF_LEN(chk->data) = chk->send_size;
11291 return;
11292}
11293
11294static void
11295sctp_add_a_stream(struct sctp_tmit_chunk *chk,
11296 uint32_t seq,
11297 uint16_t adding)
11298{
11299 int len, old_len;
11300 struct sctp_chunkhdr *ch;
11301 struct sctp_stream_reset_add_strm *addstr;
11302
11303 ch = mtod(chk->data, struct sctp_chunkhdr *);
11304 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
11305
11306 /* get to new offset for the param. */
11307 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len);
11308 /* now how long will this param be? */
11309 len = sizeof(struct sctp_stream_reset_add_strm);
11310
11311 /* Fill it out. */
11312 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_STREAMS);
11313 addstr->ph.param_length = htons(len);
11314 addstr->request_seq = htonl(seq);
11315 addstr->number_of_streams = htons(adding);
11316 addstr->reserved = 0;
11317
11318 /* now fix the chunk length */
11319 ch->chunk_length = htons(len + old_len);
11320 chk->send_size = len + old_len;
11321 chk->book_size = SCTP_SIZE32(chk->send_size);
11322 chk->book_size_scale = 0;
11323 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
11324 return;
11325}
11326
11327int
11328sctp_send_str_reset_req(struct sctp_tcb *stcb,
11329 int number_entries, uint16_t * list,
11330 uint8_t send_out_req,
11331 uint32_t resp_seq,
11332 uint8_t send_in_req,
11333 uint8_t send_tsn_req,
11334 uint8_t add_stream,
11335 uint16_t adding
11336)
11337{
11338
11339 struct sctp_association *asoc;
11340 struct sctp_tmit_chunk *chk;
11341 struct sctp_chunkhdr *ch;
11342 uint32_t seq;
11343
11344 asoc = &stcb->asoc;
11345 if (asoc->stream_reset_outstanding) {
11346 /*-
11347 * Already one pending, must get ACK back to clear the flag.
11348 */
11349 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY);
11350 return (EBUSY);
11351 }
11352 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0) &&
11353 (add_stream == 0)) {
11354 /* nothing to do */
11355 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
11356 return (EINVAL);
11357 }
11358 if (send_tsn_req && (send_out_req || send_in_req)) {
11359 /* error, can't do that */
11360 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
11361 return (EINVAL);
11362 }
11363 sctp_alloc_a_chunk(stcb, chk);
11364 if (chk == NULL) {
11365 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11366 return (ENOMEM);
11367 }
11368 chk->copy_by_ref = 0;
11369 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
11370 chk->rec.chunk_id.can_take_data = 0;
11371 chk->asoc = &stcb->asoc;
11372 chk->book_size = sizeof(struct sctp_chunkhdr);
11373 chk->send_size = SCTP_SIZE32(chk->book_size);
11374 chk->book_size_scale = 0;
11375
11376 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
11377 if (chk->data == NULL) {
11378 sctp_free_a_chunk(stcb, chk);
11379 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11380 return (ENOMEM);
11381 }
11382 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
11383
11384 /* setup chunk parameters */
11385 chk->sent = SCTP_DATAGRAM_UNSENT;
11386 chk->snd_count = 0;
11387 chk->whoTo = asoc->primary_destination;
11388 atomic_add_int(&chk->whoTo->ref_count, 1);
11389
11390 ch = mtod(chk->data, struct sctp_chunkhdr *);
11391 ch->chunk_type = SCTP_STREAM_RESET;
11392 ch->chunk_flags = 0;
11393 ch->chunk_length = htons(chk->book_size);
11394 SCTP_BUF_LEN(chk->data) = chk->send_size;
11395
11396 seq = stcb->asoc.str_reset_seq_out;
11397 if (send_out_req) {
11398 sctp_add_stream_reset_out(chk, number_entries, list,
11399 seq, resp_seq, (stcb->asoc.sending_seq - 1));
11400 asoc->stream_reset_out_is_outstanding = 1;
11401 seq++;
11402 asoc->stream_reset_outstanding++;
11403 }
11404 if (add_stream) {
11405 sctp_add_a_stream(chk, seq, adding);
11406 seq++;
11407 asoc->stream_reset_outstanding++;
11408 }
11409 if (send_in_req) {
11410 sctp_add_stream_reset_in(chk, number_entries, list, seq);
11411 asoc->stream_reset_outstanding++;
11412 }
11413 if (send_tsn_req) {
11414 sctp_add_stream_reset_tsn(chk, seq);
11415 asoc->stream_reset_outstanding++;
11416 }
11417 asoc->str_reset = chk;
11418
11419 /* insert the chunk for sending */
11420 TAILQ_INSERT_TAIL(&asoc->control_send_queue,
11421 chk,
11422 sctp_next);
11423 asoc->ctrl_queue_cnt++;
11424 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
11425 return (0);
11426}
11427
11428void
11429sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag,
11430 struct mbuf *err_cause, uint32_t vrf_id, uint16_t port)
11431{
11432 /*-
11433 * Formulate the abort message, and send it back down.
11434 */
11435 struct mbuf *o_pak;
11436 struct mbuf *mout;
11437 struct sctp_abort_msg *abm;
11438 struct ip *iph, *iph_out;
11439 struct udphdr *udp;
11440
11441#ifdef INET6
11442 struct ip6_hdr *ip6, *ip6_out;
11443
11444#endif
11445 int iphlen_out, len;
11446
11447 /* don't respond to ABORT with ABORT */
11448 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) {
11449 if (err_cause)
11450 sctp_m_freem(err_cause);
11451 return;
11452 }
11453 iph = mtod(m, struct ip *);
11454 switch (iph->ip_v) {
11455 case IPVERSION:
11456 len = (sizeof(struct ip) + sizeof(struct sctp_abort_msg));
11457 break;
11458#ifdef INET6
11459 case IPV6_VERSION >> 4:
11460 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_abort_msg));
11461 break;
11462#endif
11463 default:
11464 if (err_cause) {
11465 sctp_m_freem(err_cause);
11466 }
11467 return;
11468 }
11469 if (port) {
11470 len += sizeof(struct udphdr);
11471 }
11472 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA);
11473 if (mout == NULL) {
11474 if (err_cause) {
11475 sctp_m_freem(err_cause);
11476 }
11477 return;
11478 }
11479 SCTP_BUF_RESV_UF(mout, max_linkhdr);
11480 SCTP_BUF_LEN(mout) = len;
11481 SCTP_BUF_NEXT(mout) = err_cause;
11482 iph_out = NULL;
11483#ifdef INET6
11484 ip6_out = NULL;
11485#endif
11486 switch (iph->ip_v) {
11487 case IPVERSION:
11488 iph_out = mtod(mout, struct ip *);
11489
11490 /* Fill in the IP header for the ABORT */
11491 iph_out->ip_v = IPVERSION;
11492 iph_out->ip_hl = (sizeof(struct ip) / 4);
11493 iph_out->ip_tos = (u_char)0;
11494 iph_out->ip_id = 0;
11495 iph_out->ip_off = 0;
11496 iph_out->ip_ttl = MAXTTL;
11497 if (port) {
11498 iph_out->ip_p = IPPROTO_UDP;
11499 } else {
11500 iph_out->ip_p = IPPROTO_SCTP;
11501 }
11502 iph_out->ip_src.s_addr = iph->ip_dst.s_addr;
11503 iph_out->ip_dst.s_addr = iph->ip_src.s_addr;
11504 /* let IP layer calculate this */
11505 iph_out->ip_sum = 0;
11506
11507 iphlen_out = sizeof(*iph_out);
11508 abm = (struct sctp_abort_msg *)((caddr_t)iph_out + iphlen_out);
11509 break;
11510#ifdef INET6
11511 case IPV6_VERSION >> 4:
11512 ip6 = (struct ip6_hdr *)iph;
11513 ip6_out = mtod(mout, struct ip6_hdr *);
11514
11515 /* Fill in the IP6 header for the ABORT */
11516 ip6_out->ip6_flow = ip6->ip6_flow;
11517 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
11518 if (port) {
11519 ip6_out->ip6_nxt = IPPROTO_UDP;
11520 } else {
11521 ip6_out->ip6_nxt = IPPROTO_SCTP;
11522 }
11523 ip6_out->ip6_src = ip6->ip6_dst;
11524 ip6_out->ip6_dst = ip6->ip6_src;
11525
11526 iphlen_out = sizeof(*ip6_out);
11527 abm = (struct sctp_abort_msg *)((caddr_t)ip6_out + iphlen_out);
11528 break;
11529#endif /* INET6 */
11530 default:
11531 /* Currently not supported */
11532 sctp_m_freem(mout);
11533 return;
11534 }
11535
11536 udp = (struct udphdr *)abm;
11537 if (port) {
11538 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
11539 udp->uh_dport = port;
11540 /* set udp->uh_ulen later */
11541 udp->uh_sum = 0;
11542 iphlen_out += sizeof(struct udphdr);
11543 abm = (struct sctp_abort_msg *)((caddr_t)abm + sizeof(struct udphdr));
11544 }
11545 abm->sh.src_port = sh->dest_port;
11546 abm->sh.dest_port = sh->src_port;
11547 abm->sh.checksum = 0;
11548 if (vtag == 0) {
11549 abm->sh.v_tag = sh->v_tag;
11550 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB;
11551 } else {
11552 abm->sh.v_tag = htonl(vtag);
11553 abm->msg.ch.chunk_flags = 0;
11554 }
11555 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION;
11556
11557 if (err_cause) {
11558 struct mbuf *m_tmp = err_cause;
11559 int err_len = 0;
11560
11561 /* get length of the err_cause chain */
11562 while (m_tmp != NULL) {
11563 err_len += SCTP_BUF_LEN(m_tmp);
11564 m_tmp = SCTP_BUF_NEXT(m_tmp);
11565 }
11566 len = SCTP_BUF_LEN(mout) + err_len;
11567 if (err_len % 4) {
11568 /* need pad at end of chunk */
11569 uint32_t cpthis = 0;
11570 int padlen;
11571
11572 padlen = 4 - (len % 4);
11573 m_copyback(mout, len, padlen, (caddr_t)&cpthis);
11574 len += padlen;
11575 }
11576 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len);
11577 } else {
11578 len = SCTP_BUF_LEN(mout);
11579 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch));
11580 }
11581
11582 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
11583 /* no mbuf's */
11584 sctp_m_freem(mout);
11585 return;
11586 }
11587 if (iph_out != NULL) {
11588 sctp_route_t ro;
11589 struct sctp_tcb *stcb = NULL;
11590 int ret;
11591
11592 /* zap the stack pointer to the route */
11593 bzero(&ro, sizeof ro);
11594 if (port) {
11595 udp->uh_ulen = htons(len - sizeof(struct ip));
11596 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
11597 }
11598 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip_output:\n");
11599 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, iph_out, &abm->sh);
11600 /* set IPv4 length */
11601 iph_out->ip_len = len;
11602 /* out it goes */
11603#ifdef SCTP_PACKET_LOGGING
11604 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11605 sctp_packet_log(mout, len);
11606#endif
11607 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11608 if (port) {
11609 abm->sh.checksum = sctp_calculate_cksum(mout, iphlen_out);
11610 SCTP_STAT_INCR(sctps_sendswcrc);
11611 SCTP_ENABLE_UDP_CSUM(o_pak);
11612 } else {
11613 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11614 mout->m_pkthdr.csum_data = 0;
11615 SCTP_STAT_INCR(sctps_sendhwcrc);
11616 }
11617 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id);
11618
11619 /* Free the route if we got one back */
11620 if (ro.ro_rt)
11621 RTFREE(ro.ro_rt);
11622 }
11623#ifdef INET6
11624 if (ip6_out != NULL) {
11625 struct route_in6 ro;
11626 int ret;
11627 struct sctp_tcb *stcb = NULL;
11628 struct ifnet *ifp = NULL;
11629
11630 /* zap the stack pointer to the route */
11631 bzero(&ro, sizeof(ro));
11632 if (port) {
11633 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr));
11634 }
11635 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip6_output:\n");
11636 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, (struct ip *)ip6_out, &abm->sh);
11637 ip6_out->ip6_plen = len - sizeof(*ip6_out);
11638#ifdef SCTP_PACKET_LOGGING
11639 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11640 sctp_packet_log(mout, len);
11641#endif
11642 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11643 if (port) {
11644 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11645 (stcb) &&
11646 (stcb->asoc.loopback_scope))) {
11647 abm->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
11648 SCTP_STAT_INCR(sctps_sendswcrc);
11649 } else {
11650 SCTP_STAT_INCR(sctps_sendnocrc);
11651 }
11652 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) {
11653 udp->uh_sum = 0xffff;
11654 }
11655 } else {
11656 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11657 (stcb) &&
11658 (stcb->asoc.loopback_scope))) {
11659 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11660 mout->m_pkthdr.csum_data = 0;
11661 SCTP_STAT_INCR(sctps_sendhwcrc);
11662 } else {
11663 SCTP_STAT_INCR(sctps_sendnocrc);
11664 }
11665 }
11666 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id);
11667
11668 /* Free the route if we got one back */
11669 if (ro.ro_rt)
11670 RTFREE(ro.ro_rt);
11671 }
11672#endif
11673 SCTP_STAT_INCR(sctps_sendpackets);
11674 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
11675 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
11676}
11677
11678void
11679sctp_send_operr_to(struct mbuf *m, int iphlen, struct mbuf *scm, uint32_t vtag,
11680 uint32_t vrf_id, uint16_t port)
11681{
11682 struct mbuf *o_pak;
11683 struct sctphdr *sh, *sh_out;
11684 struct sctp_chunkhdr *ch;
11685 struct ip *iph, *iph_out;
11686 struct udphdr *udp = NULL;
11687 struct mbuf *mout;
11688
11689#ifdef INET6
11690 struct ip6_hdr *ip6, *ip6_out;
11691
11692#endif
11693 int iphlen_out, len;
11694
11695 iph = mtod(m, struct ip *);
11696 sh = (struct sctphdr *)((caddr_t)iph + iphlen);
11697 switch (iph->ip_v) {
11698 case IPVERSION:
11699 len = (sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr));
11700 break;
11701#ifdef INET6
11702 case IPV6_VERSION >> 4:
11703 len = (sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr));
11704 break;
11705#endif
11706 default:
11707 if (scm) {
11708 sctp_m_freem(scm);
11709 }
11710 return;
11711 }
11712 if (port) {
11713 len += sizeof(struct udphdr);
11714 }
11715 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA);
11716 if (mout == NULL) {
11717 if (scm) {
11718 sctp_m_freem(scm);
11719 }
11720 return;
11721 }
11722 SCTP_BUF_RESV_UF(mout, max_linkhdr);
11723 SCTP_BUF_LEN(mout) = len;
11724 SCTP_BUF_NEXT(mout) = scm;
11725 iph_out = NULL;
11726#ifdef INET6
11727 ip6_out = NULL;
11728#endif
11729 switch (iph->ip_v) {
11730 case IPVERSION:
11731 iph_out = mtod(mout, struct ip *);
11732
11733 /* Fill in the IP header for the ABORT */
11734 iph_out->ip_v = IPVERSION;
11735 iph_out->ip_hl = (sizeof(struct ip) / 4);
11736 iph_out->ip_tos = (u_char)0;
11737 iph_out->ip_id = 0;
11738 iph_out->ip_off = 0;
11739 iph_out->ip_ttl = MAXTTL;
11740 if (port) {
11741 iph_out->ip_p = IPPROTO_UDP;
11742 } else {
11743 iph_out->ip_p = IPPROTO_SCTP;
11744 }
11745 iph_out->ip_src.s_addr = iph->ip_dst.s_addr;
11746 iph_out->ip_dst.s_addr = iph->ip_src.s_addr;
11747 /* let IP layer calculate this */
11748 iph_out->ip_sum = 0;
11749
11750 iphlen_out = sizeof(struct ip);
11751 sh_out = (struct sctphdr *)((caddr_t)iph_out + iphlen_out);
11752 break;
11753#ifdef INET6
11754 case IPV6_VERSION >> 4:
11755 ip6 = (struct ip6_hdr *)iph;
11756 ip6_out = mtod(mout, struct ip6_hdr *);
11757
11758 /* Fill in the IP6 header for the ABORT */
11759 ip6_out->ip6_flow = ip6->ip6_flow;
11760 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
11761 if (port) {
11762 ip6_out->ip6_nxt = IPPROTO_UDP;
11763 } else {
11764 ip6_out->ip6_nxt = IPPROTO_SCTP;
11765 }
11766 ip6_out->ip6_src = ip6->ip6_dst;
11767 ip6_out->ip6_dst = ip6->ip6_src;
11768
11769 iphlen_out = sizeof(struct ip6_hdr);
11770 sh_out = (struct sctphdr *)((caddr_t)ip6_out + iphlen_out);
11771 break;
11772#endif /* INET6 */
11773 default:
11774 /* Currently not supported */
11775 sctp_m_freem(mout);
11776 return;
11777 }
11778
11779 udp = (struct udphdr *)sh_out;
11780 if (port) {
11781 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
11782 udp->uh_dport = port;
11783 /* set udp->uh_ulen later */
11784 udp->uh_sum = 0;
11785 iphlen_out += sizeof(struct udphdr);
11786 sh_out = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
11787 }
11788 sh_out->src_port = sh->dest_port;
11789 sh_out->dest_port = sh->src_port;
11790 sh_out->v_tag = vtag;
11791 sh_out->checksum = 0;
11792
11793 ch = (struct sctp_chunkhdr *)((caddr_t)sh_out + sizeof(struct sctphdr));
11794 ch->chunk_type = SCTP_OPERATION_ERROR;
11795 ch->chunk_flags = 0;
11796
11797 if (scm) {
11798 struct mbuf *m_tmp = scm;
11799 int cause_len = 0;
11800
11801 /* get length of the err_cause chain */
11802 while (m_tmp != NULL) {
11803 cause_len += SCTP_BUF_LEN(m_tmp);
11804 m_tmp = SCTP_BUF_NEXT(m_tmp);
11805 }
11806 len = SCTP_BUF_LEN(mout) + cause_len;
11807 if (cause_len % 4) {
11808 /* need pad at end of chunk */
11809 uint32_t cpthis = 0;
11810 int padlen;
11811
11812 padlen = 4 - (len % 4);
11813 m_copyback(mout, len, padlen, (caddr_t)&cpthis);
11814 len += padlen;
11815 }
11816 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len);
11817 } else {
11818 len = SCTP_BUF_LEN(mout);
11819 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr));
11820 }
11821
11822 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
11823 /* no mbuf's */
11824 sctp_m_freem(mout);
11825 return;
11826 }
11827 if (iph_out != NULL) {
11828 sctp_route_t ro;
11829 struct sctp_tcb *stcb = NULL;
11830 int ret;
11831
11832 /* zap the stack pointer to the route */
11833 bzero(&ro, sizeof ro);
11834 if (port) {
11835 udp->uh_ulen = htons(len - sizeof(struct ip));
11836 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
11837 }
11838 /* set IPv4 length */
11839 iph_out->ip_len = len;
11840 /* out it goes */
11841#ifdef SCTP_PACKET_LOGGING
11842 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11843 sctp_packet_log(mout, len);
11844#endif
11845 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11846 if (port) {
11847 sh_out->checksum = sctp_calculate_cksum(mout, iphlen_out);
11848 SCTP_STAT_INCR(sctps_sendswcrc);
11849 SCTP_ENABLE_UDP_CSUM(o_pak);
11850 } else {
11851 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11852 mout->m_pkthdr.csum_data = 0;
11853 SCTP_STAT_INCR(sctps_sendhwcrc);
11854 }
11855 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id);
11856
11857 /* Free the route if we got one back */
11858 if (ro.ro_rt)
11859 RTFREE(ro.ro_rt);
11860 }
11861#ifdef INET6
11862 if (ip6_out != NULL) {
11863 struct route_in6 ro;
11864 int ret;
11865 struct sctp_tcb *stcb = NULL;
11866 struct ifnet *ifp = NULL;
11867
11868 /* zap the stack pointer to the route */
11869 bzero(&ro, sizeof(ro));
11870 if (port) {
11871 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr));
11872 }
11873 ip6_out->ip6_plen = len - sizeof(*ip6_out);
11874#ifdef SCTP_PACKET_LOGGING
11875 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
11876 sctp_packet_log(mout, len);
11877#endif
11878 SCTP_ATTACH_CHAIN(o_pak, mout, len);
11879 if (port) {
11880 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11881 (stcb) &&
11882 (stcb->asoc.loopback_scope))) {
11883 sh_out->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
11884 SCTP_STAT_INCR(sctps_sendswcrc);
11885 } else {
11886 SCTP_STAT_INCR(sctps_sendnocrc);
11887 }
11888 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) {
11889 udp->uh_sum = 0xffff;
11890 }
11891 } else {
11892 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
11893 (stcb) &&
11894 (stcb->asoc.loopback_scope))) {
11895 mout->m_pkthdr.csum_flags = CSUM_SCTP;
11896 mout->m_pkthdr.csum_data = 0;
11897 SCTP_STAT_INCR(sctps_sendhwcrc);
11898 } else {
11899 SCTP_STAT_INCR(sctps_sendnocrc);
11900 }
11901 }
11902 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id);
11903
11904 /* Free the route if we got one back */
11905 if (ro.ro_rt)
11906 RTFREE(ro.ro_rt);
11907 }
11908#endif
11909 SCTP_STAT_INCR(sctps_sendpackets);
11910 SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
11911 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
11912}
11913
11914static struct mbuf *
11915sctp_copy_resume(struct sctp_stream_queue_pending *sp,
11916 struct uio *uio,
11917 struct sctp_sndrcvinfo *srcv,
11918 int max_send_len,
11919 int user_marks_eor,
11920 int *error,
11921 uint32_t * sndout,
11922 struct mbuf **new_tail)
11923{
11924 struct mbuf *m;
11925
11926 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0,
11927 (M_PKTHDR | (user_marks_eor ? M_EOR : 0)));
11928 if (m == NULL) {
11929 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11930 *error = ENOMEM;
11931 } else {
11932 *sndout = m_length(m, NULL);
11933 *new_tail = m_last(m);
11934 }
11935 return (m);
11936}
11937
11938static int
11939sctp_copy_one(struct sctp_stream_queue_pending *sp,
11940 struct uio *uio,
11941 int resv_upfront)
11942{
11943 int left;
11944
11945 left = sp->length;
11946 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length,
11947 resv_upfront, 0);
11948 if (sp->data == NULL) {
11949 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11950 return (ENOMEM);
11951 }
11952 sp->tail_mbuf = m_last(sp->data);
11953 return (0);
11954}
11955
11956
11957
11958static struct sctp_stream_queue_pending *
11959sctp_copy_it_in(struct sctp_tcb *stcb,
11960 struct sctp_association *asoc,
11961 struct sctp_sndrcvinfo *srcv,
11962 struct uio *uio,
11963 struct sctp_nets *net,
11964 int max_send_len,
11965 int user_marks_eor,
11966 int *error,
11967 int non_blocking)
11968{
11969 /*-
11970 * This routine must be very careful in its work. Protocol
11971 * processing is up and running so care must be taken to spl...()
11972 * when you need to do something that may effect the stcb/asoc. The
11973 * sb is locked however. When data is copied the protocol processing
11974 * should be enabled since this is a slower operation...
11975 */
11976 struct sctp_stream_queue_pending *sp = NULL;
11977 int resv_in_first;
11978
11979 *error = 0;
11980 /* Now can we send this? */
11981 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) ||
11982 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
11983 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
11984 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
11985 /* got data while shutting down */
11986 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
11987 *error = ECONNRESET;
11988 goto out_now;
11989 }
11990 sctp_alloc_a_strmoq(stcb, sp);
11991 if (sp == NULL) {
11992 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
11993 *error = ENOMEM;
11994 goto out_now;
11995 }
11996 sp->act_flags = 0;
11997 sp->sender_all_done = 0;
11998 sp->sinfo_flags = srcv->sinfo_flags;
11999 sp->timetolive = srcv->sinfo_timetolive;
12000 sp->ppid = srcv->sinfo_ppid;
12001 sp->context = srcv->sinfo_context;
12002 sp->strseq = 0;
12003 (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
12004
12005 sp->stream = srcv->sinfo_stream;
12006 sp->length = min(uio->uio_resid, max_send_len);
12007 if ((sp->length == (uint32_t) uio->uio_resid) &&
12008 ((user_marks_eor == 0) ||
12009 (srcv->sinfo_flags & SCTP_EOF) ||
12010 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
12011 sp->msg_is_complete = 1;
12012 } else {
12013 sp->msg_is_complete = 0;
12014 }
12015 sp->sender_all_done = 0;
12016 sp->some_taken = 0;
12017 sp->put_last_out = 0;
12018 resv_in_first = sizeof(struct sctp_data_chunk);
12019 sp->data = sp->tail_mbuf = NULL;
12020 if (sp->length == 0) {
12021 *error = 0;
12022 goto skip_copy;
12023 }
12024 sp->auth_keyid = stcb->asoc.authinfo.active_keyid;
12025 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) {
12026 sctp_auth_key_acquire(stcb, stcb->asoc.authinfo.active_keyid);
12027 sp->holds_key_ref = 1;
12028 }
12029 *error = sctp_copy_one(sp, uio, resv_in_first);
12030skip_copy:
12031 if (*error) {
12032 sctp_free_a_strmoq(stcb, sp);
12033 sp = NULL;
12034 } else {
12035 if (sp->sinfo_flags & SCTP_ADDR_OVER) {
12036 sp->net = net;
12037 } else {
12038 sp->net = asoc->primary_destination;
12039 }
12040 atomic_add_int(&sp->net->ref_count, 1);
12041 sctp_set_prsctp_policy(sp);
12042 }
12043out_now:
12044 return (sp);
12045}
12046
12047
12048int
12049sctp_sosend(struct socket *so,
12050 struct sockaddr *addr,
12051 struct uio *uio,
12052 struct mbuf *top,
12053 struct mbuf *control,
12054 int flags,
12055 struct thread *p
12056)
12057{
12058 struct sctp_inpcb *inp;
12059 int error, use_rcvinfo = 0;
12060 struct sctp_sndrcvinfo srcv;
12061 struct sockaddr *addr_to_use;
12062
12063#ifdef INET6
12064 struct sockaddr_in sin;
12065
12066#endif
12067
12068 inp = (struct sctp_inpcb *)so->so_pcb;
12069 if (control) {
12070 /* process cmsg snd/rcv info (maybe a assoc-id) */
12071 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control,
12072 sizeof(srcv))) {
12073 /* got one */
12074 use_rcvinfo = 1;
12075 }
12076 }
12077 addr_to_use = addr;
12078#if defined(INET6) && !defined(__Userspace__) /* TODO port in6_sin6_2_sin */
12079 if ((addr) && (addr->sa_family == AF_INET6)) {
12080 struct sockaddr_in6 *sin6;
12081
12082 sin6 = (struct sockaddr_in6 *)addr;
12083 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
12084 in6_sin6_2_sin(&sin, sin6);
12085 addr_to_use = (struct sockaddr *)&sin;
12086 }
12087 }
12088#endif
12089 error = sctp_lower_sosend(so, addr_to_use, uio, top,
12090 control,
12091 flags,
12092 use_rcvinfo, &srcv
12093 ,p
12094 );
12095 return (error);
12096}
12097
12098
12099int
12100sctp_lower_sosend(struct socket *so,
12101 struct sockaddr *addr,
12102 struct uio *uio,
12103 struct mbuf *i_pak,
12104 struct mbuf *control,
12105 int flags,
12106 int use_rcvinfo,
12107 struct sctp_sndrcvinfo *srcv
12108 ,
12109 struct thread *p
12110)
12111{
12112 unsigned int sndlen = 0, max_len;
12113 int error, len;
12114 struct mbuf *top = NULL;
12115 int queue_only = 0, queue_only_for_init = 0;
12116 int free_cnt_applied = 0;
12117 int un_sent = 0;
12118 int now_filled = 0;
12119 unsigned int inqueue_bytes = 0;
12120 struct sctp_block_entry be;
12121 struct sctp_inpcb *inp;
12122 struct sctp_tcb *stcb = NULL;
12123 struct timeval now;
12124 struct sctp_nets *net;
12125 struct sctp_association *asoc;
12126 struct sctp_inpcb *t_inp;
12127 int user_marks_eor;
12128 int create_lock_applied = 0;
12129 int nagle_applies = 0;
12130 int some_on_control = 0;
12131 int got_all_of_the_send = 0;
12132 int hold_tcblock = 0;
12133 int non_blocking = 0;
12134 int temp_flags = 0;
12135 uint32_t local_add_more, local_soresv = 0;
12136
12137 error = 0;
12138 net = NULL;
12139 stcb = NULL;
12140 asoc = NULL;
12141
12142 t_inp = inp = (struct sctp_inpcb *)so->so_pcb;
12143 if (inp == NULL) {
12144 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12145 error = EINVAL;
12146 if (i_pak) {
12147 SCTP_RELEASE_PKT(i_pak);
12148 }
12149 return (error);
12150 }
12151 if ((uio == NULL) && (i_pak == NULL)) {
12152 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12153 return (EINVAL);
12154 }
12155 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR);
12156 atomic_add_int(&inp->total_sends, 1);
12157 if (uio) {
12158 if (uio->uio_resid < 0) {
12159 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12160 return (EINVAL);
12161 }
12162 sndlen = uio->uio_resid;
12163 } else {
12164 top = SCTP_HEADER_TO_CHAIN(i_pak);
12165 sndlen = SCTP_HEADER_LEN(i_pak);
12166 }
12167 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n",
12168 addr,
12169 sndlen);
12170 /*-
12171 * Pre-screen address, if one is given the sin-len
12172 * must be set correctly!
12173 */
12174 if (addr) {
12175 if ((addr->sa_family == AF_INET) &&
12176 (addr->sa_len != sizeof(struct sockaddr_in))) {
12177 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12178 error = EINVAL;
12179 goto out_unlocked;
12180 } else if ((addr->sa_family == AF_INET6) &&
12181 (addr->sa_len != sizeof(struct sockaddr_in6))) {
12182 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12183 error = EINVAL;
12184 goto out_unlocked;
12185 }
12186 }
12187 hold_tcblock = 0;
12188
12189 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
12190 (inp->sctp_socket->so_qlimit)) {
12191 /* The listener can NOT send */
12192 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12193 error = ENOTCONN;
12194 goto out_unlocked;
12195 }
12196 if ((use_rcvinfo) && srcv) {
12197 if (INVALID_SINFO_FLAG(srcv->sinfo_flags) ||
12198 PR_SCTP_INVALID_POLICY(srcv->sinfo_flags)) {
12199 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12200 error = EINVAL;
12201 goto out_unlocked;
12202 }
12203 if (srcv->sinfo_flags)
12204 SCTP_STAT_INCR(sctps_sends_with_flags);
12205
12206 if (srcv->sinfo_flags & SCTP_SENDALL) {
12207 /* its a sendall */
12208 error = sctp_sendall(inp, uio, top, srcv);
12209 top = NULL;
12210 goto out_unlocked;
12211 }
12212 }
12213 /* now we must find the assoc */
12214 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) ||
12215 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
12216 SCTP_INP_RLOCK(inp);
12217 stcb = LIST_FIRST(&inp->sctp_asoc_list);
12218 if (stcb == NULL) {
12219 SCTP_INP_RUNLOCK(inp);
12220 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12221 error = ENOTCONN;
12222 goto out_unlocked;
12223 }
12224 SCTP_TCB_LOCK(stcb);
12225 hold_tcblock = 1;
12226 SCTP_INP_RUNLOCK(inp);
12227 if (addr) {
12228 /* Must locate the net structure if addr given */
12229 net = sctp_findnet(stcb, addr);
12230 if (net) {
12231 /* validate port was 0 or correct */
12232 struct sockaddr_in *sin;
12233
12234 sin = (struct sockaddr_in *)addr;
12235 if ((sin->sin_port != 0) &&
12236 (sin->sin_port != stcb->rport)) {
12237 net = NULL;
12238 }
12239 }
12240 temp_flags |= SCTP_ADDR_OVER;
12241 } else
12242 net = stcb->asoc.primary_destination;
12243 if (addr && (net == NULL)) {
12244 /* Could not find address, was it legal */
12245 if (addr->sa_family == AF_INET) {
12246 struct sockaddr_in *sin;
12247
12248 sin = (struct sockaddr_in *)addr;
12249 if (sin->sin_addr.s_addr == 0) {
12250 if ((sin->sin_port == 0) ||
12251 (sin->sin_port == stcb->rport)) {
12252 net = stcb->asoc.primary_destination;
12253 }
12254 }
12255 } else {
12256 struct sockaddr_in6 *sin6;
12257
12258 sin6 = (struct sockaddr_in6 *)addr;
12259 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
12260 if ((sin6->sin6_port == 0) ||
12261 (sin6->sin6_port == stcb->rport)) {
12262 net = stcb->asoc.primary_destination;
12263 }
12264 }
12265 }
12266 }
12267 if (net == NULL) {
12268 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12269 error = EINVAL;
12270 goto out_unlocked;
12271 }
12272 } else if (use_rcvinfo && srcv && srcv->sinfo_assoc_id) {
12273 stcb = sctp_findassociation_ep_asocid(inp, srcv->sinfo_assoc_id, 0);
12274 if (stcb) {
12275 if (addr)
12276 /*
12277 * Must locate the net structure if addr
12278 * given
12279 */
12280 net = sctp_findnet(stcb, addr);
12281 else
12282 net = stcb->asoc.primary_destination;
12283 if ((srcv->sinfo_flags & SCTP_ADDR_OVER) &&
12284 ((net == NULL) || (addr == NULL))) {
12285 struct sockaddr_in *sin;
12286
12287 if (addr == NULL) {
12288 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12289 error = EINVAL;
12290 goto out_unlocked;
12291 }
12292 sin = (struct sockaddr_in *)addr;
12293 /* Validate port is 0 or correct */
12294 if ((sin->sin_port != 0) &&
12295 (sin->sin_port != stcb->rport)) {
12296 net = NULL;
12297 }
12298 }
12299 }
12300 hold_tcblock = 0;
12301 } else if (addr) {
12302 /*-
12303 * Since we did not use findep we must
12304 * increment it, and if we don't find a tcb
12305 * decrement it.
12306 */
12307 SCTP_INP_WLOCK(inp);
12308 SCTP_INP_INCR_REF(inp);
12309 SCTP_INP_WUNLOCK(inp);
12310 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL);
12311 if (stcb == NULL) {
12312 SCTP_INP_WLOCK(inp);
12313 SCTP_INP_DECR_REF(inp);
12314 SCTP_INP_WUNLOCK(inp);
12315 } else {
12316 hold_tcblock = 1;
12317 }
12318 }
12319 if ((stcb == NULL) && (addr)) {
12320 /* Possible implicit send? */
12321 SCTP_ASOC_CREATE_LOCK(inp);
12322 create_lock_applied = 1;
12323 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
12324 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
12325 /* Should I really unlock ? */
12326 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12327 error = EINVAL;
12328 goto out_unlocked;
12329
12330 }
12331 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) &&
12332 (addr->sa_family == AF_INET6)) {
12333 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12334 error = EINVAL;
12335 goto out_unlocked;
12336 }
12337 SCTP_INP_WLOCK(inp);
12338 SCTP_INP_INCR_REF(inp);
12339 SCTP_INP_WUNLOCK(inp);
12340 /* With the lock applied look again */
12341 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL);
12342 if (stcb == NULL) {
12343 SCTP_INP_WLOCK(inp);
12344 SCTP_INP_DECR_REF(inp);
12345 SCTP_INP_WUNLOCK(inp);
12346 } else {
12347 hold_tcblock = 1;
12348 }
12349 if (t_inp != inp) {
12350 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12351 error = ENOTCONN;
12352 goto out_unlocked;
12353 }
12354 }
12355 if (stcb == NULL) {
12356 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
12357 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
12358 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN);
12359 error = ENOTCONN;
12360 goto out_unlocked;
12361 }
12362 if (addr == NULL) {
12363 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT);
12364 error = ENOENT;
12365 goto out_unlocked;
12366 } else {
12367 /*
12368 * UDP style, we must go ahead and start the INIT
12369 * process
12370 */
12371 uint32_t vrf_id;
12372
12373 if ((use_rcvinfo) && (srcv) &&
12374 ((srcv->sinfo_flags & SCTP_ABORT) ||
12375 ((srcv->sinfo_flags & SCTP_EOF) &&
12376 (sndlen == 0)))) {
12377 /*-
12378 * User asks to abort a non-existant assoc,
12379 * or EOF a non-existant assoc with no data
12380 */
12381 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT);
12382 error = ENOENT;
12383 goto out_unlocked;
12384 }
12385 /* get an asoc/stcb struct */
12386 vrf_id = inp->def_vrf_id;
12387#ifdef INVARIANTS
12388 if (create_lock_applied == 0) {
12389 panic("Error, should hold create lock and I don't?");
12390 }
12391#endif
12392 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id,
12393 p
12394 );
12395 if (stcb == NULL) {
12396 /* Error is setup for us in the call */
12397 goto out_unlocked;
12398 }
12399 if (create_lock_applied) {
12400 SCTP_ASOC_CREATE_UNLOCK(inp);
12401 create_lock_applied = 0;
12402 } else {
12403 SCTP_PRINTF("Huh-3? create lock should have been on??\n");
12404 }
12405 /*
12406 * Turn on queue only flag to prevent data from
12407 * being sent
12408 */
12409 queue_only = 1;
12410 asoc = &stcb->asoc;
12411 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT);
12412 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
12413
12414 /* initialize authentication params for the assoc */
12415 sctp_initialize_auth_params(inp, stcb);
12416
12417 if (control) {
12418 /*
12419 * see if a init structure exists in cmsg
12420 * headers
12421 */
12422 struct sctp_initmsg initm;
12423 int i;
12424
12425 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control,
12426 sizeof(initm))) {
12427 /*
12428 * we have an INIT override of the
12429 * default
12430 */
12431 if (initm.sinit_max_attempts)
12432 asoc->max_init_times = initm.sinit_max_attempts;
12433 if (initm.sinit_num_ostreams)
12434 asoc->pre_open_streams = initm.sinit_num_ostreams;
12435 if (initm.sinit_max_instreams)
12436 asoc->max_inbound_streams = initm.sinit_max_instreams;
12437 if (initm.sinit_max_init_timeo)
12438 asoc->initial_init_rto_max = initm.sinit_max_init_timeo;
12439 if (asoc->streamoutcnt < asoc->pre_open_streams) {
12440 struct sctp_stream_out *tmp_str;
12441 int had_lock = 0;
12442
12443 /* Default is NOT correct */
12444 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, defout:%d pre_open:%d\n",
12445 asoc->streamoutcnt, asoc->pre_open_streams);
12446 /*
12447 * What happens if this
12448 * fails? we panic ...
12449 */
12450
12451 if (hold_tcblock) {
12452 had_lock = 1;
12453 SCTP_TCB_UNLOCK(stcb);
12454 }
12455 SCTP_MALLOC(tmp_str,
12456 struct sctp_stream_out *,
12457 (asoc->pre_open_streams *
12458 sizeof(struct sctp_stream_out)),
12459 SCTP_M_STRMO);
12460 if (had_lock) {
12461 SCTP_TCB_LOCK(stcb);
12462 }
12463 if (tmp_str != NULL) {
12464 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
12465 asoc->strmout = tmp_str;
12466 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams;
12467 } else {
12468 asoc->pre_open_streams = asoc->streamoutcnt;
12469 }
12470 for (i = 0; i < asoc->streamoutcnt; i++) {
12471 /*-
12472 * inbound side must be set
12473 * to 0xffff, also NOTE when
12474 * we get the INIT-ACK back
12475 * (for INIT sender) we MUST
12476 * reduce the count
12477 * (streamoutcnt) but first
12478 * check if we sent to any
12479 * of the upper streams that
12480 * were dropped (if some
12481 * were). Those that were
12482 * dropped must be notified
12483 * to the upper layer as
12484 * failed to send.
12485 */
12486 asoc->strmout[i].next_sequence_sent = 0x0;
12487 TAILQ_INIT(&asoc->strmout[i].outqueue);
12488 asoc->strmout[i].stream_no = i;
12489 asoc->strmout[i].last_msg_incomplete = 0;
12490 asoc->strmout[i].next_spoke.tqe_next = 0;
12491 asoc->strmout[i].next_spoke.tqe_prev = 0;
12492 }
12493 }
12494 }
12495 }
12496 hold_tcblock = 1;
12497 /* out with the INIT */
12498 queue_only_for_init = 1;
12499 /*-
12500 * we may want to dig in after this call and adjust the MTU
12501 * value. It defaulted to 1500 (constant) but the ro
12502 * structure may now have an update and thus we may need to
12503 * change it BEFORE we append the message.
12504 */
12505 net = stcb->asoc.primary_destination;
12506 asoc = &stcb->asoc;
12507 }
12508 }
12509 if ((SCTP_SO_IS_NBIO(so)
12510 || (flags & MSG_NBIO)
12511 )) {
12512 non_blocking = 1;
12513 }
12514 asoc = &stcb->asoc;
12515 atomic_add_int(&stcb->total_sends, 1);
12516
12517 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) {
12518 if (sndlen > asoc->smallest_mtu) {
12519 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
12520 error = EMSGSIZE;
12521 goto out_unlocked;
12522 }
12523 }
12524 /* would we block? */
12525 if (non_blocking) {
12526 if (hold_tcblock == 0) {
12527 SCTP_TCB_LOCK(stcb);
12528 hold_tcblock = 1;
12529 }
12530 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12531 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) ||
12532 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
12533 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK);
12534 if (sndlen > SCTP_SB_LIMIT_SND(so))
12535 error = EMSGSIZE;
12536 else
12537 error = EWOULDBLOCK;
12538 goto out_unlocked;
12539 }
12540 stcb->asoc.sb_send_resv += sndlen;
12541 SCTP_TCB_UNLOCK(stcb);
12542 hold_tcblock = 0;
12543 } else {
12544 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen);
12545 }
12546 local_soresv = sndlen;
12547 /* Keep the stcb from being freed under our feet */
12548 if (free_cnt_applied) {
12549#ifdef INVARIANTS
12550 panic("refcnt already incremented");
12551#else
12552 printf("refcnt:1 already incremented?\n");
12553#endif
12554 } else {
12555 atomic_add_int(&stcb->asoc.refcnt, 1);
12556 free_cnt_applied = 1;
12557 }
12558 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12559 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
12560 error = ECONNRESET;
12561 goto out_unlocked;
12562 }
12563 if (create_lock_applied) {
12564 SCTP_ASOC_CREATE_UNLOCK(inp);
12565 create_lock_applied = 0;
12566 }
12567 if (asoc->stream_reset_outstanding) {
12568 /*
12569 * Can't queue any data while stream reset is underway.
12570 */
12571 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN);
12572 error = EAGAIN;
12573 goto out_unlocked;
12574 }
12575 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
12576 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
12577 queue_only = 1;
12578 }
12579 if ((use_rcvinfo == 0) || (srcv == NULL)) {
12580 /* Grab the default stuff from the asoc */
12581 srcv = (struct sctp_sndrcvinfo *)&stcb->asoc.def_send;
12582 }
12583 /* we are now done with all control */
12584 if (control) {
12585 sctp_m_freem(control);
12586 control = NULL;
12587 }
12588 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) ||
12589 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
12590 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
12591 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
12592 if ((use_rcvinfo) &&
12593 (srcv->sinfo_flags & SCTP_ABORT)) {
12594 ;
12595 } else {
12596 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
12597 error = ECONNRESET;
12598 goto out_unlocked;
12599 }
12600 }
12601 /* Ok, we will attempt a msgsnd :> */
12602 if (p) {
12603 p->td_ru.ru_msgsnd++;
12604 }
12605 if (stcb) {
12606 if (((srcv->sinfo_flags | temp_flags) & SCTP_ADDR_OVER) == 0) {
12607 net = stcb->asoc.primary_destination;
12608 }
12609 }
12610 if (net == NULL) {
12611 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12612 error = EINVAL;
12613 goto out_unlocked;
12614 }
12615 if ((net->flight_size > net->cwnd) && (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) {
12616 /*-
12617 * CMT: Added check for CMT above. net above is the primary
12618 * dest. If CMT is ON, sender should always attempt to send
12619 * with the output routine sctp_fill_outqueue() that loops
12620 * through all destination addresses. Therefore, if CMT is
12621 * ON, queue_only is NOT set to 1 here, so that
12622 * sctp_chunk_output() can be called below.
12623 */
12624 queue_only = 1;
12625 } else if (asoc->ifp_had_enobuf) {
12626 SCTP_STAT_INCR(sctps_ifnomemqueued);
12627 if (net->flight_size > (net->mtu * 2))
12628 queue_only = 1;
12629 asoc->ifp_had_enobuf = 0;
12630 } else {
12631 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
12632 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
12633 }
12634 /* Are we aborting? */
12635 if (srcv->sinfo_flags & SCTP_ABORT) {
12636 struct mbuf *mm;
12637 int tot_demand, tot_out = 0, max_out;
12638
12639 SCTP_STAT_INCR(sctps_sends_with_abort);
12640 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
12641 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
12642 /* It has to be up before we abort */
12643 /* how big is the user initiated abort? */
12644 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12645 error = EINVAL;
12646 goto out;
12647 }
12648 if (hold_tcblock) {
12649 SCTP_TCB_UNLOCK(stcb);
12650 hold_tcblock = 0;
12651 }
12652 if (top) {
12653 struct mbuf *cntm = NULL;
12654
12655 mm = sctp_get_mbuf_for_msg(1, 0, M_WAIT, 1, MT_DATA);
12656 if (sndlen != 0) {
12657 cntm = top;
12658 while (cntm) {
12659 tot_out += SCTP_BUF_LEN(cntm);
12660 cntm = SCTP_BUF_NEXT(cntm);
12661 }
12662 }
12663 tot_demand = (tot_out + sizeof(struct sctp_paramhdr));
12664 } else {
12665 /* Must fit in a MTU */
12666 tot_out = sndlen;
12667 tot_demand = (tot_out + sizeof(struct sctp_paramhdr));
12668 if (tot_demand > SCTP_DEFAULT_ADD_MORE) {
12669 /* To big */
12670 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
12671 error = EMSGSIZE;
12672 goto out;
12673 }
12674 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAIT, 1, MT_DATA);
12675 }
12676 if (mm == NULL) {
12677 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
12678 error = ENOMEM;
12679 goto out;
12680 }
12681 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr);
12682 max_out -= sizeof(struct sctp_abort_msg);
12683 if (tot_out > max_out) {
12684 tot_out = max_out;
12685 }
12686 if (mm) {
12687 struct sctp_paramhdr *ph;
12688
12689 /* now move forward the data pointer */
12690 ph = mtod(mm, struct sctp_paramhdr *);
12691 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
12692 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out));
12693 ph++;
12694 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr);
12695 if (top == NULL) {
12696 error = uiomove((caddr_t)ph, (int)tot_out, uio);
12697 if (error) {
12698 /*-
12699 * Here if we can't get his data we
12700 * still abort we just don't get to
12701 * send the users note :-0
12702 */
12703 sctp_m_freem(mm);
12704 mm = NULL;
12705 }
12706 } else {
12707 if (sndlen != 0) {
12708 SCTP_BUF_NEXT(mm) = top;
12709 }
12710 }
12711 }
12712 if (hold_tcblock == 0) {
12713 SCTP_TCB_LOCK(stcb);
12714 hold_tcblock = 1;
12715 }
12716 atomic_add_int(&stcb->asoc.refcnt, -1);
12717 free_cnt_applied = 0;
12718 /* release this lock, otherwise we hang on ourselves */
12719 sctp_abort_an_association(stcb->sctp_ep, stcb,
12720 SCTP_RESPONSE_TO_USER_REQ,
12721 mm, SCTP_SO_LOCKED);
12722 /* now relock the stcb so everything is sane */
12723 hold_tcblock = 0;
12724 stcb = NULL;
12725 /*
12726 * In this case top is already chained to mm avoid double
12727 * free, since we free it below if top != NULL and driver
12728 * would free it after sending the packet out
12729 */
12730 if (sndlen != 0) {
12731 top = NULL;
12732 }
12733 goto out_unlocked;
12734 }
12735 /* Calculate the maximum we can send */
12736 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12737 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
12738 if (non_blocking) {
12739 /* we already checked for non-blocking above. */
12740 max_len = sndlen;
12741 } else {
12742 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
12743 }
12744 } else {
12745 max_len = 0;
12746 }
12747 if (hold_tcblock) {
12748 SCTP_TCB_UNLOCK(stcb);
12749 hold_tcblock = 0;
12750 }
12751 /* Is the stream no. valid? */
12752 if (srcv->sinfo_stream >= asoc->streamoutcnt) {
12753 /* Invalid stream number */
12754 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12755 error = EINVAL;
12756 goto out_unlocked;
12757 }
12758 if (asoc->strmout == NULL) {
12759 /* huh? software error */
12760 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
12761 error = EFAULT;
12762 goto out_unlocked;
12763 }
12764 /* Unless E_EOR mode is on, we must make a send FIT in one call. */
12765 if ((user_marks_eor == 0) &&
12766 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
12767 /* It will NEVER fit */
12768 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE);
12769 error = EMSGSIZE;
12770 goto out_unlocked;
12771 }
12772 if ((uio == NULL) && user_marks_eor) {
12773 /*-
12774 * We do not support eeor mode for
12775 * sending with mbuf chains (like sendfile).
12776 */
12777 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12778 error = EINVAL;
12779 goto out_unlocked;
12780 }
12781 if (user_marks_eor) {
12782 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold));
12783 } else {
12784 /*-
12785 * For non-eeor the whole message must fit in
12786 * the socket send buffer.
12787 */
12788 local_add_more = sndlen;
12789 }
12790 len = 0;
12791 if (non_blocking) {
12792 goto skip_preblock;
12793 }
12794 if (((max_len <= local_add_more) &&
12795 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) ||
12796 (max_len == 0) ||
12797 ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
12798 /* No room right now ! */
12799 SOCKBUF_LOCK(&so->so_snd);
12800 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12801 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) ||
12802 ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
12803 SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n",
12804 (unsigned int)SCTP_SB_LIMIT_SND(so),
12805 inqueue_bytes,
12806 local_add_more,
12807 stcb->asoc.stream_queue_cnt,
12808 stcb->asoc.chunks_on_out_queue,
12809 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue));
12810 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
12811 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, so, asoc, sndlen);
12812 }
12813 be.error = 0;
12814 stcb->block_entry = &be;
12815 error = sbwait(&so->so_snd);
12816 stcb->block_entry = NULL;
12817 if (error || so->so_error || be.error) {
12818 if (error == 0) {
12819 if (so->so_error)
12820 error = so->so_error;
12821 if (be.error) {
12822 error = be.error;
12823 }
12824 }
12825 SOCKBUF_UNLOCK(&so->so_snd);
12826 goto out_unlocked;
12827 }
12828 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
12829 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
12830 so, asoc, stcb->asoc.total_output_queue_size);
12831 }
12832 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12833 goto out_unlocked;
12834 }
12835 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12836 }
12837 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
12838 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
12839 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
12840 } else {
12841 max_len = 0;
12842 }
12843 SOCKBUF_UNLOCK(&so->so_snd);
12844 }
12845skip_preblock:
12846 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12847 goto out_unlocked;
12848 }
12849 /*
12850 * sndlen covers for mbuf case uio_resid covers for the non-mbuf
12851 * case NOTE: uio will be null when top/mbuf is passed
12852 */
12853 if (sndlen == 0) {
12854 if (srcv->sinfo_flags & SCTP_EOF) {
12855 got_all_of_the_send = 1;
12856 goto dataless_eof;
12857 } else {
12858 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12859 error = EINVAL;
12860 goto out;
12861 }
12862 }
12863 if (top == NULL) {
12864 struct sctp_stream_queue_pending *sp;
12865 struct sctp_stream_out *strm;
12866 uint32_t sndout, initial_out;
12867
12868 initial_out = uio->uio_resid;
12869
12870 SCTP_TCB_SEND_LOCK(stcb);
12871 if ((asoc->stream_locked) &&
12872 (asoc->stream_locked_on != srcv->sinfo_stream)) {
12873 SCTP_TCB_SEND_UNLOCK(stcb);
12874 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
12875 error = EINVAL;
12876 goto out;
12877 }
12878 SCTP_TCB_SEND_UNLOCK(stcb);
12879
12880 strm = &stcb->asoc.strmout[srcv->sinfo_stream];
12881 if (strm->last_msg_incomplete == 0) {
12882 do_a_copy_in:
12883 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error, non_blocking);
12884 if ((sp == NULL) || (error)) {
12885 goto out;
12886 }
12887 SCTP_TCB_SEND_LOCK(stcb);
12888 if (sp->msg_is_complete) {
12889 strm->last_msg_incomplete = 0;
12890 asoc->stream_locked = 0;
12891 } else {
12892 /*
12893 * Just got locked to this guy in case of an
12894 * interrupt.
12895 */
12896 strm->last_msg_incomplete = 1;
12897 asoc->stream_locked = 1;
12898 asoc->stream_locked_on = srcv->sinfo_stream;
12899 sp->sender_all_done = 0;
12900 }
12901 sctp_snd_sb_alloc(stcb, sp->length);
12902 atomic_add_int(&asoc->stream_queue_cnt, 1);
12903 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) {
12904 sp->strseq = strm->next_sequence_sent;
12905 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_SCTP) {
12906 sctp_misc_ints(SCTP_STRMOUT_LOG_ASSIGN,
12907 (uintptr_t) stcb, sp->length,
12908 (uint32_t) ((srcv->sinfo_stream << 16) | sp->strseq), 0);
12909 }
12910 strm->next_sequence_sent++;
12911 } else {
12912 SCTP_STAT_INCR(sctps_sends_with_unord);
12913 }
12914 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
12915 if ((strm->next_spoke.tqe_next == NULL) &&
12916 (strm->next_spoke.tqe_prev == NULL)) {
12917 /* Not on wheel, insert */
12918 sctp_insert_on_wheel(stcb, asoc, strm, 1);
12919 }
12920 SCTP_TCB_SEND_UNLOCK(stcb);
12921 } else {
12922 SCTP_TCB_SEND_LOCK(stcb);
12923 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead);
12924 SCTP_TCB_SEND_UNLOCK(stcb);
12925 if (sp == NULL) {
12926 /* ???? Huh ??? last msg is gone */
12927#ifdef INVARIANTS
12928 panic("Warning: Last msg marked incomplete, yet nothing left?");
12929#else
12930 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n");
12931 strm->last_msg_incomplete = 0;
12932#endif
12933 goto do_a_copy_in;
12934
12935 }
12936 }
12937 while (uio->uio_resid > 0) {
12938 /* How much room do we have? */
12939 struct mbuf *new_tail, *mm;
12940
12941 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size)
12942 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size;
12943 else
12944 max_len = 0;
12945
12946 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) ||
12947 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) ||
12948 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) {
12949 sndout = 0;
12950 new_tail = NULL;
12951 if (hold_tcblock) {
12952 SCTP_TCB_UNLOCK(stcb);
12953 hold_tcblock = 0;
12954 }
12955 mm = sctp_copy_resume(sp, uio, srcv, max_len, user_marks_eor, &error, &sndout, &new_tail);
12956 if ((mm == NULL) || error) {
12957 if (mm) {
12958 sctp_m_freem(mm);
12959 }
12960 goto out;
12961 }
12962 /* Update the mbuf and count */
12963 SCTP_TCB_SEND_LOCK(stcb);
12964 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
12965 /*
12966 * we need to get out. Peer probably
12967 * aborted.
12968 */
12969 sctp_m_freem(mm);
12970 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) {
12971 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
12972 error = ECONNRESET;
12973 }
12974 SCTP_TCB_SEND_UNLOCK(stcb);
12975 goto out;
12976 }
12977 if (sp->tail_mbuf) {
12978 /* tack it to the end */
12979 SCTP_BUF_NEXT(sp->tail_mbuf) = mm;
12980 sp->tail_mbuf = new_tail;
12981 } else {
12982 /* A stolen mbuf */
12983 sp->data = mm;
12984 sp->tail_mbuf = new_tail;
12985 }
12986 sctp_snd_sb_alloc(stcb, sndout);
12987 atomic_add_int(&sp->length, sndout);
12988 len += sndout;
12989
12990 /* Did we reach EOR? */
12991 if ((uio->uio_resid == 0) &&
12992 ((user_marks_eor == 0) ||
12993 (srcv->sinfo_flags & SCTP_EOF) ||
12994 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
12995 sp->msg_is_complete = 1;
12996 } else {
12997 sp->msg_is_complete = 0;
12998 }
12999 SCTP_TCB_SEND_UNLOCK(stcb);
13000 }
13001 if (uio->uio_resid == 0) {
13002 /* got it all? */
13003 continue;
13004 }
13005 /* PR-SCTP? */
13006 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) {
13007 /*
13008 * This is ugly but we must assure locking
13009 * order
13010 */
13011 if (hold_tcblock == 0) {
13012 SCTP_TCB_LOCK(stcb);
13013 hold_tcblock = 1;
13014 }
13015 sctp_prune_prsctp(stcb, asoc, srcv, sndlen);
13016 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk));
13017 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size)
13018 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
13019 else
13020 max_len = 0;
13021 if (max_len > 0) {
13022 continue;
13023 }
13024 SCTP_TCB_UNLOCK(stcb);
13025 hold_tcblock = 0;
13026 }
13027 /* wait for space now */
13028 if (non_blocking) {
13029 /* Non-blocking io in place out */
13030 goto skip_out_eof;
13031 }
13032 if ((net->flight_size > net->cwnd) &&
13033 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) {
13034 queue_only = 1;
13035 } else if (asoc->ifp_had_enobuf) {
13036 SCTP_STAT_INCR(sctps_ifnomemqueued);
13037 if (net->flight_size > (net->mtu * 2)) {
13038 queue_only = 1;
13039 } else {
13040 queue_only = 0;
13041 }
13042 asoc->ifp_had_enobuf = 0;
13043 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13044 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13045 } else {
13046 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13047 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13048 if (net->flight_size > net->cwnd) {
13049 queue_only = 1;
13050 SCTP_STAT_INCR(sctps_send_cwnd_avoid);
13051 } else {
13052 queue_only = 0;
13053 }
13054 }
13055 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
13056 (stcb->asoc.total_flight > 0) &&
13057 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) &&
13058 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) {
13059
13060 /*-
13061 * Ok, Nagle is set on and we have data outstanding.
13062 * Don't send anything and let SACKs drive out the
13063 * data unless wen have a "full" segment to send.
13064 */
13065 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13066 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED);
13067 }
13068 SCTP_STAT_INCR(sctps_naglequeued);
13069 nagle_applies = 1;
13070 } else {
13071 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13072 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY))
13073 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED);
13074 }
13075 SCTP_STAT_INCR(sctps_naglesent);
13076 nagle_applies = 0;
13077 }
13078 /* What about the INIT, send it maybe */
13079 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
13080
13081 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only,
13082 nagle_applies, un_sent);
13083 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size,
13084 stcb->asoc.total_flight,
13085 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count);
13086 }
13087 if (queue_only_for_init) {
13088 if (hold_tcblock == 0) {
13089 SCTP_TCB_LOCK(stcb);
13090 hold_tcblock = 1;
13091 }
13092 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) {
13093 /* a collision took us forward? */
13094 queue_only_for_init = 0;
13095 queue_only = 0;
13096 } else {
13097 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED);
13098 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT);
13099 queue_only_for_init = 0;
13100 queue_only = 1;
13101 }
13102 }
13103 if ((queue_only == 0) && (nagle_applies == 0)) {
13104 /*-
13105 * need to start chunk output
13106 * before blocking.. note that if
13107 * a lock is already applied, then
13108 * the input via the net is happening
13109 * and I don't need to start output :-D
13110 */
13111 if (hold_tcblock == 0) {
13112 if (SCTP_TCB_TRYLOCK(stcb)) {
13113 hold_tcblock = 1;
13114 sctp_chunk_output(inp,
13115 stcb,
13116 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13117 }
13118 } else {
13119 sctp_chunk_output(inp,
13120 stcb,
13121 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13122 }
13123 if (hold_tcblock == 1) {
13124 SCTP_TCB_UNLOCK(stcb);
13125 hold_tcblock = 0;
13126 }
13127 }
13128 SOCKBUF_LOCK(&so->so_snd);
13129 /*-
13130 * This is a bit strange, but I think it will
13131 * work. The total_output_queue_size is locked and
13132 * protected by the TCB_LOCK, which we just released.
13133 * There is a race that can occur between releasing it
13134 * above, and me getting the socket lock, where sacks
13135 * come in but we have not put the SB_WAIT on the
13136 * so_snd buffer to get the wakeup. After the LOCK
13137 * is applied the sack_processing will also need to
13138 * LOCK the so->so_snd to do the actual sowwakeup(). So
13139 * once we have the socket buffer lock if we recheck the
13140 * size we KNOW we will get to sleep safely with the
13141 * wakeup flag in place.
13142 */
13143 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size +
13144 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) {
13145 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
13146 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK,
13147 so, asoc, uio->uio_resid);
13148 }
13149 be.error = 0;
13150 stcb->block_entry = &be;
13151 error = sbwait(&so->so_snd);
13152 stcb->block_entry = NULL;
13153
13154 if (error || so->so_error || be.error) {
13155 if (error == 0) {
13156 if (so->so_error)
13157 error = so->so_error;
13158 if (be.error) {
13159 error = be.error;
13160 }
13161 }
13162 SOCKBUF_UNLOCK(&so->so_snd);
13163 goto out_unlocked;
13164 }
13165 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
13166 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
13167 so, asoc, stcb->asoc.total_output_queue_size);
13168 }
13169 }
13170 SOCKBUF_UNLOCK(&so->so_snd);
13171 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
13172 goto out_unlocked;
13173 }
13174 }
13175 SCTP_TCB_SEND_LOCK(stcb);
13176 if (sp) {
13177 if (sp->msg_is_complete == 0) {
13178 strm->last_msg_incomplete = 1;
13179 asoc->stream_locked = 1;
13180 asoc->stream_locked_on = srcv->sinfo_stream;
13181 } else {
13182 sp->sender_all_done = 1;
13183 strm->last_msg_incomplete = 0;
13184 asoc->stream_locked = 0;
13185 }
13186 } else {
13187 SCTP_PRINTF("Huh no sp TSNH?\n");
13188 strm->last_msg_incomplete = 0;
13189 asoc->stream_locked = 0;
13190 }
13191 SCTP_TCB_SEND_UNLOCK(stcb);
13192 if (uio->uio_resid == 0) {
13193 got_all_of_the_send = 1;
13194 }
13195 } else if (top) {
13196 /* We send in a 0, since we do NOT have any locks */
13197 error = sctp_msg_append(stcb, net, top, srcv, 0);
13198 top = NULL;
13199 if (srcv->sinfo_flags & SCTP_EOF) {
13200 /*
13201 * This should only happen for Panda for the mbuf
13202 * send case, which does NOT yet support EEOR mode.
13203 * Thus, we can just set this flag to do the proper
13204 * EOF handling.
13205 */
13206 got_all_of_the_send = 1;
13207 }
13208 }
13209 if (error) {
13210 goto out;
13211 }
13212dataless_eof:
13213 /* EOF thing ? */
13214 if ((srcv->sinfo_flags & SCTP_EOF) &&
13215 (got_all_of_the_send == 1) &&
13216 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
13217 int cnt;
13218
13219 SCTP_STAT_INCR(sctps_sends_with_eof);
13220 error = 0;
13221 if (hold_tcblock == 0) {
13222 SCTP_TCB_LOCK(stcb);
13223 hold_tcblock = 1;
13224 }
13225 cnt = sctp_is_there_unsent_data(stcb);
13226 if (TAILQ_EMPTY(&asoc->send_queue) &&
13227 TAILQ_EMPTY(&asoc->sent_queue) &&
13228 (cnt == 0)) {
13229 if (asoc->locked_on_sending) {
13230 goto abort_anyway;
13231 }
13232 /* there is nothing queued to send, so I'm done... */
13233 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
13234 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
13235 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
13236 /* only send SHUTDOWN the first time through */
13237 sctp_send_shutdown(stcb, stcb->asoc.primary_destination);
13238 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
13239 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
13240 }
13241 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
13242 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
13243 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
13244 asoc->primary_destination);
13245 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
13246 asoc->primary_destination);
13247 }
13248 } else {
13249 /*-
13250 * we still got (or just got) data to send, so set
13251 * SHUTDOWN_PENDING
13252 */
13253 /*-
13254 * XXX sockets draft says that SCTP_EOF should be
13255 * sent with no data. currently, we will allow user
13256 * data to be sent first and move to
13257 * SHUTDOWN-PENDING
13258 */
13259 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
13260 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
13261 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
13262 if (hold_tcblock == 0) {
13263 SCTP_TCB_LOCK(stcb);
13264 hold_tcblock = 1;
13265 }
13266 if (asoc->locked_on_sending) {
13267 /* Locked to send out the data */
13268 struct sctp_stream_queue_pending *sp;
13269
13270 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead);
13271 if (sp) {
13272 if ((sp->length == 0) && (sp->msg_is_complete == 0))
13273 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
13274 }
13275 }
13276 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING;
13277 if (TAILQ_EMPTY(&asoc->send_queue) &&
13278 TAILQ_EMPTY(&asoc->sent_queue) &&
13279 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
13280 abort_anyway:
13281 if (free_cnt_applied) {
13282 atomic_add_int(&stcb->asoc.refcnt, -1);
13283 free_cnt_applied = 0;
13284 }
13285 sctp_abort_an_association(stcb->sctp_ep, stcb,
13286 SCTP_RESPONSE_TO_USER_REQ,
13287 NULL, SCTP_SO_LOCKED);
13288 /*
13289 * now relock the stcb so everything
13290 * is sane
13291 */
13292 hold_tcblock = 0;
13293 stcb = NULL;
13294 goto out;
13295 }
13296 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
13297 asoc->primary_destination);
13298 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY);
13299 }
13300 }
13301 }
13302skip_out_eof:
13303 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
13304 some_on_control = 1;
13305 }
13306 if ((net->flight_size > net->cwnd) &&
13307 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) {
13308 queue_only = 1;
13309 } else if (asoc->ifp_had_enobuf) {
13310 SCTP_STAT_INCR(sctps_ifnomemqueued);
13311 if (net->flight_size > (net->mtu * 2)) {
13312 queue_only = 1;
13313 } else {
13314 queue_only = 0;
13315 }
13316 asoc->ifp_had_enobuf = 0;
13317 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13318 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13319 } else {
13320 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
13321 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk)));
13322 if (net->flight_size > net->cwnd) {
13323 queue_only = 1;
13324 SCTP_STAT_INCR(sctps_send_cwnd_avoid);
13325 } else {
13326 queue_only = 0;
13327 }
13328 }
13329 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
13330 (stcb->asoc.total_flight > 0) &&
13331 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) &&
13332 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) {
13333 /*-
13334 * Ok, Nagle is set on and we have data outstanding.
13335 * Don't send anything and let SACKs drive out the
13336 * data unless wen have a "full" segment to send.
13337 */
13338 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13339 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED);
13340 }
13341 SCTP_STAT_INCR(sctps_naglequeued);
13342 nagle_applies = 1;
13343 } else {
13344 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
13345 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY))
13346 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED);
13347 }
13348 SCTP_STAT_INCR(sctps_naglesent);
13349 nagle_applies = 0;
13350 }
13351 if (queue_only_for_init) {
13352 if (hold_tcblock == 0) {
13353 SCTP_TCB_LOCK(stcb);
13354 hold_tcblock = 1;
13355 }
13356 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) {
13357 /* a collision took us forward? */
13358 queue_only_for_init = 0;
13359 queue_only = 0;
13360 } else {
13361 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED);
13362 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT);
13363 queue_only_for_init = 0;
13364 queue_only = 1;
13365 }
13366 }
13367 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) {
13368 /* we can attempt to send too. */
13369 if (hold_tcblock == 0) {
13370 /*
13371 * If there is activity recv'ing sacks no need to
13372 * send
13373 */
13374 if (SCTP_TCB_TRYLOCK(stcb)) {
13375 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13376 hold_tcblock = 1;
13377 }
13378 } else {
13379 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13380 }
13381 } else if ((queue_only == 0) &&
13382 (stcb->asoc.peers_rwnd == 0) &&
13383 (stcb->asoc.total_flight == 0)) {
13384 /* We get to have a probe outstanding */
13385 if (hold_tcblock == 0) {
13386 hold_tcblock = 1;
13387 SCTP_TCB_LOCK(stcb);
13388 }
13389 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
13390 } else if (some_on_control) {
13391 int num_out, reason, frag_point;
13392
13393 /* Here we do control only */
13394 if (hold_tcblock == 0) {
13395 hold_tcblock = 1;
13396 SCTP_TCB_LOCK(stcb);
13397 }
13398 frag_point = sctp_get_frag_point(stcb, &stcb->asoc);
13399 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out,
13400 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED);
13401 }
13402 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n",
13403 queue_only, stcb->asoc.peers_rwnd, un_sent,
13404 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue,
13405 stcb->asoc.total_output_queue_size, error);
13406
13407out:
13408out_unlocked:
13409
13410 if (local_soresv && stcb) {
13411 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen);
13412 local_soresv = 0;
13413 }
13414 if (create_lock_applied) {
13415 SCTP_ASOC_CREATE_UNLOCK(inp);
13416 create_lock_applied = 0;
13417 }
13418 if ((stcb) && hold_tcblock) {
13419 SCTP_TCB_UNLOCK(stcb);
13420 }
13421 if (stcb && free_cnt_applied) {
13422 atomic_add_int(&stcb->asoc.refcnt, -1);
13423 }
13424#ifdef INVARIANTS
13425 if (stcb) {
13426 if (mtx_owned(&stcb->tcb_mtx)) {
13427 panic("Leaving with tcb mtx owned?");
13428 }
13429 if (mtx_owned(&stcb->tcb_send_mtx)) {
13430 panic("Leaving with tcb send mtx owned?");
13431 }
13432 }
13433#endif
13434#ifdef INVARIANTS
13435 if (inp) {
13436 sctp_validate_no_locks(inp);
13437 } else {
13438 printf("Warning - inp is NULL so cant validate locks\n");
13439 }
13440#endif
13441 if (top) {
13442 sctp_m_freem(top);
13443 }
13444 if (control) {
13445 sctp_m_freem(control);
13446 }
13447 return (error);
13448}
13449
13450
13451/*
13452 * generate an AUTHentication chunk, if required
13453 */
13454struct mbuf *
13455sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end,
13456 struct sctp_auth_chunk **auth_ret, uint32_t * offset,
13457 struct sctp_tcb *stcb, uint8_t chunk)
13458{
13459 struct mbuf *m_auth;
13460 struct sctp_auth_chunk *auth;
13461 int chunk_len;
13462
13463 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) ||
13464 (stcb == NULL))
13465 return (m);
13466
13467 /* sysctl disabled auth? */
13468 if (SCTP_BASE_SYSCTL(sctp_auth_disable))
13469 return (m);
13470
13471 /* peer doesn't do auth... */
13472 if (!stcb->asoc.peer_supports_auth) {
13473 return (m);
13474 }
13475 /* does the requested chunk require auth? */
13476 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) {
13477 return (m);
13478 }
13479 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_DONTWAIT, 1, MT_HEADER);
13480 if (m_auth == NULL) {
13481 /* no mbuf's */
13482 return (m);
13483 }
13484 /* reserve some space if this will be the first mbuf */
13485 if (m == NULL)
13486 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD);
13487 /* fill in the AUTH chunk details */
13488 auth = mtod(m_auth, struct sctp_auth_chunk *);
13489 bzero(auth, sizeof(*auth));
13490 auth->ch.chunk_type = SCTP_AUTHENTICATION;
13491 auth->ch.chunk_flags = 0;
13492 chunk_len = sizeof(*auth) +
13493 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id);
13494 auth->ch.chunk_length = htons(chunk_len);
13495 auth->hmac_id = htons(stcb->asoc.peer_hmac_id);
13496 /* key id and hmac digest will be computed and filled in upon send */
13497
13498 /* save the offset where the auth was inserted into the chain */
13499 if (m != NULL) {
13500 struct mbuf *cn;
13501
13502 *offset = 0;
13503 cn = m;
13504 while (cn) {
13505 *offset += SCTP_BUF_LEN(cn);
13506 cn = SCTP_BUF_NEXT(cn);
13507 }
13508 } else
13509 *offset = 0;
13510
13511 /* update length and return pointer to the auth chunk */
13512 SCTP_BUF_LEN(m_auth) = chunk_len;
13513 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0);
13514 if (auth_ret != NULL)
13515 *auth_ret = auth;
13516
13517 return (m);
13518}
13519
13520#ifdef INET6
13521int
13522sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro)
13523{
13524 struct nd_prefix *pfx = NULL;
13525 struct nd_pfxrouter *pfxrtr = NULL;
13526 struct sockaddr_in6 gw6;
13527
13528 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6)
13529 return (0);
13530
13531 /* get prefix entry of address */
13532 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) {
13533 if (pfx->ndpr_stateflags & NDPRF_DETACHED)
13534 continue;
13535 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr,
13536 &src6->sin6_addr, &pfx->ndpr_mask))
13537 break;
13538 }
13539 /* no prefix entry in the prefix list */
13540 if (pfx == NULL) {
13541 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for ");
13542 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6);
13543 return (0);
13544 }
13545 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is ");
13546 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6);
13547
13548 /* search installed gateway from prefix entry */
13549 for (pfxrtr = pfx->ndpr_advrtrs.lh_first; pfxrtr; pfxrtr =
13550 pfxrtr->pfr_next) {
13551 memset(&gw6, 0, sizeof(struct sockaddr_in6));
13552 gw6.sin6_family = AF_INET6;
13553 gw6.sin6_len = sizeof(struct sockaddr_in6);
13554 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr,
13555 sizeof(struct in6_addr));
13556 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is ");
13557 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6);
13558 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is ");
13559 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway);
13560 if (sctp_cmpaddr((struct sockaddr *)&gw6,
13561 ro->ro_rt->rt_gateway)) {
13562 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n");
13563 return (1);
13564 }
13565 }
13566 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n");
13567 return (0);
13568}
13569
13570#endif
13571
13572int
13573sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t * ro)
13574{
13575 struct sockaddr_in *sin, *mask;
13576 struct ifaddr *ifa;
13577 struct in_addr srcnetaddr, gwnetaddr;
13578
13579 if (ro == NULL || ro->ro_rt == NULL ||
13580 sifa->address.sa.sa_family != AF_INET) {
13581 return (0);
13582 }
13583 ifa = (struct ifaddr *)sifa->ifa;
13584 mask = (struct sockaddr_in *)(ifa->ifa_netmask);
13585 sin = (struct sockaddr_in *)&sifa->address.sin;
13586 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr);
13587 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is ");
13588 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
13589 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr);
13590
13591 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
13592 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr);
13593 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is ");
13594 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway);
13595 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr);
13596 if (srcnetaddr.s_addr == gwnetaddr.s_addr) {
13597 return (1);
13598 }
13599 return (0);
13600}
|