35 36#include <netinet/sctp_os.h> 37#include <sys/proc.h> 38#include <netinet/sctp_var.h> 39#include <netinet/sctp_sysctl.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctp_pcb.h> 42#include <netinet/sctputil.h> 43#include <netinet/sctp_output.h> 44#include <netinet/sctp_uio.h> 45#include <netinet/sctputil.h> 46#include <netinet/sctp_auth.h> 47#include <netinet/sctp_timer.h> 48#include <netinet/sctp_asconf.h> 49#include <netinet/sctp_indata.h> 50#include <netinet/sctp_bsd_addr.h> 51#include <netinet/sctp_input.h> 52#include <netinet/sctp_crc32.h> 53#include <netinet/udp.h> 54#include <machine/in_cksum.h> 55 56 57 58#define SCTP_MAX_GAPS_INARRAY 4 59struct sack_track { 60 uint8_t right_edge; /* mergable on the right edge */ 61 uint8_t left_edge; /* mergable on the left edge */ 62 uint8_t num_entries; 63 uint8_t spare; 64 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY]; 65}; 66 67struct sack_track sack_array[256] = { 68 {0, 0, 0, 0, /* 0x00 */ 69 {{0, 0}, 70 {0, 0}, 71 {0, 0}, 72 {0, 0} 73 } 74 }, 75 {1, 0, 1, 0, /* 0x01 */ 76 {{0, 0}, 77 {0, 0}, 78 {0, 0}, 79 {0, 0} 80 } 81 }, 82 {0, 0, 1, 0, /* 0x02 */ 83 {{1, 1}, 84 {0, 0}, 85 {0, 0}, 86 {0, 0} 87 } 88 }, 89 {1, 0, 1, 0, /* 0x03 */ 90 {{0, 1}, 91 {0, 0}, 92 {0, 0}, 93 {0, 0} 94 } 95 }, 96 {0, 0, 1, 0, /* 0x04 */ 97 {{2, 2}, 98 {0, 0}, 99 {0, 0}, 100 {0, 0} 101 } 102 }, 103 {1, 0, 2, 0, /* 0x05 */ 104 {{0, 0}, 105 {2, 2}, 106 {0, 0}, 107 {0, 0} 108 } 109 }, 110 {0, 0, 1, 0, /* 0x06 */ 111 {{1, 2}, 112 {0, 0}, 113 {0, 0}, 114 {0, 0} 115 } 116 }, 117 {1, 0, 1, 0, /* 0x07 */ 118 {{0, 2}, 119 {0, 0}, 120 {0, 0}, 121 {0, 0} 122 } 123 }, 124 {0, 0, 1, 0, /* 0x08 */ 125 {{3, 3}, 126 {0, 0}, 127 {0, 0}, 128 {0, 0} 129 } 130 }, 131 {1, 0, 2, 0, /* 0x09 */ 132 {{0, 0}, 133 {3, 3}, 134 {0, 0}, 135 {0, 0} 136 } 137 }, 138 {0, 0, 2, 0, /* 0x0a */ 139 {{1, 1}, 140 {3, 3}, 141 {0, 0}, 142 {0, 0} 143 } 144 }, 145 {1, 0, 2, 0, /* 0x0b */ 146 {{0, 1}, 147 {3, 3}, 148 {0, 0}, 149 {0, 0} 150 } 151 }, 152 {0, 0, 1, 0, /* 0x0c */ 153 {{2, 3}, 154 {0, 0}, 155 {0, 0}, 156 {0, 0} 157 } 158 }, 159 {1, 0, 2, 0, /* 0x0d */ 160 {{0, 0}, 161 {2, 3}, 162 {0, 0}, 163 {0, 0} 164 } 165 }, 166 {0, 0, 1, 0, /* 0x0e */ 167 {{1, 3}, 168 {0, 0}, 169 {0, 0}, 170 {0, 0} 171 } 172 }, 173 {1, 0, 1, 0, /* 0x0f */ 174 {{0, 3}, 175 {0, 0}, 176 {0, 0}, 177 {0, 0} 178 } 179 }, 180 {0, 0, 1, 0, /* 0x10 */ 181 {{4, 4}, 182 {0, 0}, 183 {0, 0}, 184 {0, 0} 185 } 186 }, 187 {1, 0, 2, 0, /* 0x11 */ 188 {{0, 0}, 189 {4, 4}, 190 {0, 0}, 191 {0, 0} 192 } 193 }, 194 {0, 0, 2, 0, /* 0x12 */ 195 {{1, 1}, 196 {4, 4}, 197 {0, 0}, 198 {0, 0} 199 } 200 }, 201 {1, 0, 2, 0, /* 0x13 */ 202 {{0, 1}, 203 {4, 4}, 204 {0, 0}, 205 {0, 0} 206 } 207 }, 208 {0, 0, 2, 0, /* 0x14 */ 209 {{2, 2}, 210 {4, 4}, 211 {0, 0}, 212 {0, 0} 213 } 214 }, 215 {1, 0, 3, 0, /* 0x15 */ 216 {{0, 0}, 217 {2, 2}, 218 {4, 4}, 219 {0, 0} 220 } 221 }, 222 {0, 0, 2, 0, /* 0x16 */ 223 {{1, 2}, 224 {4, 4}, 225 {0, 0}, 226 {0, 0} 227 } 228 }, 229 {1, 0, 2, 0, /* 0x17 */ 230 {{0, 2}, 231 {4, 4}, 232 {0, 0}, 233 {0, 0} 234 } 235 }, 236 {0, 0, 1, 0, /* 0x18 */ 237 {{3, 4}, 238 {0, 0}, 239 {0, 0}, 240 {0, 0} 241 } 242 }, 243 {1, 0, 2, 0, /* 0x19 */ 244 {{0, 0}, 245 {3, 4}, 246 {0, 0}, 247 {0, 0} 248 } 249 }, 250 {0, 0, 2, 0, /* 0x1a */ 251 {{1, 1}, 252 {3, 4}, 253 {0, 0}, 254 {0, 0} 255 } 256 }, 257 {1, 0, 2, 0, /* 0x1b */ 258 {{0, 1}, 259 {3, 4}, 260 {0, 0}, 261 {0, 0} 262 } 263 }, 264 {0, 0, 1, 0, /* 0x1c */ 265 {{2, 4}, 266 {0, 0}, 267 {0, 0}, 268 {0, 0} 269 } 270 }, 271 {1, 0, 2, 0, /* 0x1d */ 272 {{0, 0}, 273 {2, 4}, 274 {0, 0}, 275 {0, 0} 276 } 277 }, 278 {0, 0, 1, 0, /* 0x1e */ 279 {{1, 4}, 280 {0, 0}, 281 {0, 0}, 282 {0, 0} 283 } 284 }, 285 {1, 0, 1, 0, /* 0x1f */ 286 {{0, 4}, 287 {0, 0}, 288 {0, 0}, 289 {0, 0} 290 } 291 }, 292 {0, 0, 1, 0, /* 0x20 */ 293 {{5, 5}, 294 {0, 0}, 295 {0, 0}, 296 {0, 0} 297 } 298 }, 299 {1, 0, 2, 0, /* 0x21 */ 300 {{0, 0}, 301 {5, 5}, 302 {0, 0}, 303 {0, 0} 304 } 305 }, 306 {0, 0, 2, 0, /* 0x22 */ 307 {{1, 1}, 308 {5, 5}, 309 {0, 0}, 310 {0, 0} 311 } 312 }, 313 {1, 0, 2, 0, /* 0x23 */ 314 {{0, 1}, 315 {5, 5}, 316 {0, 0}, 317 {0, 0} 318 } 319 }, 320 {0, 0, 2, 0, /* 0x24 */ 321 {{2, 2}, 322 {5, 5}, 323 {0, 0}, 324 {0, 0} 325 } 326 }, 327 {1, 0, 3, 0, /* 0x25 */ 328 {{0, 0}, 329 {2, 2}, 330 {5, 5}, 331 {0, 0} 332 } 333 }, 334 {0, 0, 2, 0, /* 0x26 */ 335 {{1, 2}, 336 {5, 5}, 337 {0, 0}, 338 {0, 0} 339 } 340 }, 341 {1, 0, 2, 0, /* 0x27 */ 342 {{0, 2}, 343 {5, 5}, 344 {0, 0}, 345 {0, 0} 346 } 347 }, 348 {0, 0, 2, 0, /* 0x28 */ 349 {{3, 3}, 350 {5, 5}, 351 {0, 0}, 352 {0, 0} 353 } 354 }, 355 {1, 0, 3, 0, /* 0x29 */ 356 {{0, 0}, 357 {3, 3}, 358 {5, 5}, 359 {0, 0} 360 } 361 }, 362 {0, 0, 3, 0, /* 0x2a */ 363 {{1, 1}, 364 {3, 3}, 365 {5, 5}, 366 {0, 0} 367 } 368 }, 369 {1, 0, 3, 0, /* 0x2b */ 370 {{0, 1}, 371 {3, 3}, 372 {5, 5}, 373 {0, 0} 374 } 375 }, 376 {0, 0, 2, 0, /* 0x2c */ 377 {{2, 3}, 378 {5, 5}, 379 {0, 0}, 380 {0, 0} 381 } 382 }, 383 {1, 0, 3, 0, /* 0x2d */ 384 {{0, 0}, 385 {2, 3}, 386 {5, 5}, 387 {0, 0} 388 } 389 }, 390 {0, 0, 2, 0, /* 0x2e */ 391 {{1, 3}, 392 {5, 5}, 393 {0, 0}, 394 {0, 0} 395 } 396 }, 397 {1, 0, 2, 0, /* 0x2f */ 398 {{0, 3}, 399 {5, 5}, 400 {0, 0}, 401 {0, 0} 402 } 403 }, 404 {0, 0, 1, 0, /* 0x30 */ 405 {{4, 5}, 406 {0, 0}, 407 {0, 0}, 408 {0, 0} 409 } 410 }, 411 {1, 0, 2, 0, /* 0x31 */ 412 {{0, 0}, 413 {4, 5}, 414 {0, 0}, 415 {0, 0} 416 } 417 }, 418 {0, 0, 2, 0, /* 0x32 */ 419 {{1, 1}, 420 {4, 5}, 421 {0, 0}, 422 {0, 0} 423 } 424 }, 425 {1, 0, 2, 0, /* 0x33 */ 426 {{0, 1}, 427 {4, 5}, 428 {0, 0}, 429 {0, 0} 430 } 431 }, 432 {0, 0, 2, 0, /* 0x34 */ 433 {{2, 2}, 434 {4, 5}, 435 {0, 0}, 436 {0, 0} 437 } 438 }, 439 {1, 0, 3, 0, /* 0x35 */ 440 {{0, 0}, 441 {2, 2}, 442 {4, 5}, 443 {0, 0} 444 } 445 }, 446 {0, 0, 2, 0, /* 0x36 */ 447 {{1, 2}, 448 {4, 5}, 449 {0, 0}, 450 {0, 0} 451 } 452 }, 453 {1, 0, 2, 0, /* 0x37 */ 454 {{0, 2}, 455 {4, 5}, 456 {0, 0}, 457 {0, 0} 458 } 459 }, 460 {0, 0, 1, 0, /* 0x38 */ 461 {{3, 5}, 462 {0, 0}, 463 {0, 0}, 464 {0, 0} 465 } 466 }, 467 {1, 0, 2, 0, /* 0x39 */ 468 {{0, 0}, 469 {3, 5}, 470 {0, 0}, 471 {0, 0} 472 } 473 }, 474 {0, 0, 2, 0, /* 0x3a */ 475 {{1, 1}, 476 {3, 5}, 477 {0, 0}, 478 {0, 0} 479 } 480 }, 481 {1, 0, 2, 0, /* 0x3b */ 482 {{0, 1}, 483 {3, 5}, 484 {0, 0}, 485 {0, 0} 486 } 487 }, 488 {0, 0, 1, 0, /* 0x3c */ 489 {{2, 5}, 490 {0, 0}, 491 {0, 0}, 492 {0, 0} 493 } 494 }, 495 {1, 0, 2, 0, /* 0x3d */ 496 {{0, 0}, 497 {2, 5}, 498 {0, 0}, 499 {0, 0} 500 } 501 }, 502 {0, 0, 1, 0, /* 0x3e */ 503 {{1, 5}, 504 {0, 0}, 505 {0, 0}, 506 {0, 0} 507 } 508 }, 509 {1, 0, 1, 0, /* 0x3f */ 510 {{0, 5}, 511 {0, 0}, 512 {0, 0}, 513 {0, 0} 514 } 515 }, 516 {0, 0, 1, 0, /* 0x40 */ 517 {{6, 6}, 518 {0, 0}, 519 {0, 0}, 520 {0, 0} 521 } 522 }, 523 {1, 0, 2, 0, /* 0x41 */ 524 {{0, 0}, 525 {6, 6}, 526 {0, 0}, 527 {0, 0} 528 } 529 }, 530 {0, 0, 2, 0, /* 0x42 */ 531 {{1, 1}, 532 {6, 6}, 533 {0, 0}, 534 {0, 0} 535 } 536 }, 537 {1, 0, 2, 0, /* 0x43 */ 538 {{0, 1}, 539 {6, 6}, 540 {0, 0}, 541 {0, 0} 542 } 543 }, 544 {0, 0, 2, 0, /* 0x44 */ 545 {{2, 2}, 546 {6, 6}, 547 {0, 0}, 548 {0, 0} 549 } 550 }, 551 {1, 0, 3, 0, /* 0x45 */ 552 {{0, 0}, 553 {2, 2}, 554 {6, 6}, 555 {0, 0} 556 } 557 }, 558 {0, 0, 2, 0, /* 0x46 */ 559 {{1, 2}, 560 {6, 6}, 561 {0, 0}, 562 {0, 0} 563 } 564 }, 565 {1, 0, 2, 0, /* 0x47 */ 566 {{0, 2}, 567 {6, 6}, 568 {0, 0}, 569 {0, 0} 570 } 571 }, 572 {0, 0, 2, 0, /* 0x48 */ 573 {{3, 3}, 574 {6, 6}, 575 {0, 0}, 576 {0, 0} 577 } 578 }, 579 {1, 0, 3, 0, /* 0x49 */ 580 {{0, 0}, 581 {3, 3}, 582 {6, 6}, 583 {0, 0} 584 } 585 }, 586 {0, 0, 3, 0, /* 0x4a */ 587 {{1, 1}, 588 {3, 3}, 589 {6, 6}, 590 {0, 0} 591 } 592 }, 593 {1, 0, 3, 0, /* 0x4b */ 594 {{0, 1}, 595 {3, 3}, 596 {6, 6}, 597 {0, 0} 598 } 599 }, 600 {0, 0, 2, 0, /* 0x4c */ 601 {{2, 3}, 602 {6, 6}, 603 {0, 0}, 604 {0, 0} 605 } 606 }, 607 {1, 0, 3, 0, /* 0x4d */ 608 {{0, 0}, 609 {2, 3}, 610 {6, 6}, 611 {0, 0} 612 } 613 }, 614 {0, 0, 2, 0, /* 0x4e */ 615 {{1, 3}, 616 {6, 6}, 617 {0, 0}, 618 {0, 0} 619 } 620 }, 621 {1, 0, 2, 0, /* 0x4f */ 622 {{0, 3}, 623 {6, 6}, 624 {0, 0}, 625 {0, 0} 626 } 627 }, 628 {0, 0, 2, 0, /* 0x50 */ 629 {{4, 4}, 630 {6, 6}, 631 {0, 0}, 632 {0, 0} 633 } 634 }, 635 {1, 0, 3, 0, /* 0x51 */ 636 {{0, 0}, 637 {4, 4}, 638 {6, 6}, 639 {0, 0} 640 } 641 }, 642 {0, 0, 3, 0, /* 0x52 */ 643 {{1, 1}, 644 {4, 4}, 645 {6, 6}, 646 {0, 0} 647 } 648 }, 649 {1, 0, 3, 0, /* 0x53 */ 650 {{0, 1}, 651 {4, 4}, 652 {6, 6}, 653 {0, 0} 654 } 655 }, 656 {0, 0, 3, 0, /* 0x54 */ 657 {{2, 2}, 658 {4, 4}, 659 {6, 6}, 660 {0, 0} 661 } 662 }, 663 {1, 0, 4, 0, /* 0x55 */ 664 {{0, 0}, 665 {2, 2}, 666 {4, 4}, 667 {6, 6} 668 } 669 }, 670 {0, 0, 3, 0, /* 0x56 */ 671 {{1, 2}, 672 {4, 4}, 673 {6, 6}, 674 {0, 0} 675 } 676 }, 677 {1, 0, 3, 0, /* 0x57 */ 678 {{0, 2}, 679 {4, 4}, 680 {6, 6}, 681 {0, 0} 682 } 683 }, 684 {0, 0, 2, 0, /* 0x58 */ 685 {{3, 4}, 686 {6, 6}, 687 {0, 0}, 688 {0, 0} 689 } 690 }, 691 {1, 0, 3, 0, /* 0x59 */ 692 {{0, 0}, 693 {3, 4}, 694 {6, 6}, 695 {0, 0} 696 } 697 }, 698 {0, 0, 3, 0, /* 0x5a */ 699 {{1, 1}, 700 {3, 4}, 701 {6, 6}, 702 {0, 0} 703 } 704 }, 705 {1, 0, 3, 0, /* 0x5b */ 706 {{0, 1}, 707 {3, 4}, 708 {6, 6}, 709 {0, 0} 710 } 711 }, 712 {0, 0, 2, 0, /* 0x5c */ 713 {{2, 4}, 714 {6, 6}, 715 {0, 0}, 716 {0, 0} 717 } 718 }, 719 {1, 0, 3, 0, /* 0x5d */ 720 {{0, 0}, 721 {2, 4}, 722 {6, 6}, 723 {0, 0} 724 } 725 }, 726 {0, 0, 2, 0, /* 0x5e */ 727 {{1, 4}, 728 {6, 6}, 729 {0, 0}, 730 {0, 0} 731 } 732 }, 733 {1, 0, 2, 0, /* 0x5f */ 734 {{0, 4}, 735 {6, 6}, 736 {0, 0}, 737 {0, 0} 738 } 739 }, 740 {0, 0, 1, 0, /* 0x60 */ 741 {{5, 6}, 742 {0, 0}, 743 {0, 0}, 744 {0, 0} 745 } 746 }, 747 {1, 0, 2, 0, /* 0x61 */ 748 {{0, 0}, 749 {5, 6}, 750 {0, 0}, 751 {0, 0} 752 } 753 }, 754 {0, 0, 2, 0, /* 0x62 */ 755 {{1, 1}, 756 {5, 6}, 757 {0, 0}, 758 {0, 0} 759 } 760 }, 761 {1, 0, 2, 0, /* 0x63 */ 762 {{0, 1}, 763 {5, 6}, 764 {0, 0}, 765 {0, 0} 766 } 767 }, 768 {0, 0, 2, 0, /* 0x64 */ 769 {{2, 2}, 770 {5, 6}, 771 {0, 0}, 772 {0, 0} 773 } 774 }, 775 {1, 0, 3, 0, /* 0x65 */ 776 {{0, 0}, 777 {2, 2}, 778 {5, 6}, 779 {0, 0} 780 } 781 }, 782 {0, 0, 2, 0, /* 0x66 */ 783 {{1, 2}, 784 {5, 6}, 785 {0, 0}, 786 {0, 0} 787 } 788 }, 789 {1, 0, 2, 0, /* 0x67 */ 790 {{0, 2}, 791 {5, 6}, 792 {0, 0}, 793 {0, 0} 794 } 795 }, 796 {0, 0, 2, 0, /* 0x68 */ 797 {{3, 3}, 798 {5, 6}, 799 {0, 0}, 800 {0, 0} 801 } 802 }, 803 {1, 0, 3, 0, /* 0x69 */ 804 {{0, 0}, 805 {3, 3}, 806 {5, 6}, 807 {0, 0} 808 } 809 }, 810 {0, 0, 3, 0, /* 0x6a */ 811 {{1, 1}, 812 {3, 3}, 813 {5, 6}, 814 {0, 0} 815 } 816 }, 817 {1, 0, 3, 0, /* 0x6b */ 818 {{0, 1}, 819 {3, 3}, 820 {5, 6}, 821 {0, 0} 822 } 823 }, 824 {0, 0, 2, 0, /* 0x6c */ 825 {{2, 3}, 826 {5, 6}, 827 {0, 0}, 828 {0, 0} 829 } 830 }, 831 {1, 0, 3, 0, /* 0x6d */ 832 {{0, 0}, 833 {2, 3}, 834 {5, 6}, 835 {0, 0} 836 } 837 }, 838 {0, 0, 2, 0, /* 0x6e */ 839 {{1, 3}, 840 {5, 6}, 841 {0, 0}, 842 {0, 0} 843 } 844 }, 845 {1, 0, 2, 0, /* 0x6f */ 846 {{0, 3}, 847 {5, 6}, 848 {0, 0}, 849 {0, 0} 850 } 851 }, 852 {0, 0, 1, 0, /* 0x70 */ 853 {{4, 6}, 854 {0, 0}, 855 {0, 0}, 856 {0, 0} 857 } 858 }, 859 {1, 0, 2, 0, /* 0x71 */ 860 {{0, 0}, 861 {4, 6}, 862 {0, 0}, 863 {0, 0} 864 } 865 }, 866 {0, 0, 2, 0, /* 0x72 */ 867 {{1, 1}, 868 {4, 6}, 869 {0, 0}, 870 {0, 0} 871 } 872 }, 873 {1, 0, 2, 0, /* 0x73 */ 874 {{0, 1}, 875 {4, 6}, 876 {0, 0}, 877 {0, 0} 878 } 879 }, 880 {0, 0, 2, 0, /* 0x74 */ 881 {{2, 2}, 882 {4, 6}, 883 {0, 0}, 884 {0, 0} 885 } 886 }, 887 {1, 0, 3, 0, /* 0x75 */ 888 {{0, 0}, 889 {2, 2}, 890 {4, 6}, 891 {0, 0} 892 } 893 }, 894 {0, 0, 2, 0, /* 0x76 */ 895 {{1, 2}, 896 {4, 6}, 897 {0, 0}, 898 {0, 0} 899 } 900 }, 901 {1, 0, 2, 0, /* 0x77 */ 902 {{0, 2}, 903 {4, 6}, 904 {0, 0}, 905 {0, 0} 906 } 907 }, 908 {0, 0, 1, 0, /* 0x78 */ 909 {{3, 6}, 910 {0, 0}, 911 {0, 0}, 912 {0, 0} 913 } 914 }, 915 {1, 0, 2, 0, /* 0x79 */ 916 {{0, 0}, 917 {3, 6}, 918 {0, 0}, 919 {0, 0} 920 } 921 }, 922 {0, 0, 2, 0, /* 0x7a */ 923 {{1, 1}, 924 {3, 6}, 925 {0, 0}, 926 {0, 0} 927 } 928 }, 929 {1, 0, 2, 0, /* 0x7b */ 930 {{0, 1}, 931 {3, 6}, 932 {0, 0}, 933 {0, 0} 934 } 935 }, 936 {0, 0, 1, 0, /* 0x7c */ 937 {{2, 6}, 938 {0, 0}, 939 {0, 0}, 940 {0, 0} 941 } 942 }, 943 {1, 0, 2, 0, /* 0x7d */ 944 {{0, 0}, 945 {2, 6}, 946 {0, 0}, 947 {0, 0} 948 } 949 }, 950 {0, 0, 1, 0, /* 0x7e */ 951 {{1, 6}, 952 {0, 0}, 953 {0, 0}, 954 {0, 0} 955 } 956 }, 957 {1, 0, 1, 0, /* 0x7f */ 958 {{0, 6}, 959 {0, 0}, 960 {0, 0}, 961 {0, 0} 962 } 963 }, 964 {0, 1, 1, 0, /* 0x80 */ 965 {{7, 7}, 966 {0, 0}, 967 {0, 0}, 968 {0, 0} 969 } 970 }, 971 {1, 1, 2, 0, /* 0x81 */ 972 {{0, 0}, 973 {7, 7}, 974 {0, 0}, 975 {0, 0} 976 } 977 }, 978 {0, 1, 2, 0, /* 0x82 */ 979 {{1, 1}, 980 {7, 7}, 981 {0, 0}, 982 {0, 0} 983 } 984 }, 985 {1, 1, 2, 0, /* 0x83 */ 986 {{0, 1}, 987 {7, 7}, 988 {0, 0}, 989 {0, 0} 990 } 991 }, 992 {0, 1, 2, 0, /* 0x84 */ 993 {{2, 2}, 994 {7, 7}, 995 {0, 0}, 996 {0, 0} 997 } 998 }, 999 {1, 1, 3, 0, /* 0x85 */ 1000 {{0, 0}, 1001 {2, 2}, 1002 {7, 7}, 1003 {0, 0} 1004 } 1005 }, 1006 {0, 1, 2, 0, /* 0x86 */ 1007 {{1, 2}, 1008 {7, 7}, 1009 {0, 0}, 1010 {0, 0} 1011 } 1012 }, 1013 {1, 1, 2, 0, /* 0x87 */ 1014 {{0, 2}, 1015 {7, 7}, 1016 {0, 0}, 1017 {0, 0} 1018 } 1019 }, 1020 {0, 1, 2, 0, /* 0x88 */ 1021 {{3, 3}, 1022 {7, 7}, 1023 {0, 0}, 1024 {0, 0} 1025 } 1026 }, 1027 {1, 1, 3, 0, /* 0x89 */ 1028 {{0, 0}, 1029 {3, 3}, 1030 {7, 7}, 1031 {0, 0} 1032 } 1033 }, 1034 {0, 1, 3, 0, /* 0x8a */ 1035 {{1, 1}, 1036 {3, 3}, 1037 {7, 7}, 1038 {0, 0} 1039 } 1040 }, 1041 {1, 1, 3, 0, /* 0x8b */ 1042 {{0, 1}, 1043 {3, 3}, 1044 {7, 7}, 1045 {0, 0} 1046 } 1047 }, 1048 {0, 1, 2, 0, /* 0x8c */ 1049 {{2, 3}, 1050 {7, 7}, 1051 {0, 0}, 1052 {0, 0} 1053 } 1054 }, 1055 {1, 1, 3, 0, /* 0x8d */ 1056 {{0, 0}, 1057 {2, 3}, 1058 {7, 7}, 1059 {0, 0} 1060 } 1061 }, 1062 {0, 1, 2, 0, /* 0x8e */ 1063 {{1, 3}, 1064 {7, 7}, 1065 {0, 0}, 1066 {0, 0} 1067 } 1068 }, 1069 {1, 1, 2, 0, /* 0x8f */ 1070 {{0, 3}, 1071 {7, 7}, 1072 {0, 0}, 1073 {0, 0} 1074 } 1075 }, 1076 {0, 1, 2, 0, /* 0x90 */ 1077 {{4, 4}, 1078 {7, 7}, 1079 {0, 0}, 1080 {0, 0} 1081 } 1082 }, 1083 {1, 1, 3, 0, /* 0x91 */ 1084 {{0, 0}, 1085 {4, 4}, 1086 {7, 7}, 1087 {0, 0} 1088 } 1089 }, 1090 {0, 1, 3, 0, /* 0x92 */ 1091 {{1, 1}, 1092 {4, 4}, 1093 {7, 7}, 1094 {0, 0} 1095 } 1096 }, 1097 {1, 1, 3, 0, /* 0x93 */ 1098 {{0, 1}, 1099 {4, 4}, 1100 {7, 7}, 1101 {0, 0} 1102 } 1103 }, 1104 {0, 1, 3, 0, /* 0x94 */ 1105 {{2, 2}, 1106 {4, 4}, 1107 {7, 7}, 1108 {0, 0} 1109 } 1110 }, 1111 {1, 1, 4, 0, /* 0x95 */ 1112 {{0, 0}, 1113 {2, 2}, 1114 {4, 4}, 1115 {7, 7} 1116 } 1117 }, 1118 {0, 1, 3, 0, /* 0x96 */ 1119 {{1, 2}, 1120 {4, 4}, 1121 {7, 7}, 1122 {0, 0} 1123 } 1124 }, 1125 {1, 1, 3, 0, /* 0x97 */ 1126 {{0, 2}, 1127 {4, 4}, 1128 {7, 7}, 1129 {0, 0} 1130 } 1131 }, 1132 {0, 1, 2, 0, /* 0x98 */ 1133 {{3, 4}, 1134 {7, 7}, 1135 {0, 0}, 1136 {0, 0} 1137 } 1138 }, 1139 {1, 1, 3, 0, /* 0x99 */ 1140 {{0, 0}, 1141 {3, 4}, 1142 {7, 7}, 1143 {0, 0} 1144 } 1145 }, 1146 {0, 1, 3, 0, /* 0x9a */ 1147 {{1, 1}, 1148 {3, 4}, 1149 {7, 7}, 1150 {0, 0} 1151 } 1152 }, 1153 {1, 1, 3, 0, /* 0x9b */ 1154 {{0, 1}, 1155 {3, 4}, 1156 {7, 7}, 1157 {0, 0} 1158 } 1159 }, 1160 {0, 1, 2, 0, /* 0x9c */ 1161 {{2, 4}, 1162 {7, 7}, 1163 {0, 0}, 1164 {0, 0} 1165 } 1166 }, 1167 {1, 1, 3, 0, /* 0x9d */ 1168 {{0, 0}, 1169 {2, 4}, 1170 {7, 7}, 1171 {0, 0} 1172 } 1173 }, 1174 {0, 1, 2, 0, /* 0x9e */ 1175 {{1, 4}, 1176 {7, 7}, 1177 {0, 0}, 1178 {0, 0} 1179 } 1180 }, 1181 {1, 1, 2, 0, /* 0x9f */ 1182 {{0, 4}, 1183 {7, 7}, 1184 {0, 0}, 1185 {0, 0} 1186 } 1187 }, 1188 {0, 1, 2, 0, /* 0xa0 */ 1189 {{5, 5}, 1190 {7, 7}, 1191 {0, 0}, 1192 {0, 0} 1193 } 1194 }, 1195 {1, 1, 3, 0, /* 0xa1 */ 1196 {{0, 0}, 1197 {5, 5}, 1198 {7, 7}, 1199 {0, 0} 1200 } 1201 }, 1202 {0, 1, 3, 0, /* 0xa2 */ 1203 {{1, 1}, 1204 {5, 5}, 1205 {7, 7}, 1206 {0, 0} 1207 } 1208 }, 1209 {1, 1, 3, 0, /* 0xa3 */ 1210 {{0, 1}, 1211 {5, 5}, 1212 {7, 7}, 1213 {0, 0} 1214 } 1215 }, 1216 {0, 1, 3, 0, /* 0xa4 */ 1217 {{2, 2}, 1218 {5, 5}, 1219 {7, 7}, 1220 {0, 0} 1221 } 1222 }, 1223 {1, 1, 4, 0, /* 0xa5 */ 1224 {{0, 0}, 1225 {2, 2}, 1226 {5, 5}, 1227 {7, 7} 1228 } 1229 }, 1230 {0, 1, 3, 0, /* 0xa6 */ 1231 {{1, 2}, 1232 {5, 5}, 1233 {7, 7}, 1234 {0, 0} 1235 } 1236 }, 1237 {1, 1, 3, 0, /* 0xa7 */ 1238 {{0, 2}, 1239 {5, 5}, 1240 {7, 7}, 1241 {0, 0} 1242 } 1243 }, 1244 {0, 1, 3, 0, /* 0xa8 */ 1245 {{3, 3}, 1246 {5, 5}, 1247 {7, 7}, 1248 {0, 0} 1249 } 1250 }, 1251 {1, 1, 4, 0, /* 0xa9 */ 1252 {{0, 0}, 1253 {3, 3}, 1254 {5, 5}, 1255 {7, 7} 1256 } 1257 }, 1258 {0, 1, 4, 0, /* 0xaa */ 1259 {{1, 1}, 1260 {3, 3}, 1261 {5, 5}, 1262 {7, 7} 1263 } 1264 }, 1265 {1, 1, 4, 0, /* 0xab */ 1266 {{0, 1}, 1267 {3, 3}, 1268 {5, 5}, 1269 {7, 7} 1270 } 1271 }, 1272 {0, 1, 3, 0, /* 0xac */ 1273 {{2, 3}, 1274 {5, 5}, 1275 {7, 7}, 1276 {0, 0} 1277 } 1278 }, 1279 {1, 1, 4, 0, /* 0xad */ 1280 {{0, 0}, 1281 {2, 3}, 1282 {5, 5}, 1283 {7, 7} 1284 } 1285 }, 1286 {0, 1, 3, 0, /* 0xae */ 1287 {{1, 3}, 1288 {5, 5}, 1289 {7, 7}, 1290 {0, 0} 1291 } 1292 }, 1293 {1, 1, 3, 0, /* 0xaf */ 1294 {{0, 3}, 1295 {5, 5}, 1296 {7, 7}, 1297 {0, 0} 1298 } 1299 }, 1300 {0, 1, 2, 0, /* 0xb0 */ 1301 {{4, 5}, 1302 {7, 7}, 1303 {0, 0}, 1304 {0, 0} 1305 } 1306 }, 1307 {1, 1, 3, 0, /* 0xb1 */ 1308 {{0, 0}, 1309 {4, 5}, 1310 {7, 7}, 1311 {0, 0} 1312 } 1313 }, 1314 {0, 1, 3, 0, /* 0xb2 */ 1315 {{1, 1}, 1316 {4, 5}, 1317 {7, 7}, 1318 {0, 0} 1319 } 1320 }, 1321 {1, 1, 3, 0, /* 0xb3 */ 1322 {{0, 1}, 1323 {4, 5}, 1324 {7, 7}, 1325 {0, 0} 1326 } 1327 }, 1328 {0, 1, 3, 0, /* 0xb4 */ 1329 {{2, 2}, 1330 {4, 5}, 1331 {7, 7}, 1332 {0, 0} 1333 } 1334 }, 1335 {1, 1, 4, 0, /* 0xb5 */ 1336 {{0, 0}, 1337 {2, 2}, 1338 {4, 5}, 1339 {7, 7} 1340 } 1341 }, 1342 {0, 1, 3, 0, /* 0xb6 */ 1343 {{1, 2}, 1344 {4, 5}, 1345 {7, 7}, 1346 {0, 0} 1347 } 1348 }, 1349 {1, 1, 3, 0, /* 0xb7 */ 1350 {{0, 2}, 1351 {4, 5}, 1352 {7, 7}, 1353 {0, 0} 1354 } 1355 }, 1356 {0, 1, 2, 0, /* 0xb8 */ 1357 {{3, 5}, 1358 {7, 7}, 1359 {0, 0}, 1360 {0, 0} 1361 } 1362 }, 1363 {1, 1, 3, 0, /* 0xb9 */ 1364 {{0, 0}, 1365 {3, 5}, 1366 {7, 7}, 1367 {0, 0} 1368 } 1369 }, 1370 {0, 1, 3, 0, /* 0xba */ 1371 {{1, 1}, 1372 {3, 5}, 1373 {7, 7}, 1374 {0, 0} 1375 } 1376 }, 1377 {1, 1, 3, 0, /* 0xbb */ 1378 {{0, 1}, 1379 {3, 5}, 1380 {7, 7}, 1381 {0, 0} 1382 } 1383 }, 1384 {0, 1, 2, 0, /* 0xbc */ 1385 {{2, 5}, 1386 {7, 7}, 1387 {0, 0}, 1388 {0, 0} 1389 } 1390 }, 1391 {1, 1, 3, 0, /* 0xbd */ 1392 {{0, 0}, 1393 {2, 5}, 1394 {7, 7}, 1395 {0, 0} 1396 } 1397 }, 1398 {0, 1, 2, 0, /* 0xbe */ 1399 {{1, 5}, 1400 {7, 7}, 1401 {0, 0}, 1402 {0, 0} 1403 } 1404 }, 1405 {1, 1, 2, 0, /* 0xbf */ 1406 {{0, 5}, 1407 {7, 7}, 1408 {0, 0}, 1409 {0, 0} 1410 } 1411 }, 1412 {0, 1, 1, 0, /* 0xc0 */ 1413 {{6, 7}, 1414 {0, 0}, 1415 {0, 0}, 1416 {0, 0} 1417 } 1418 }, 1419 {1, 1, 2, 0, /* 0xc1 */ 1420 {{0, 0}, 1421 {6, 7}, 1422 {0, 0}, 1423 {0, 0} 1424 } 1425 }, 1426 {0, 1, 2, 0, /* 0xc2 */ 1427 {{1, 1}, 1428 {6, 7}, 1429 {0, 0}, 1430 {0, 0} 1431 } 1432 }, 1433 {1, 1, 2, 0, /* 0xc3 */ 1434 {{0, 1}, 1435 {6, 7}, 1436 {0, 0}, 1437 {0, 0} 1438 } 1439 }, 1440 {0, 1, 2, 0, /* 0xc4 */ 1441 {{2, 2}, 1442 {6, 7}, 1443 {0, 0}, 1444 {0, 0} 1445 } 1446 }, 1447 {1, 1, 3, 0, /* 0xc5 */ 1448 {{0, 0}, 1449 {2, 2}, 1450 {6, 7}, 1451 {0, 0} 1452 } 1453 }, 1454 {0, 1, 2, 0, /* 0xc6 */ 1455 {{1, 2}, 1456 {6, 7}, 1457 {0, 0}, 1458 {0, 0} 1459 } 1460 }, 1461 {1, 1, 2, 0, /* 0xc7 */ 1462 {{0, 2}, 1463 {6, 7}, 1464 {0, 0}, 1465 {0, 0} 1466 } 1467 }, 1468 {0, 1, 2, 0, /* 0xc8 */ 1469 {{3, 3}, 1470 {6, 7}, 1471 {0, 0}, 1472 {0, 0} 1473 } 1474 }, 1475 {1, 1, 3, 0, /* 0xc9 */ 1476 {{0, 0}, 1477 {3, 3}, 1478 {6, 7}, 1479 {0, 0} 1480 } 1481 }, 1482 {0, 1, 3, 0, /* 0xca */ 1483 {{1, 1}, 1484 {3, 3}, 1485 {6, 7}, 1486 {0, 0} 1487 } 1488 }, 1489 {1, 1, 3, 0, /* 0xcb */ 1490 {{0, 1}, 1491 {3, 3}, 1492 {6, 7}, 1493 {0, 0} 1494 } 1495 }, 1496 {0, 1, 2, 0, /* 0xcc */ 1497 {{2, 3}, 1498 {6, 7}, 1499 {0, 0}, 1500 {0, 0} 1501 } 1502 }, 1503 {1, 1, 3, 0, /* 0xcd */ 1504 {{0, 0}, 1505 {2, 3}, 1506 {6, 7}, 1507 {0, 0} 1508 } 1509 }, 1510 {0, 1, 2, 0, /* 0xce */ 1511 {{1, 3}, 1512 {6, 7}, 1513 {0, 0}, 1514 {0, 0} 1515 } 1516 }, 1517 {1, 1, 2, 0, /* 0xcf */ 1518 {{0, 3}, 1519 {6, 7}, 1520 {0, 0}, 1521 {0, 0} 1522 } 1523 }, 1524 {0, 1, 2, 0, /* 0xd0 */ 1525 {{4, 4}, 1526 {6, 7}, 1527 {0, 0}, 1528 {0, 0} 1529 } 1530 }, 1531 {1, 1, 3, 0, /* 0xd1 */ 1532 {{0, 0}, 1533 {4, 4}, 1534 {6, 7}, 1535 {0, 0} 1536 } 1537 }, 1538 {0, 1, 3, 0, /* 0xd2 */ 1539 {{1, 1}, 1540 {4, 4}, 1541 {6, 7}, 1542 {0, 0} 1543 } 1544 }, 1545 {1, 1, 3, 0, /* 0xd3 */ 1546 {{0, 1}, 1547 {4, 4}, 1548 {6, 7}, 1549 {0, 0} 1550 } 1551 }, 1552 {0, 1, 3, 0, /* 0xd4 */ 1553 {{2, 2}, 1554 {4, 4}, 1555 {6, 7}, 1556 {0, 0} 1557 } 1558 }, 1559 {1, 1, 4, 0, /* 0xd5 */ 1560 {{0, 0}, 1561 {2, 2}, 1562 {4, 4}, 1563 {6, 7} 1564 } 1565 }, 1566 {0, 1, 3, 0, /* 0xd6 */ 1567 {{1, 2}, 1568 {4, 4}, 1569 {6, 7}, 1570 {0, 0} 1571 } 1572 }, 1573 {1, 1, 3, 0, /* 0xd7 */ 1574 {{0, 2}, 1575 {4, 4}, 1576 {6, 7}, 1577 {0, 0} 1578 } 1579 }, 1580 {0, 1, 2, 0, /* 0xd8 */ 1581 {{3, 4}, 1582 {6, 7}, 1583 {0, 0}, 1584 {0, 0} 1585 } 1586 }, 1587 {1, 1, 3, 0, /* 0xd9 */ 1588 {{0, 0}, 1589 {3, 4}, 1590 {6, 7}, 1591 {0, 0} 1592 } 1593 }, 1594 {0, 1, 3, 0, /* 0xda */ 1595 {{1, 1}, 1596 {3, 4}, 1597 {6, 7}, 1598 {0, 0} 1599 } 1600 }, 1601 {1, 1, 3, 0, /* 0xdb */ 1602 {{0, 1}, 1603 {3, 4}, 1604 {6, 7}, 1605 {0, 0} 1606 } 1607 }, 1608 {0, 1, 2, 0, /* 0xdc */ 1609 {{2, 4}, 1610 {6, 7}, 1611 {0, 0}, 1612 {0, 0} 1613 } 1614 }, 1615 {1, 1, 3, 0, /* 0xdd */ 1616 {{0, 0}, 1617 {2, 4}, 1618 {6, 7}, 1619 {0, 0} 1620 } 1621 }, 1622 {0, 1, 2, 0, /* 0xde */ 1623 {{1, 4}, 1624 {6, 7}, 1625 {0, 0}, 1626 {0, 0} 1627 } 1628 }, 1629 {1, 1, 2, 0, /* 0xdf */ 1630 {{0, 4}, 1631 {6, 7}, 1632 {0, 0}, 1633 {0, 0} 1634 } 1635 }, 1636 {0, 1, 1, 0, /* 0xe0 */ 1637 {{5, 7}, 1638 {0, 0}, 1639 {0, 0}, 1640 {0, 0} 1641 } 1642 }, 1643 {1, 1, 2, 0, /* 0xe1 */ 1644 {{0, 0}, 1645 {5, 7}, 1646 {0, 0}, 1647 {0, 0} 1648 } 1649 }, 1650 {0, 1, 2, 0, /* 0xe2 */ 1651 {{1, 1}, 1652 {5, 7}, 1653 {0, 0}, 1654 {0, 0} 1655 } 1656 }, 1657 {1, 1, 2, 0, /* 0xe3 */ 1658 {{0, 1}, 1659 {5, 7}, 1660 {0, 0}, 1661 {0, 0} 1662 } 1663 }, 1664 {0, 1, 2, 0, /* 0xe4 */ 1665 {{2, 2}, 1666 {5, 7}, 1667 {0, 0}, 1668 {0, 0} 1669 } 1670 }, 1671 {1, 1, 3, 0, /* 0xe5 */ 1672 {{0, 0}, 1673 {2, 2}, 1674 {5, 7}, 1675 {0, 0} 1676 } 1677 }, 1678 {0, 1, 2, 0, /* 0xe6 */ 1679 {{1, 2}, 1680 {5, 7}, 1681 {0, 0}, 1682 {0, 0} 1683 } 1684 }, 1685 {1, 1, 2, 0, /* 0xe7 */ 1686 {{0, 2}, 1687 {5, 7}, 1688 {0, 0}, 1689 {0, 0} 1690 } 1691 }, 1692 {0, 1, 2, 0, /* 0xe8 */ 1693 {{3, 3}, 1694 {5, 7}, 1695 {0, 0}, 1696 {0, 0} 1697 } 1698 }, 1699 {1, 1, 3, 0, /* 0xe9 */ 1700 {{0, 0}, 1701 {3, 3}, 1702 {5, 7}, 1703 {0, 0} 1704 } 1705 }, 1706 {0, 1, 3, 0, /* 0xea */ 1707 {{1, 1}, 1708 {3, 3}, 1709 {5, 7}, 1710 {0, 0} 1711 } 1712 }, 1713 {1, 1, 3, 0, /* 0xeb */ 1714 {{0, 1}, 1715 {3, 3}, 1716 {5, 7}, 1717 {0, 0} 1718 } 1719 }, 1720 {0, 1, 2, 0, /* 0xec */ 1721 {{2, 3}, 1722 {5, 7}, 1723 {0, 0}, 1724 {0, 0} 1725 } 1726 }, 1727 {1, 1, 3, 0, /* 0xed */ 1728 {{0, 0}, 1729 {2, 3}, 1730 {5, 7}, 1731 {0, 0} 1732 } 1733 }, 1734 {0, 1, 2, 0, /* 0xee */ 1735 {{1, 3}, 1736 {5, 7}, 1737 {0, 0}, 1738 {0, 0} 1739 } 1740 }, 1741 {1, 1, 2, 0, /* 0xef */ 1742 {{0, 3}, 1743 {5, 7}, 1744 {0, 0}, 1745 {0, 0} 1746 } 1747 }, 1748 {0, 1, 1, 0, /* 0xf0 */ 1749 {{4, 7}, 1750 {0, 0}, 1751 {0, 0}, 1752 {0, 0} 1753 } 1754 }, 1755 {1, 1, 2, 0, /* 0xf1 */ 1756 {{0, 0}, 1757 {4, 7}, 1758 {0, 0}, 1759 {0, 0} 1760 } 1761 }, 1762 {0, 1, 2, 0, /* 0xf2 */ 1763 {{1, 1}, 1764 {4, 7}, 1765 {0, 0}, 1766 {0, 0} 1767 } 1768 }, 1769 {1, 1, 2, 0, /* 0xf3 */ 1770 {{0, 1}, 1771 {4, 7}, 1772 {0, 0}, 1773 {0, 0} 1774 } 1775 }, 1776 {0, 1, 2, 0, /* 0xf4 */ 1777 {{2, 2}, 1778 {4, 7}, 1779 {0, 0}, 1780 {0, 0} 1781 } 1782 }, 1783 {1, 1, 3, 0, /* 0xf5 */ 1784 {{0, 0}, 1785 {2, 2}, 1786 {4, 7}, 1787 {0, 0} 1788 } 1789 }, 1790 {0, 1, 2, 0, /* 0xf6 */ 1791 {{1, 2}, 1792 {4, 7}, 1793 {0, 0}, 1794 {0, 0} 1795 } 1796 }, 1797 {1, 1, 2, 0, /* 0xf7 */ 1798 {{0, 2}, 1799 {4, 7}, 1800 {0, 0}, 1801 {0, 0} 1802 } 1803 }, 1804 {0, 1, 1, 0, /* 0xf8 */ 1805 {{3, 7}, 1806 {0, 0}, 1807 {0, 0}, 1808 {0, 0} 1809 } 1810 }, 1811 {1, 1, 2, 0, /* 0xf9 */ 1812 {{0, 0}, 1813 {3, 7}, 1814 {0, 0}, 1815 {0, 0} 1816 } 1817 }, 1818 {0, 1, 2, 0, /* 0xfa */ 1819 {{1, 1}, 1820 {3, 7}, 1821 {0, 0}, 1822 {0, 0} 1823 } 1824 }, 1825 {1, 1, 2, 0, /* 0xfb */ 1826 {{0, 1}, 1827 {3, 7}, 1828 {0, 0}, 1829 {0, 0} 1830 } 1831 }, 1832 {0, 1, 1, 0, /* 0xfc */ 1833 {{2, 7}, 1834 {0, 0}, 1835 {0, 0}, 1836 {0, 0} 1837 } 1838 }, 1839 {1, 1, 2, 0, /* 0xfd */ 1840 {{0, 0}, 1841 {2, 7}, 1842 {0, 0}, 1843 {0, 0} 1844 } 1845 }, 1846 {0, 1, 1, 0, /* 0xfe */ 1847 {{1, 7}, 1848 {0, 0}, 1849 {0, 0}, 1850 {0, 0} 1851 } 1852 }, 1853 {1, 1, 1, 0, /* 0xff */ 1854 {{0, 7}, 1855 {0, 0}, 1856 {0, 0}, 1857 {0, 0} 1858 } 1859 } 1860}; 1861 1862 1863int 1864sctp_is_address_in_scope(struct sctp_ifa *ifa, 1865 int ipv4_addr_legal, 1866 int ipv6_addr_legal, 1867 int loopback_scope, 1868 int ipv4_local_scope, 1869 int local_scope, 1870 int site_scope, 1871 int do_update) 1872{ 1873 if ((loopback_scope == 0) && 1874 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) { 1875 /* 1876 * skip loopback if not in scope * 1877 */ 1878 return (0); 1879 } 1880 switch (ifa->address.sa.sa_family) { 1881 case AF_INET: 1882 if (ipv4_addr_legal) { 1883 struct sockaddr_in *sin; 1884 1885 sin = (struct sockaddr_in *)&ifa->address.sin; 1886 if (sin->sin_addr.s_addr == 0) { 1887 /* not in scope , unspecified */ 1888 return (0); 1889 } 1890 if ((ipv4_local_scope == 0) && 1891 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1892 /* private address not in scope */ 1893 return (0); 1894 } 1895 } else { 1896 return (0); 1897 } 1898 break; 1899#ifdef INET6 1900 case AF_INET6: 1901 if (ipv6_addr_legal) { 1902 struct sockaddr_in6 *sin6; 1903 1904 /* 1905 * Must update the flags, bummer, which means any 1906 * IFA locks must now be applied HERE <-> 1907 */ 1908 if (do_update) { 1909 sctp_gather_internal_ifa_flags(ifa); 1910 } 1911 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1912 return (0); 1913 } 1914 /* ok to use deprecated addresses? */ 1915 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1916 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1917 /* skip unspecifed addresses */ 1918 return (0); 1919 } 1920 if ( /* (local_scope == 0) && */ 1921 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1922 return (0); 1923 } 1924 if ((site_scope == 0) && 1925 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1926 return (0); 1927 } 1928 } else { 1929 return (0); 1930 } 1931 break; 1932#endif 1933 default: 1934 return (0); 1935 } 1936 return (1); 1937} 1938 1939static struct mbuf * 1940sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa) 1941{ 1942 struct sctp_paramhdr *parmh; 1943 struct mbuf *mret; 1944 int len; 1945 1946 if (ifa->address.sa.sa_family == AF_INET) { 1947 len = sizeof(struct sctp_ipv4addr_param); 1948 } else if (ifa->address.sa.sa_family == AF_INET6) { 1949 len = sizeof(struct sctp_ipv6addr_param); 1950 } else { 1951 /* unknown type */ 1952 return (m); 1953 } 1954 if (M_TRAILINGSPACE(m) >= len) { 1955 /* easy side we just drop it on the end */ 1956 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 1957 mret = m; 1958 } else { 1959 /* Need more space */ 1960 mret = m; 1961 while (SCTP_BUF_NEXT(mret) != NULL) { 1962 mret = SCTP_BUF_NEXT(mret); 1963 } 1964 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA); 1965 if (SCTP_BUF_NEXT(mret) == NULL) { 1966 /* We are hosed, can't add more addresses */ 1967 return (m); 1968 } 1969 mret = SCTP_BUF_NEXT(mret); 1970 parmh = mtod(mret, struct sctp_paramhdr *); 1971 } 1972 /* now add the parameter */ 1973 switch (ifa->address.sa.sa_family) { 1974 case AF_INET: 1975 { 1976 struct sctp_ipv4addr_param *ipv4p; 1977 struct sockaddr_in *sin; 1978 1979 sin = (struct sockaddr_in *)&ifa->address.sin; 1980 ipv4p = (struct sctp_ipv4addr_param *)parmh; 1981 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 1982 parmh->param_length = htons(len); 1983 ipv4p->addr = sin->sin_addr.s_addr; 1984 SCTP_BUF_LEN(mret) += len; 1985 break; 1986 } 1987#ifdef INET6 1988 case AF_INET6: 1989 { 1990 struct sctp_ipv6addr_param *ipv6p; 1991 struct sockaddr_in6 *sin6; 1992 1993 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1994 ipv6p = (struct sctp_ipv6addr_param *)parmh; 1995 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 1996 parmh->param_length = htons(len); 1997 memcpy(ipv6p->addr, &sin6->sin6_addr, 1998 sizeof(ipv6p->addr)); 1999 /* clear embedded scope in the address */ 2000 in6_clearscope((struct in6_addr *)ipv6p->addr); 2001 SCTP_BUF_LEN(mret) += len; 2002 break; 2003 } 2004#endif 2005 default: 2006 return (m); 2007 } 2008 return (mret); 2009} 2010 2011 2012struct mbuf * 2013sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope, 2014 struct mbuf *m_at, int cnt_inits_to) 2015{ 2016 struct sctp_vrf *vrf = NULL; 2017 int cnt, limit_out = 0, total_count; 2018 uint32_t vrf_id; 2019 2020 vrf_id = inp->def_vrf_id; 2021 SCTP_IPI_ADDR_RLOCK(); 2022 vrf = sctp_find_vrf(vrf_id); 2023 if (vrf == NULL) { 2024 SCTP_IPI_ADDR_RUNLOCK(); 2025 return (m_at); 2026 } 2027 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2028 struct sctp_ifa *sctp_ifap; 2029 struct sctp_ifn *sctp_ifnp; 2030 2031 cnt = cnt_inits_to; 2032 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) { 2033 limit_out = 1; 2034 cnt = SCTP_ADDRESS_LIMIT; 2035 goto skip_count; 2036 } 2037 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2038 if ((scope->loopback_scope == 0) && 2039 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2040 /* 2041 * Skip loopback devices if loopback_scope 2042 * not set 2043 */ 2044 continue; 2045 } 2046 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2047 if (sctp_is_address_in_scope(sctp_ifap, 2048 scope->ipv4_addr_legal, 2049 scope->ipv6_addr_legal, 2050 scope->loopback_scope, 2051 scope->ipv4_local_scope, 2052 scope->local_scope, 2053 scope->site_scope, 1) == 0) { 2054 continue; 2055 } 2056 cnt++; 2057 if (cnt > SCTP_ADDRESS_LIMIT) { 2058 break; 2059 } 2060 } 2061 if (cnt > SCTP_ADDRESS_LIMIT) { 2062 break; 2063 } 2064 } 2065skip_count: 2066 if (cnt > 1) { 2067 total_count = 0; 2068 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2069 cnt = 0; 2070 if ((scope->loopback_scope == 0) && 2071 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2072 /* 2073 * Skip loopback devices if 2074 * loopback_scope not set 2075 */ 2076 continue; 2077 } 2078 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2079 if (sctp_is_address_in_scope(sctp_ifap, 2080 scope->ipv4_addr_legal, 2081 scope->ipv6_addr_legal, 2082 scope->loopback_scope, 2083 scope->ipv4_local_scope, 2084 scope->local_scope, 2085 scope->site_scope, 0) == 0) { 2086 continue; 2087 } 2088 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap); 2089 if (limit_out) { 2090 cnt++; 2091 total_count++; 2092 if (cnt >= 2) { 2093 /* 2094 * two from each 2095 * address 2096 */ 2097 break; 2098 } 2099 if (total_count > SCTP_ADDRESS_LIMIT) { 2100 /* No more addresses */ 2101 break; 2102 } 2103 } 2104 } 2105 } 2106 } 2107 } else { 2108 struct sctp_laddr *laddr; 2109 2110 cnt = cnt_inits_to; 2111 /* First, how many ? */ 2112 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2113 if (laddr->ifa == NULL) { 2114 continue; 2115 } 2116 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2117 /* 2118 * Address being deleted by the system, dont 2119 * list. 2120 */ 2121 continue; 2122 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2123 /* 2124 * Address being deleted on this ep don't 2125 * list. 2126 */ 2127 continue; 2128 } 2129 if (sctp_is_address_in_scope(laddr->ifa, 2130 scope->ipv4_addr_legal, 2131 scope->ipv6_addr_legal, 2132 scope->loopback_scope, 2133 scope->ipv4_local_scope, 2134 scope->local_scope, 2135 scope->site_scope, 1) == 0) { 2136 continue; 2137 } 2138 cnt++; 2139 } 2140 if (cnt > SCTP_ADDRESS_LIMIT) { 2141 limit_out = 1; 2142 } 2143 /* 2144 * To get through a NAT we only list addresses if we have 2145 * more than one. That way if you just bind a single address 2146 * we let the source of the init dictate our address. 2147 */ 2148 if (cnt > 1) { 2149 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2150 cnt = 0; 2151 if (laddr->ifa == NULL) { 2152 continue; 2153 } 2154 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2155 continue; 2156 2157 if (sctp_is_address_in_scope(laddr->ifa, 2158 scope->ipv4_addr_legal, 2159 scope->ipv6_addr_legal, 2160 scope->loopback_scope, 2161 scope->ipv4_local_scope, 2162 scope->local_scope, 2163 scope->site_scope, 0) == 0) { 2164 continue; 2165 } 2166 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 2167 cnt++; 2168 if (cnt >= SCTP_ADDRESS_LIMIT) { 2169 break; 2170 } 2171 } 2172 } 2173 } 2174 SCTP_IPI_ADDR_RUNLOCK(); 2175 return (m_at); 2176} 2177 2178static struct sctp_ifa * 2179sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa, 2180 uint8_t dest_is_loop, 2181 uint8_t dest_is_priv, 2182 sa_family_t fam) 2183{ 2184 uint8_t dest_is_global = 0; 2185 2186 /* dest_is_priv is true if destination is a private address */ 2187 /* dest_is_loop is true if destination is a loopback addresses */ 2188 2189 /* 2190 * Here we determine if its a preferred address. A preferred address 2191 * means it is the same scope or higher scope then the destination. 2192 * L = loopback, P = private, G = global 2193 * ----------------------------------------- src | dest | result 2194 * ---------------------------------------- L | L | yes 2195 * ----------------------------------------- P | L | 2196 * yes-v4 no-v6 ----------------------------------------- G | 2197 * L | yes-v4 no-v6 ----------------------------------------- L 2198 * | P | no ----------------------------------------- P | 2199 * P | yes ----------------------------------------- G | 2200 * P | no ----------------------------------------- L | G 2201 * | no ----------------------------------------- P | G | 2202 * no ----------------------------------------- G | G | 2203 * yes ----------------------------------------- 2204 */ 2205 2206 if (ifa->address.sa.sa_family != fam) { 2207 /* forget mis-matched family */ 2208 return (NULL); 2209 } 2210 if ((dest_is_priv == 0) && (dest_is_loop == 0)) { 2211 dest_is_global = 1; 2212 } 2213 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:"); 2214 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa); 2215 /* Ok the address may be ok */ 2216 if (fam == AF_INET6) { 2217 /* ok to use deprecated addresses? no lets not! */ 2218 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2219 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n"); 2220 return (NULL); 2221 } 2222 if (ifa->src_is_priv && !ifa->src_is_loop) { 2223 if (dest_is_loop) { 2224 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n"); 2225 return (NULL); 2226 } 2227 } 2228 if (ifa->src_is_glob) { 2229 if (dest_is_loop) { 2230 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n"); 2231 return (NULL); 2232 } 2233 } 2234 } 2235 /* 2236 * Now that we know what is what, implement or table this could in 2237 * theory be done slicker (it used to be), but this is 2238 * straightforward and easier to validate :-) 2239 */ 2240 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n", 2241 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob); 2242 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n", 2243 dest_is_loop, dest_is_priv, dest_is_global); 2244 2245 if ((ifa->src_is_loop) && (dest_is_priv)) { 2246 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n"); 2247 return (NULL); 2248 } 2249 if ((ifa->src_is_glob) && (dest_is_priv)) { 2250 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n"); 2251 return (NULL); 2252 } 2253 if ((ifa->src_is_loop) && (dest_is_global)) { 2254 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n"); 2255 return (NULL); 2256 } 2257 if ((ifa->src_is_priv) && (dest_is_global)) { 2258 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n"); 2259 return (NULL); 2260 } 2261 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n"); 2262 /* its a preferred address */ 2263 return (ifa); 2264} 2265 2266static struct sctp_ifa * 2267sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa, 2268 uint8_t dest_is_loop, 2269 uint8_t dest_is_priv, 2270 sa_family_t fam) 2271{ 2272 uint8_t dest_is_global = 0; 2273 2274 /* 2275 * Here we determine if its a acceptable address. A acceptable 2276 * address means it is the same scope or higher scope but we can 2277 * allow for NAT which means its ok to have a global dest and a 2278 * private src. 2279 * 2280 * L = loopback, P = private, G = global 2281 * ----------------------------------------- src | dest | result 2282 * ----------------------------------------- L | L | yes 2283 * ----------------------------------------- P | L | 2284 * yes-v4 no-v6 ----------------------------------------- G | 2285 * L | yes ----------------------------------------- L | 2286 * P | no ----------------------------------------- P | P 2287 * | yes ----------------------------------------- G | P 2288 * | yes - May not work ----------------------------------------- 2289 * L | G | no ----------------------------------------- P 2290 * | G | yes - May not work 2291 * ----------------------------------------- G | G | yes 2292 * ----------------------------------------- 2293 */ 2294 2295 if (ifa->address.sa.sa_family != fam) { 2296 /* forget non matching family */ 2297 return (NULL); 2298 } 2299 /* Ok the address may be ok */ 2300 if ((dest_is_loop == 0) && (dest_is_priv == 0)) { 2301 dest_is_global = 1; 2302 } 2303 if (fam == AF_INET6) { 2304 /* ok to use deprecated addresses? */ 2305 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2306 return (NULL); 2307 } 2308 if (ifa->src_is_priv) { 2309 /* Special case, linklocal to loop */ 2310 if (dest_is_loop) 2311 return (NULL); 2312 } 2313 } 2314 /* 2315 * Now that we know what is what, implement our table. This could in 2316 * theory be done slicker (it used to be), but this is 2317 * straightforward and easier to validate :-) 2318 */ 2319 if ((ifa->src_is_loop == 1) && (dest_is_priv)) { 2320 return (NULL); 2321 } 2322 if ((ifa->src_is_loop == 1) && (dest_is_global)) { 2323 return (NULL); 2324 } 2325 /* its an acceptable address */ 2326 return (ifa); 2327} 2328 2329int 2330sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 2331{ 2332 struct sctp_laddr *laddr; 2333 2334 if (stcb == NULL) { 2335 /* There are no restrictions, no TCB :-) */ 2336 return (0); 2337 } 2338 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 2339 if (laddr->ifa == NULL) { 2340 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2341 __FUNCTION__); 2342 continue; 2343 } 2344 if (laddr->ifa == ifa) { 2345 /* Yes it is on the list */ 2346 return (1); 2347 } 2348 } 2349 return (0); 2350} 2351 2352 2353int 2354sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 2355{ 2356 struct sctp_laddr *laddr; 2357 2358 if (ifa == NULL) 2359 return (0); 2360 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2361 if (laddr->ifa == NULL) { 2362 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2363 __FUNCTION__); 2364 continue; 2365 } 2366 if ((laddr->ifa == ifa) && laddr->action == 0) 2367 /* same pointer */ 2368 return (1); 2369 } 2370 return (0); 2371} 2372 2373 2374 2375static struct sctp_ifa * 2376sctp_choose_boundspecific_inp(struct sctp_inpcb *inp, 2377 sctp_route_t * ro, 2378 uint32_t vrf_id, 2379 int non_asoc_addr_ok, 2380 uint8_t dest_is_priv, 2381 uint8_t dest_is_loop, 2382 sa_family_t fam) 2383{ 2384 struct sctp_laddr *laddr, *starting_point; 2385 void *ifn; 2386 int resettotop = 0; 2387 struct sctp_ifn *sctp_ifn; 2388 struct sctp_ifa *sctp_ifa, *sifa; 2389 struct sctp_vrf *vrf; 2390 uint32_t ifn_index; 2391 2392 vrf = sctp_find_vrf(vrf_id); 2393 if (vrf == NULL) 2394 return (NULL); 2395 2396 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2397 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2398 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2399 /* 2400 * first question, is the ifn we will emit on in our list, if so, we 2401 * want such an address. Note that we first looked for a preferred 2402 * address. 2403 */ 2404 if (sctp_ifn) { 2405 /* is a preferred one on the interface we route out? */ 2406 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2407 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2408 (non_asoc_addr_ok == 0)) 2409 continue; 2410 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, 2411 dest_is_loop, 2412 dest_is_priv, fam); 2413 if (sifa == NULL) 2414 continue; 2415 if (sctp_is_addr_in_ep(inp, sifa)) { 2416 atomic_add_int(&sifa->refcount, 1); 2417 return (sifa); 2418 } 2419 } 2420 } 2421 /* 2422 * ok, now we now need to find one on the list of the addresses. We 2423 * can't get one on the emitting interface so let's find first a 2424 * preferred one. If not that an acceptable one otherwise... we 2425 * return NULL. 2426 */ 2427 starting_point = inp->next_addr_touse; 2428once_again: 2429 if (inp->next_addr_touse == NULL) { 2430 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2431 resettotop = 1; 2432 } 2433 for (laddr = inp->next_addr_touse; laddr; 2434 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2435 if (laddr->ifa == NULL) { 2436 /* address has been removed */ 2437 continue; 2438 } 2439 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2440 /* address is being deleted */ 2441 continue; 2442 } 2443 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, 2444 dest_is_priv, fam); 2445 if (sifa == NULL) 2446 continue; 2447 atomic_add_int(&sifa->refcount, 1); 2448 return (sifa); 2449 } 2450 if (resettotop == 0) { 2451 inp->next_addr_touse = NULL; 2452 goto once_again; 2453 } 2454 inp->next_addr_touse = starting_point; 2455 resettotop = 0; 2456once_again_too: 2457 if (inp->next_addr_touse == NULL) { 2458 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2459 resettotop = 1; 2460 } 2461 /* ok, what about an acceptable address in the inp */ 2462 for (laddr = inp->next_addr_touse; laddr; 2463 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2464 if (laddr->ifa == NULL) { 2465 /* address has been removed */ 2466 continue; 2467 } 2468 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2469 /* address is being deleted */ 2470 continue; 2471 } 2472 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2473 dest_is_priv, fam); 2474 if (sifa == NULL) 2475 continue; 2476 atomic_add_int(&sifa->refcount, 1); 2477 return (sifa); 2478 } 2479 if (resettotop == 0) { 2480 inp->next_addr_touse = NULL; 2481 goto once_again_too; 2482 } 2483 /* 2484 * no address bound can be a source for the destination we are in 2485 * trouble 2486 */ 2487 return (NULL); 2488} 2489 2490 2491 2492static struct sctp_ifa * 2493sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp, 2494 struct sctp_tcb *stcb, 2495 struct sctp_nets *net, 2496 sctp_route_t * ro, 2497 uint32_t vrf_id, 2498 uint8_t dest_is_priv, 2499 uint8_t dest_is_loop, 2500 int non_asoc_addr_ok, 2501 sa_family_t fam) 2502{ 2503 struct sctp_laddr *laddr, *starting_point; 2504 void *ifn; 2505 struct sctp_ifn *sctp_ifn; 2506 struct sctp_ifa *sctp_ifa, *sifa; 2507 uint8_t start_at_beginning = 0; 2508 struct sctp_vrf *vrf; 2509 uint32_t ifn_index; 2510 2511 /* 2512 * first question, is the ifn we will emit on in our list, if so, we 2513 * want that one. 2514 */ 2515 vrf = sctp_find_vrf(vrf_id); 2516 if (vrf == NULL) 2517 return (NULL); 2518 2519 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2520 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2521 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2522 2523 /* 2524 * first question, is the ifn we will emit on in our list? If so, 2525 * we want that one. First we look for a preferred. Second, we go 2526 * for an acceptable. 2527 */ 2528 if (sctp_ifn) { 2529 /* first try for a preferred address on the ep */ 2530 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2531 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2532 continue; 2533 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2534 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2535 if (sifa == NULL) 2536 continue; 2537 if (((non_asoc_addr_ok == 0) && 2538 (sctp_is_addr_restricted(stcb, sifa))) || 2539 (non_asoc_addr_ok && 2540 (sctp_is_addr_restricted(stcb, sifa)) && 2541 (!sctp_is_addr_pending(stcb, sifa)))) { 2542 /* on the no-no list */ 2543 continue; 2544 } 2545 atomic_add_int(&sifa->refcount, 1); 2546 return (sifa); 2547 } 2548 } 2549 /* next try for an acceptable address on the ep */ 2550 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2551 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2552 continue; 2553 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2554 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2555 if (sifa == NULL) 2556 continue; 2557 if (((non_asoc_addr_ok == 0) && 2558 (sctp_is_addr_restricted(stcb, sifa))) || 2559 (non_asoc_addr_ok && 2560 (sctp_is_addr_restricted(stcb, sifa)) && 2561 (!sctp_is_addr_pending(stcb, sifa)))) { 2562 /* on the no-no list */ 2563 continue; 2564 } 2565 atomic_add_int(&sifa->refcount, 1); 2566 return (sifa); 2567 } 2568 } 2569 2570 } 2571 /* 2572 * if we can't find one like that then we must look at all addresses 2573 * bound to pick one at first preferable then secondly acceptable. 2574 */ 2575 starting_point = stcb->asoc.last_used_address; 2576sctp_from_the_top: 2577 if (stcb->asoc.last_used_address == NULL) { 2578 start_at_beginning = 1; 2579 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2580 } 2581 /* search beginning with the last used address */ 2582 for (laddr = stcb->asoc.last_used_address; laddr; 2583 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2584 if (laddr->ifa == NULL) { 2585 /* address has been removed */ 2586 continue; 2587 } 2588 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2589 /* address is being deleted */ 2590 continue; 2591 } 2592 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2593 if (sifa == NULL) 2594 continue; 2595 if (((non_asoc_addr_ok == 0) && 2596 (sctp_is_addr_restricted(stcb, sifa))) || 2597 (non_asoc_addr_ok && 2598 (sctp_is_addr_restricted(stcb, sifa)) && 2599 (!sctp_is_addr_pending(stcb, sifa)))) { 2600 /* on the no-no list */ 2601 continue; 2602 } 2603 stcb->asoc.last_used_address = laddr; 2604 atomic_add_int(&sifa->refcount, 1); 2605 return (sifa); 2606 } 2607 if (start_at_beginning == 0) { 2608 stcb->asoc.last_used_address = NULL; 2609 goto sctp_from_the_top; 2610 } 2611 /* now try for any higher scope than the destination */ 2612 stcb->asoc.last_used_address = starting_point; 2613 start_at_beginning = 0; 2614sctp_from_the_top2: 2615 if (stcb->asoc.last_used_address == NULL) { 2616 start_at_beginning = 1; 2617 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2618 } 2619 /* search beginning with the last used address */ 2620 for (laddr = stcb->asoc.last_used_address; laddr; 2621 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2622 if (laddr->ifa == NULL) { 2623 /* address has been removed */ 2624 continue; 2625 } 2626 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2627 /* address is being deleted */ 2628 continue; 2629 } 2630 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2631 dest_is_priv, fam); 2632 if (sifa == NULL) 2633 continue; 2634 if (((non_asoc_addr_ok == 0) && 2635 (sctp_is_addr_restricted(stcb, sifa))) || 2636 (non_asoc_addr_ok && 2637 (sctp_is_addr_restricted(stcb, sifa)) && 2638 (!sctp_is_addr_pending(stcb, sifa)))) { 2639 /* on the no-no list */ 2640 continue; 2641 } 2642 stcb->asoc.last_used_address = laddr; 2643 atomic_add_int(&sifa->refcount, 1); 2644 return (sifa); 2645 } 2646 if (start_at_beginning == 0) { 2647 stcb->asoc.last_used_address = NULL; 2648 goto sctp_from_the_top2; 2649 } 2650 return (NULL); 2651} 2652 2653static struct sctp_ifa * 2654sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn, 2655 struct sctp_tcb *stcb, 2656 int non_asoc_addr_ok, 2657 uint8_t dest_is_loop, 2658 uint8_t dest_is_priv, 2659 int addr_wanted, 2660 sa_family_t fam, 2661 sctp_route_t * ro 2662) 2663{ 2664 struct sctp_ifa *ifa, *sifa; 2665 int num_eligible_addr = 0; 2666 2667#ifdef INET6 2668 struct sockaddr_in6 sin6, lsa6; 2669 2670 if (fam == AF_INET6) { 2671 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6)); 2672 (void)sa6_recoverscope(&sin6); 2673 } 2674#endif /* INET6 */ 2675 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2676 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2677 (non_asoc_addr_ok == 0)) 2678 continue; 2679 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2680 dest_is_priv, fam); 2681 if (sifa == NULL) 2682 continue; 2683#ifdef INET6 2684 if (fam == AF_INET6 && 2685 dest_is_loop && 2686 sifa->src_is_loop && sifa->src_is_priv) { 2687 /* 2688 * don't allow fe80::1 to be a src on loop ::1, we 2689 * don't list it to the peer so we will get an 2690 * abort. 2691 */ 2692 continue; 2693 } 2694 if (fam == AF_INET6 && 2695 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) && 2696 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 2697 /* 2698 * link-local <-> link-local must belong to the same 2699 * scope. 2700 */ 2701 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6)); 2702 (void)sa6_recoverscope(&lsa6); 2703 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) { 2704 continue; 2705 } 2706 } 2707#endif /* INET6 */ 2708 2709 /* 2710 * Check if the IPv6 address matches to next-hop. In the 2711 * mobile case, old IPv6 address may be not deleted from the 2712 * interface. Then, the interface has previous and new 2713 * addresses. We should use one corresponding to the 2714 * next-hop. (by micchie) 2715 */ 2716#ifdef INET6 2717 if (stcb && fam == AF_INET6 && 2718 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2719 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) 2720 == 0) { 2721 continue; 2722 } 2723 } 2724#endif 2725 /* Avoid topologically incorrect IPv4 address */ 2726 if (stcb && fam == AF_INET && 2727 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2728 if (sctp_v4src_match_nexthop(sifa, ro) == 0) { 2729 continue; 2730 } 2731 } 2732 if (stcb) { 2733 if (((non_asoc_addr_ok == 0) && 2734 (sctp_is_addr_restricted(stcb, sifa))) || 2735 (non_asoc_addr_ok && 2736 (sctp_is_addr_restricted(stcb, sifa)) && 2737 (!sctp_is_addr_pending(stcb, sifa)))) { 2738 /* 2739 * It is restricted for some reason.. 2740 * probably not yet added. 2741 */ 2742 continue; 2743 } 2744 } 2745 if (num_eligible_addr >= addr_wanted) { 2746 return (sifa); 2747 } 2748 num_eligible_addr++; 2749 } 2750 return (NULL); 2751} 2752 2753 2754static int 2755sctp_count_num_preferred_boundall(struct sctp_ifn *ifn, 2756 struct sctp_tcb *stcb, 2757 int non_asoc_addr_ok, 2758 uint8_t dest_is_loop, 2759 uint8_t dest_is_priv, 2760 sa_family_t fam) 2761{ 2762 struct sctp_ifa *ifa, *sifa; 2763 int num_eligible_addr = 0; 2764 2765 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2766 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2767 (non_asoc_addr_ok == 0)) { 2768 continue; 2769 } 2770 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2771 dest_is_priv, fam); 2772 if (sifa == NULL) { 2773 continue; 2774 } 2775 if (stcb) { 2776 if (((non_asoc_addr_ok == 0) && 2777 (sctp_is_addr_restricted(stcb, sifa))) || 2778 (non_asoc_addr_ok && 2779 (sctp_is_addr_restricted(stcb, sifa)) && 2780 (!sctp_is_addr_pending(stcb, sifa)))) { 2781 /* 2782 * It is restricted for some reason.. 2783 * probably not yet added. 2784 */ 2785 continue; 2786 } 2787 } 2788 num_eligible_addr++; 2789 } 2790 return (num_eligible_addr); 2791} 2792 2793static struct sctp_ifa * 2794sctp_choose_boundall(struct sctp_inpcb *inp, 2795 struct sctp_tcb *stcb, 2796 struct sctp_nets *net, 2797 sctp_route_t * ro, 2798 uint32_t vrf_id, 2799 uint8_t dest_is_priv, 2800 uint8_t dest_is_loop, 2801 int non_asoc_addr_ok, 2802 sa_family_t fam) 2803{ 2804 int cur_addr_num = 0, num_preferred = 0; 2805 void *ifn; 2806 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn; 2807 struct sctp_ifa *sctp_ifa, *sifa; 2808 uint32_t ifn_index; 2809 struct sctp_vrf *vrf; 2810 2811 /*- 2812 * For boundall we can use any address in the association. 2813 * If non_asoc_addr_ok is set we can use any address (at least in 2814 * theory). So we look for preferred addresses first. If we find one, 2815 * we use it. Otherwise we next try to get an address on the 2816 * interface, which we should be able to do (unless non_asoc_addr_ok 2817 * is false and we are routed out that way). In these cases where we 2818 * can't use the address of the interface we go through all the 2819 * ifn's looking for an address we can use and fill that in. Punting 2820 * means we send back address 0, which will probably cause problems 2821 * actually since then IP will fill in the address of the route ifn, 2822 * which means we probably already rejected it.. i.e. here comes an 2823 * abort :-<. 2824 */ 2825 vrf = sctp_find_vrf(vrf_id); 2826 if (vrf == NULL) 2827 return (NULL); 2828 2829 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2830 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2831 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2832 if (sctp_ifn == NULL) { 2833 /* ?? We don't have this guy ?? */ 2834 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No ifn emit interface?\n"); 2835 goto bound_all_plan_b; 2836 } 2837 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn_index:%d name:%s is emit interface\n", 2838 ifn_index, sctp_ifn->ifn_name); 2839 2840 if (net) { 2841 cur_addr_num = net->indx_of_eligible_next_to_use; 2842 } 2843 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, 2844 stcb, 2845 non_asoc_addr_ok, 2846 dest_is_loop, 2847 dest_is_priv, fam); 2848 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n", 2849 num_preferred, sctp_ifn->ifn_name); 2850 if (num_preferred == 0) { 2851 /* 2852 * no eligible addresses, we must use some other interface 2853 * address if we can find one. 2854 */ 2855 goto bound_all_plan_b; 2856 } 2857 /* 2858 * Ok we have num_eligible_addr set with how many we can use, this 2859 * may vary from call to call due to addresses being deprecated 2860 * etc.. 2861 */ 2862 if (cur_addr_num >= num_preferred) { 2863 cur_addr_num = 0; 2864 } 2865 /* 2866 * select the nth address from the list (where cur_addr_num is the 2867 * nth) and 0 is the first one, 1 is the second one etc... 2868 */ 2869 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num); 2870 2871 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2872 dest_is_priv, cur_addr_num, fam, ro); 2873 2874 /* if sctp_ifa is NULL something changed??, fall to plan b. */ 2875 if (sctp_ifa) { 2876 atomic_add_int(&sctp_ifa->refcount, 1); 2877 if (net) { 2878 /* save off where the next one we will want */ 2879 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2880 } 2881 return (sctp_ifa); 2882 } 2883 /* 2884 * plan_b: Look at all interfaces and find a preferred address. If 2885 * no preferred fall through to plan_c. 2886 */ 2887bound_all_plan_b: 2888 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n"); 2889 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2890 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n", 2891 sctp_ifn->ifn_name); 2892 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2893 /* wrong base scope */ 2894 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n"); 2895 continue; 2896 } 2897 if ((sctp_ifn == looked_at) && looked_at) { 2898 /* already looked at this guy */ 2899 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n"); 2900 continue; 2901 } 2902 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, stcb, non_asoc_addr_ok, 2903 dest_is_loop, dest_is_priv, fam); 2904 SCTPDBG(SCTP_DEBUG_OUTPUT2, 2905 "Found ifn:%p %d preferred source addresses\n", 2906 ifn, num_preferred); 2907 if (num_preferred == 0) { 2908 /* None on this interface. */ 2909 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n"); 2910 continue; 2911 } 2912 SCTPDBG(SCTP_DEBUG_OUTPUT2, 2913 "num preferred:%d on interface:%p cur_addr_num:%d\n", 2914 num_preferred, sctp_ifn, cur_addr_num); 2915 2916 /* 2917 * Ok we have num_eligible_addr set with how many we can 2918 * use, this may vary from call to call due to addresses 2919 * being deprecated etc.. 2920 */ 2921 if (cur_addr_num >= num_preferred) { 2922 cur_addr_num = 0; 2923 } 2924 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2925 dest_is_priv, cur_addr_num, fam, ro); 2926 if (sifa == NULL) 2927 continue; 2928 if (net) { 2929 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2930 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n", 2931 cur_addr_num); 2932 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:"); 2933 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 2934 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:"); 2935 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa); 2936 } 2937 atomic_add_int(&sifa->refcount, 1); 2938 return (sifa); 2939 2940 } 2941 2942 /* plan_c: do we have an acceptable address on the emit interface */ 2943 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan C: find acceptable on interface\n"); 2944 if (emit_ifn == NULL) { 2945 goto plan_d; 2946 } 2947 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { 2948 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2949 (non_asoc_addr_ok == 0)) 2950 continue; 2951 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, 2952 dest_is_priv, fam); 2953 if (sifa == NULL) 2954 continue; 2955 if (stcb) { 2956 if (((non_asoc_addr_ok == 0) && 2957 (sctp_is_addr_restricted(stcb, sifa))) || 2958 (non_asoc_addr_ok && 2959 (sctp_is_addr_restricted(stcb, sifa)) && 2960 (!sctp_is_addr_pending(stcb, sifa)))) { 2961 /* 2962 * It is restricted for some reason.. 2963 * probably not yet added. 2964 */ 2965 continue; 2966 } 2967 } 2968 atomic_add_int(&sifa->refcount, 1); 2969 return (sifa); 2970 } 2971plan_d: 2972 /* 2973 * plan_d: We are in trouble. No preferred address on the emit 2974 * interface. And not even a preferred address on all interfaces. Go 2975 * out and see if we can find an acceptable address somewhere 2976 * amongst all interfaces. 2977 */ 2978 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D\n"); 2979 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2980 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2981 /* wrong base scope */ 2982 continue; 2983 } 2984 if ((sctp_ifn == looked_at) && looked_at) 2985 /* already looked at this guy */ 2986 continue; 2987 2988 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2989 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2990 (non_asoc_addr_ok == 0)) 2991 continue; 2992 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 2993 dest_is_loop, 2994 dest_is_priv, fam); 2995 if (sifa == NULL) 2996 continue; 2997 if (stcb) { 2998 if (((non_asoc_addr_ok == 0) && 2999 (sctp_is_addr_restricted(stcb, sifa))) || 3000 (non_asoc_addr_ok && 3001 (sctp_is_addr_restricted(stcb, sifa)) && 3002 (!sctp_is_addr_pending(stcb, sifa)))) { 3003 /* 3004 * It is restricted for some 3005 * reason.. probably not yet added. 3006 */ 3007 continue; 3008 } 3009 } 3010 atomic_add_int(&sifa->refcount, 1); 3011 return (sifa); 3012 } 3013 } 3014 /* 3015 * Ok we can find NO address to source from that is not on our 3016 * restricted list and non_asoc_address is NOT ok, or it is on our 3017 * restricted list. We can't source to it :-( 3018 */ 3019 return (NULL); 3020} 3021 3022 3023 3024/* tcb may be NULL */ 3025struct sctp_ifa * 3026sctp_source_address_selection(struct sctp_inpcb *inp, 3027 struct sctp_tcb *stcb, 3028 sctp_route_t * ro, 3029 struct sctp_nets *net, 3030 int non_asoc_addr_ok, uint32_t vrf_id) 3031{ 3032 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 3033 3034#ifdef INET6 3035 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst; 3036 3037#endif 3038 struct sctp_ifa *answer; 3039 uint8_t dest_is_priv, dest_is_loop; 3040 sa_family_t fam; 3041 3042 /*- 3043 * Rules: - Find the route if needed, cache if I can. - Look at 3044 * interface address in route, Is it in the bound list. If so we 3045 * have the best source. - If not we must rotate amongst the 3046 * addresses. 3047 * 3048 * Cavets and issues 3049 * 3050 * Do we need to pay attention to scope. We can have a private address 3051 * or a global address we are sourcing or sending to. So if we draw 3052 * it out 3053 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3054 * For V4 3055 * ------------------------------------------ 3056 * source * dest * result 3057 * ----------------------------------------- 3058 * <a> Private * Global * NAT 3059 * ----------------------------------------- 3060 * <b> Private * Private * No problem 3061 * ----------------------------------------- 3062 * <c> Global * Private * Huh, How will this work? 3063 * ----------------------------------------- 3064 * <d> Global * Global * No Problem 3065 *------------------------------------------ 3066 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3067 * For V6 3068 *------------------------------------------ 3069 * source * dest * result 3070 * ----------------------------------------- 3071 * <a> Linklocal * Global * 3072 * ----------------------------------------- 3073 * <b> Linklocal * Linklocal * No problem 3074 * ----------------------------------------- 3075 * <c> Global * Linklocal * Huh, How will this work? 3076 * ----------------------------------------- 3077 * <d> Global * Global * No Problem 3078 *------------------------------------------ 3079 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3080 * 3081 * And then we add to that what happens if there are multiple addresses 3082 * assigned to an interface. Remember the ifa on a ifn is a linked 3083 * list of addresses. So one interface can have more than one IP 3084 * address. What happens if we have both a private and a global 3085 * address? Do we then use context of destination to sort out which 3086 * one is best? And what about NAT's sending P->G may get you a NAT 3087 * translation, or should you select the G thats on the interface in 3088 * preference. 3089 * 3090 * Decisions: 3091 * 3092 * - count the number of addresses on the interface. 3093 * - if it is one, no problem except case <c>. 3094 * For <a> we will assume a NAT out there. 3095 * - if there are more than one, then we need to worry about scope P 3096 * or G. We should prefer G -> G and P -> P if possible. 3097 * Then as a secondary fall back to mixed types G->P being a last 3098 * ditch one. 3099 * - The above all works for bound all, but bound specific we need to 3100 * use the same concept but instead only consider the bound 3101 * addresses. If the bound set is NOT assigned to the interface then 3102 * we must use rotation amongst the bound addresses.. 3103 */ 3104 if (ro->ro_rt == NULL) { 3105 /* 3106 * Need a route to cache. 3107 */ 3108 SCTP_RTALLOC(ro, vrf_id); 3109 } 3110 if (ro->ro_rt == NULL) { 3111 return (NULL); 3112 } 3113 fam = to->sin_family; 3114 dest_is_priv = dest_is_loop = 0; 3115 /* Setup our scopes for the destination */ 3116 switch (fam) { 3117 case AF_INET: 3118 /* Scope based on outbound address */ 3119 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3120 dest_is_loop = 1; 3121 if (net != NULL) { 3122 /* mark it as local */ 3123 net->addr_is_local = 1; 3124 } 3125 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 3126 dest_is_priv = 1; 3127 } 3128 break; 3129#ifdef INET6 3130 case AF_INET6: 3131 /* Scope based on outbound address */ 3132 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) || 3133 SCTP_ROUTE_IS_REAL_LOOP(ro)) { 3134 /* 3135 * If the address is a loopback address, which 3136 * consists of "::1" OR "fe80::1%lo0", we are 3137 * loopback scope. But we don't use dest_is_priv 3138 * (link local addresses). 3139 */ 3140 dest_is_loop = 1; 3141 if (net != NULL) { 3142 /* mark it as local */ 3143 net->addr_is_local = 1; 3144 } 3145 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3146 dest_is_priv = 1; 3147 } 3148 break; 3149#endif 3150 } 3151 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:"); 3152 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)to); 3153 SCTP_IPI_ADDR_RLOCK(); 3154 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3155 /* 3156 * Bound all case 3157 */ 3158 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, 3159 dest_is_priv, dest_is_loop, 3160 non_asoc_addr_ok, fam); 3161 SCTP_IPI_ADDR_RUNLOCK(); 3162 return (answer); 3163 } 3164 /* 3165 * Subset bound case 3166 */ 3167 if (stcb) { 3168 answer = sctp_choose_boundspecific_stcb(inp, stcb, net, ro, 3169 vrf_id, dest_is_priv, 3170 dest_is_loop, 3171 non_asoc_addr_ok, fam); 3172 } else { 3173 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id, 3174 non_asoc_addr_ok, 3175 dest_is_priv, 3176 dest_is_loop, fam); 3177 } 3178 SCTP_IPI_ADDR_RUNLOCK(); 3179 return (answer); 3180} 3181 3182static int 3183sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize) 3184{ 3185 struct cmsghdr cmh; 3186 int tlen, at; 3187 3188 tlen = SCTP_BUF_LEN(control); 3189 at = 0; 3190 /* 3191 * Independent of how many mbufs, find the c_type inside the control 3192 * structure and copy out the data. 3193 */ 3194 while (at < tlen) { 3195 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3196 /* not enough room for one more we are done. */ 3197 return (0); 3198 } 3199 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3200 if (((int)cmh.cmsg_len + at) > tlen) { 3201 /* 3202 * this is real messed up since there is not enough 3203 * data here to cover the cmsg header. We are done. 3204 */ 3205 return (0); 3206 } 3207 if ((cmh.cmsg_level == IPPROTO_SCTP) && 3208 (c_type == cmh.cmsg_type)) { 3209 /* found the one we want, copy it out */ 3210 at += CMSG_ALIGN(sizeof(struct cmsghdr)); 3211 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) { 3212 /* 3213 * space of cmsg_len after header not big 3214 * enough 3215 */ 3216 return (0); 3217 } 3218 m_copydata(control, at, cpsize, data); 3219 return (1); 3220 } else { 3221 at += CMSG_ALIGN(cmh.cmsg_len); 3222 if (cmh.cmsg_len == 0) { 3223 break; 3224 } 3225 } 3226 } 3227 /* not found */ 3228 return (0); 3229} 3230 3231static struct mbuf * 3232sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset, 3233 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t ** signature) 3234{ 3235 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 3236 struct sctp_state_cookie *stc; 3237 struct sctp_paramhdr *ph; 3238 uint8_t *foo; 3239 int sig_offset; 3240 uint16_t cookie_sz; 3241 3242 mret = NULL; 3243 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) + 3244 sizeof(struct sctp_paramhdr)), 0, 3245 M_DONTWAIT, 1, MT_DATA); 3246 if (mret == NULL) { 3247 return (NULL); 3248 } 3249 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_DONTWAIT); 3250 if (copy_init == NULL) { 3251 sctp_m_freem(mret); 3252 return (NULL); 3253 } 3254#ifdef SCTP_MBUF_LOGGING 3255 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3256 struct mbuf *mat; 3257 3258 mat = copy_init; 3259 while (mat) { 3260 if (SCTP_BUF_IS_EXTENDED(mat)) { 3261 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3262 } 3263 mat = SCTP_BUF_NEXT(mat); 3264 } 3265 } 3266#endif 3267 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL, 3268 M_DONTWAIT); 3269 if (copy_initack == NULL) { 3270 sctp_m_freem(mret); 3271 sctp_m_freem(copy_init); 3272 return (NULL); 3273 } 3274#ifdef SCTP_MBUF_LOGGING 3275 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3276 struct mbuf *mat; 3277 3278 mat = copy_initack; 3279 while (mat) { 3280 if (SCTP_BUF_IS_EXTENDED(mat)) { 3281 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3282 } 3283 mat = SCTP_BUF_NEXT(mat); 3284 } 3285 } 3286#endif 3287 /* easy side we just drop it on the end */ 3288 ph = mtod(mret, struct sctp_paramhdr *); 3289 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) + 3290 sizeof(struct sctp_paramhdr); 3291 stc = (struct sctp_state_cookie *)((caddr_t)ph + 3292 sizeof(struct sctp_paramhdr)); 3293 ph->param_type = htons(SCTP_STATE_COOKIE); 3294 ph->param_length = 0; /* fill in at the end */ 3295 /* Fill in the stc cookie data */ 3296 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie)); 3297 3298 /* tack the INIT and then the INIT-ACK onto the chain */ 3299 cookie_sz = 0; 3300 m_at = mret; 3301 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3302 cookie_sz += SCTP_BUF_LEN(m_at); 3303 if (SCTP_BUF_NEXT(m_at) == NULL) { 3304 SCTP_BUF_NEXT(m_at) = copy_init; 3305 break; 3306 } 3307 } 3308 3309 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3310 cookie_sz += SCTP_BUF_LEN(m_at); 3311 if (SCTP_BUF_NEXT(m_at) == NULL) { 3312 SCTP_BUF_NEXT(m_at) = copy_initack; 3313 break; 3314 } 3315 } 3316 3317 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3318 cookie_sz += SCTP_BUF_LEN(m_at); 3319 if (SCTP_BUF_NEXT(m_at) == NULL) { 3320 break; 3321 } 3322 } 3323 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_DONTWAIT, 1, MT_DATA); 3324 if (sig == NULL) { 3325 /* no space, so free the entire chain */ 3326 sctp_m_freem(mret); 3327 return (NULL); 3328 } 3329 SCTP_BUF_LEN(sig) = 0; 3330 SCTP_BUF_NEXT(m_at) = sig; 3331 sig_offset = 0; 3332 foo = (uint8_t *) (mtod(sig, caddr_t)+sig_offset); 3333 memset(foo, 0, SCTP_SIGNATURE_SIZE); 3334 *signature = foo; 3335 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE; 3336 cookie_sz += SCTP_SIGNATURE_SIZE; 3337 ph->param_length = htons(cookie_sz); 3338 return (mret); 3339} 3340 3341 3342static uint8_t 3343sctp_get_ect(struct sctp_tcb *stcb, 3344 struct sctp_tmit_chunk *chk) 3345{ 3346 uint8_t this_random; 3347 3348 /* Huh? */ 3349 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 0) 3350 return (0); 3351 3352 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce) == 0) 3353 /* no nonce, always return ECT0 */ 3354 return (SCTP_ECT0_BIT); 3355 3356 if (stcb->asoc.peer_supports_ecn_nonce == 0) { 3357 /* Peer does NOT support it, so we send a ECT0 only */ 3358 return (SCTP_ECT0_BIT); 3359 } 3360 if (chk == NULL) 3361 return (SCTP_ECT0_BIT); 3362 3363 if ((stcb->asoc.hb_random_idx > 3) || 3364 ((stcb->asoc.hb_random_idx == 3) && 3365 (stcb->asoc.hb_ect_randombit > 7))) { 3366 uint32_t rndval; 3367 3368warp_drive_sa: 3369 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 3370 memcpy(stcb->asoc.hb_random_values, &rndval, 3371 sizeof(stcb->asoc.hb_random_values)); 3372 this_random = stcb->asoc.hb_random_values[0]; 3373 stcb->asoc.hb_random_idx = 0; 3374 stcb->asoc.hb_ect_randombit = 0; 3375 } else { 3376 if (stcb->asoc.hb_ect_randombit > 7) { 3377 stcb->asoc.hb_ect_randombit = 0; 3378 stcb->asoc.hb_random_idx++; 3379 if (stcb->asoc.hb_random_idx > 3) { 3380 goto warp_drive_sa; 3381 } 3382 } 3383 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 3384 } 3385 if ((this_random >> stcb->asoc.hb_ect_randombit) & 0x01) { 3386 if (chk != NULL) 3387 /* ECN Nonce stuff */ 3388 chk->rec.data.ect_nonce = SCTP_ECT1_BIT; 3389 stcb->asoc.hb_ect_randombit++; 3390 return (SCTP_ECT1_BIT); 3391 } else { 3392 stcb->asoc.hb_ect_randombit++; 3393 return (SCTP_ECT0_BIT); 3394 } 3395} 3396 3397static int 3398sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 3399 struct sctp_tcb *stcb, /* may be NULL */ 3400 struct sctp_nets *net, 3401 struct sockaddr *to, 3402 struct mbuf *m, 3403 uint32_t auth_offset, 3404 struct sctp_auth_chunk *auth, 3405 uint16_t auth_keyid, 3406 int nofragment_flag, 3407 int ecn_ok, 3408 struct sctp_tmit_chunk *chk, 3409 int out_of_asoc_ok, 3410 uint16_t src_port, 3411 uint16_t dest_port, 3412 uint32_t v_tag, 3413 uint16_t port, 3414 int so_locked, 3415#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3416 SCTP_UNUSED 3417#endif 3418 union sctp_sockstore *over_addr 3419) 3420/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 3421{ 3422 /* 3423 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet 3424 * header WITH an SCTPHDR but no IP header, endpoint inp and sa 3425 * structure: - fill in the HMAC digest of any AUTH chunk in the 3426 * packet. - calculate and fill in the SCTP checksum. - prepend an 3427 * IP address header. - if boundall use INADDR_ANY. - if 3428 * boundspecific do source address selection. - set fragmentation 3429 * option for ipV4. - On return from IP output, check/adjust mtu 3430 * size of output interface and smallest_mtu size as well. 3431 */ 3432 /* Will need ifdefs around this */ 3433 struct mbuf *o_pak; 3434 struct mbuf *newm; 3435 struct sctphdr *sctphdr; 3436 int packet_length; 3437 int ret; 3438 uint32_t vrf_id; 3439 sctp_route_t *ro = NULL; 3440 struct udphdr *udp = NULL; 3441 3442#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3443 struct socket *so = NULL; 3444 3445#endif 3446 3447 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 3448 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 3449 sctp_m_freem(m); 3450 return (EFAULT); 3451 } 3452 if (stcb) { 3453 vrf_id = stcb->asoc.vrf_id; 3454 } else { 3455 vrf_id = inp->def_vrf_id; 3456 } 3457 3458 /* fill in the HMAC digest for any AUTH chunk in the packet */ 3459 if ((auth != NULL) && (stcb != NULL)) { 3460 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid); 3461 } 3462 if (to->sa_family == AF_INET) { 3463 struct ip *ip = NULL; 3464 sctp_route_t iproute; 3465 uint8_t tos_value; 3466 int len; 3467 3468 len = sizeof(struct ip) + sizeof(struct sctphdr); 3469 if (port) { 3470 len += sizeof(struct udphdr); 3471 } 3472 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA); 3473 if (newm == NULL) { 3474 sctp_m_freem(m); 3475 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3476 return (ENOMEM); 3477 } 3478 SCTP_ALIGN_TO_END(newm, len); 3479 SCTP_BUF_LEN(newm) = len; 3480 SCTP_BUF_NEXT(newm) = m; 3481 m = newm; 3482 packet_length = sctp_calculate_len(m); 3483 ip = mtod(m, struct ip *); 3484 ip->ip_v = IPVERSION; 3485 ip->ip_hl = (sizeof(struct ip) >> 2); 3486 if (net) { 3487 tos_value = net->tos_flowlabel & 0x000000ff; 3488 } else { 3489 tos_value = inp->ip_inp.inp.inp_ip_tos; 3490 } 3491 if ((nofragment_flag) && (port == 0)) { 3492 ip->ip_off = IP_DF; 3493 } else 3494 ip->ip_off = 0; 3495 3496 /* FreeBSD has a function for ip_id's */ 3497 ip->ip_id = ip_newid(); 3498 3499 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; 3500 ip->ip_len = packet_length; 3501 if (stcb) { 3502 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 3503 /* Enable ECN */ 3504 ip->ip_tos = ((u_char)(tos_value & 0xfc) | sctp_get_ect(stcb, chk)); 3505 } else { 3506 /* No ECN */ 3507 ip->ip_tos = (u_char)(tos_value & 0xfc); 3508 } 3509 } else { 3510 /* no association at all */ 3511 ip->ip_tos = (tos_value & 0xfc); 3512 } 3513 if (port) { 3514 ip->ip_p = IPPROTO_UDP; 3515 } else { 3516 ip->ip_p = IPPROTO_SCTP; 3517 } 3518 ip->ip_sum = 0; 3519 if (net == NULL) { 3520 ro = &iproute; 3521 memset(&iproute, 0, sizeof(iproute)); 3522 memcpy(&ro->ro_dst, to, to->sa_len); 3523 } else { 3524 ro = (sctp_route_t *) & net->ro; 3525 } 3526 /* Now the address selection part */ 3527 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr; 3528 3529 /* call the routine to select the src address */ 3530 if (net && out_of_asoc_ok == 0) { 3531 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 3532 sctp_free_ifa(net->ro._s_addr); 3533 net->ro._s_addr = NULL; 3534 net->src_addr_selected = 0; 3535 if (ro->ro_rt) { 3536 RTFREE(ro->ro_rt); 3537 ro->ro_rt = NULL; 3538 } 3539 } 3540 if (net->src_addr_selected == 0) { 3541 /* Cache the source address */ 3542 net->ro._s_addr = sctp_source_address_selection(inp, stcb, 3543 ro, net, 0, 3544 vrf_id); 3545 net->src_addr_selected = 1; 3546 } 3547 if (net->ro._s_addr == NULL) { 3548 /* No route to host */ 3549 net->src_addr_selected = 0; 3550 goto no_route; 3551 } 3552 ip->ip_src = net->ro._s_addr->address.sin.sin_addr; 3553 } else { 3554 if (over_addr == NULL) { 3555 struct sctp_ifa *_lsrc; 3556 3557 _lsrc = sctp_source_address_selection(inp, stcb, ro, 3558 net, 3559 out_of_asoc_ok, 3560 vrf_id); 3561 if (_lsrc == NULL) { 3562 goto no_route; 3563 } 3564 ip->ip_src = _lsrc->address.sin.sin_addr; 3565 sctp_free_ifa(_lsrc); 3566 } else { 3567 ip->ip_src = over_addr->sin.sin_addr; 3568 SCTP_RTALLOC(ro, vrf_id); 3569 } 3570 } 3571 if (port) { 3572 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip)); 3573 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 3574 udp->uh_dport = port; 3575 udp->uh_ulen = htons(packet_length - sizeof(struct ip)); 3576 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 3577 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 3578 } else { 3579 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip)); 3580 } 3581 3582 sctphdr->src_port = src_port; 3583 sctphdr->dest_port = dest_port; 3584 sctphdr->v_tag = v_tag; 3585 sctphdr->checksum = 0; 3586 3587 /* 3588 * If source address selection fails and we find no route 3589 * then the ip_output should fail as well with a 3590 * NO_ROUTE_TO_HOST type error. We probably should catch 3591 * that somewhere and abort the association right away 3592 * (assuming this is an INIT being sent). 3593 */ 3594 if ((ro->ro_rt == NULL)) { 3595 /* 3596 * src addr selection failed to find a route (or 3597 * valid source addr), so we can't get there from 3598 * here (yet)! 3599 */ 3600 no_route: 3601 SCTPDBG(SCTP_DEBUG_OUTPUT1, 3602 "%s: dropped packet - no valid source addr\n", 3603 __FUNCTION__); 3604 if (net) { 3605 SCTPDBG(SCTP_DEBUG_OUTPUT1, 3606 "Destination was "); 3607 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, 3608 &net->ro._l_addr.sa); 3609 if (net->dest_state & SCTP_ADDR_CONFIRMED) { 3610 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) { 3611 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", net); 3612 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 3613 stcb, 3614 SCTP_FAILED_THRESHOLD, 3615 (void *)net, 3616 so_locked); 3617 net->dest_state &= ~SCTP_ADDR_REACHABLE; 3618 net->dest_state |= SCTP_ADDR_NOT_REACHABLE; 3619 /* 3620 * JRS 5/14/07 - If a 3621 * destination is 3622 * unreachable, the PF bit 3623 * is turned off. This 3624 * allows an unambiguous use 3625 * of the PF bit for 3626 * destinations that are 3627 * reachable but potentially 3628 * failed. If the 3629 * destination is set to the 3630 * unreachable state, also 3631 * set the destination to 3632 * the PF state. 3633 */ 3634 /* 3635 * Add debug message here if 3636 * destination is not in PF 3637 * state. 3638 */ 3639 /* 3640 * Stop any running T3 3641 * timers here? 3642 */ 3643 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_pf)) { 3644 net->dest_state &= ~SCTP_ADDR_PF; 3645 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination %p moved from PF to unreachable.\n", 3646 net); 3647 } 3648 } 3649 } 3650 if (stcb) { 3651 if (net == stcb->asoc.primary_destination) { 3652 /* need a new primary */ 3653 struct sctp_nets *alt; 3654 3655 alt = sctp_find_alternate_net(stcb, net, 0); 3656 if (alt != net) { 3657 if (sctp_set_primary_addr(stcb, 3658 (struct sockaddr *)NULL, 3659 alt) == 0) { 3660 net->dest_state |= SCTP_ADDR_WAS_PRIMARY; 3661 if (net->ro._s_addr) { 3662 sctp_free_ifa(net->ro._s_addr); 3663 net->ro._s_addr = NULL; 3664 } 3665 net->src_addr_selected = 0; 3666 } 3667 } 3668 } 3669 } 3670 } 3671 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 3672 sctp_m_freem(m); 3673 return (EHOSTUNREACH); 3674 } 3675 if (ro != &iproute) { 3676 memcpy(&iproute, ro, sizeof(*ro)); 3677 } 3678 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n", 3679 (uint32_t) (ntohl(ip->ip_src.s_addr))); 3680 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n", 3681 (uint32_t) (ntohl(ip->ip_dst.s_addr))); 3682 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n", 3683 ro->ro_rt); 3684 3685 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 3686 /* failed to prepend data, give up */ 3687 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3688 sctp_m_freem(m); 3689 return (ENOMEM); 3690 } 3691#ifdef SCTP_PACKET_LOGGING 3692 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 3693 sctp_packet_log(m, packet_length); 3694#endif 3695 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 3696 if (port) { 3697 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 3698 (stcb) && 3699 (stcb->asoc.loopback_scope))) { 3700 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr)); 3701 SCTP_STAT_INCR(sctps_sendswcrc); 3702 } else { 3703 SCTP_STAT_INCR(sctps_sendnocrc); 3704 } 3705 SCTP_ENABLE_UDP_CSUM(o_pak); 3706 } else { 3707 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 3708 (stcb) && 3709 (stcb->asoc.loopback_scope))) { 3710 m->m_pkthdr.csum_flags = CSUM_SCTP; 3711 m->m_pkthdr.csum_data = 0; 3712 SCTP_STAT_INCR(sctps_sendhwcrc); 3713 } else { 3714 SCTP_STAT_INCR(sctps_sendnocrc); 3715 } 3716 } 3717 /* send it out. table id is taken from stcb */ 3718#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3719 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 3720 so = SCTP_INP_SO(inp); 3721 SCTP_SOCKET_UNLOCK(so, 0); 3722 } 3723#endif 3724 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id); 3725#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3726 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 3727 atomic_add_int(&stcb->asoc.refcnt, 1); 3728 SCTP_TCB_UNLOCK(stcb); 3729 SCTP_SOCKET_LOCK(so, 0); 3730 SCTP_TCB_LOCK(stcb); 3731 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3732 } 3733#endif 3734 SCTP_STAT_INCR(sctps_sendpackets); 3735 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 3736 if (ret) 3737 SCTP_STAT_INCR(sctps_senderrors); 3738 3739 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret); 3740 if (net == NULL) { 3741 /* free tempy routes */ 3742 if (ro->ro_rt) { 3743 RTFREE(ro->ro_rt); 3744 ro->ro_rt = NULL; 3745 } 3746 } else { 3747 /* PMTU check versus smallest asoc MTU goes here */ 3748 if ((ro->ro_rt != NULL) && 3749 (net->ro._s_addr)) { 3750 uint32_t mtu; 3751 3752 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 3753 if (net->port) { 3754 mtu -= sizeof(struct udphdr); 3755 } 3756 if (mtu && (stcb->asoc.smallest_mtu > mtu)) { 3757#ifdef SCTP_PRINT_FOR_B_AND_M 3758 SCTP_PRINTF("sctp_mtu_size_reset called after ip_output mtu-change:%d\n", mtu); 3759#endif 3760 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 3761 net->mtu = mtu; 3762 } 3763 } else if (ro->ro_rt == NULL) { 3764 /* route was freed */ 3765 if (net->ro._s_addr && 3766 net->src_addr_selected) { 3767 sctp_free_ifa(net->ro._s_addr); 3768 net->ro._s_addr = NULL; 3769 } 3770 net->src_addr_selected = 0; 3771 } 3772 } 3773 return (ret); 3774 } 3775#ifdef INET6 3776 else if (to->sa_family == AF_INET6) { 3777 uint32_t flowlabel; 3778 struct ip6_hdr *ip6h; 3779 struct route_in6 ip6route; 3780 struct ifnet *ifp; 3781 u_char flowTop; 3782 uint16_t flowBottom; 3783 u_char tosBottom, tosTop; 3784 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 3785 int prev_scope = 0; 3786 struct sockaddr_in6 lsa6_storage; 3787 int error; 3788 u_short prev_port = 0; 3789 int len; 3790 3791 if (net != NULL) { 3792 flowlabel = net->tos_flowlabel; 3793 } else { 3794 flowlabel = ((struct in6pcb *)inp)->in6p_flowinfo; 3795 } 3796 3797 len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr); 3798 if (port) { 3799 len += sizeof(struct udphdr); 3800 } 3801 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA); 3802 if (newm == NULL) { 3803 sctp_m_freem(m); 3804 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3805 return (ENOMEM); 3806 } 3807 SCTP_ALIGN_TO_END(newm, len); 3808 SCTP_BUF_LEN(newm) = len; 3809 SCTP_BUF_NEXT(newm) = m; 3810 m = newm; 3811 packet_length = sctp_calculate_len(m); 3812 3813 ip6h = mtod(m, struct ip6_hdr *); 3814 /* 3815 * We assume here that inp_flow is in host byte order within 3816 * the TCB! 3817 */ 3818 flowBottom = flowlabel & 0x0000ffff; 3819 flowTop = ((flowlabel & 0x000f0000) >> 16); 3820 tosTop = (((flowlabel & 0xf0) >> 4) | IPV6_VERSION); 3821 /* protect *sin6 from overwrite */ 3822 sin6 = (struct sockaddr_in6 *)to; 3823 tmp = *sin6; 3824 sin6 = &tmp; 3825 3826 /* KAME hack: embed scopeid */ 3827 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3828 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3829 return (EINVAL); 3830 } 3831 if (net == NULL) { 3832 memset(&ip6route, 0, sizeof(ip6route)); 3833 ro = (sctp_route_t *) & ip6route; 3834 memcpy(&ro->ro_dst, sin6, sin6->sin6_len); 3835 } else { 3836 ro = (sctp_route_t *) & net->ro; 3837 } 3838 if (stcb != NULL) { 3839 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 3840 /* Enable ECN */ 3841 tosBottom = (((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) | sctp_get_ect(stcb, chk)) << 4); 3842 } else { 3843 /* No ECN */ 3844 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 3845 } 3846 } else { 3847 /* we could get no asoc if it is a O-O-T-B packet */ 3848 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 3849 } 3850 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom | flowTop) << 16) | flowBottom)); 3851 if (port) { 3852 ip6h->ip6_nxt = IPPROTO_UDP; 3853 } else { 3854 ip6h->ip6_nxt = IPPROTO_SCTP; 3855 } 3856 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr)); 3857 ip6h->ip6_dst = sin6->sin6_addr; 3858 3859 /* 3860 * Add SRC address selection here: we can only reuse to a 3861 * limited degree the kame src-addr-sel, since we can try 3862 * their selection but it may not be bound. 3863 */ 3864 bzero(&lsa6_tmp, sizeof(lsa6_tmp)); 3865 lsa6_tmp.sin6_family = AF_INET6; 3866 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 3867 lsa6 = &lsa6_tmp; 3868 if (net && out_of_asoc_ok == 0) { 3869 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 3870 sctp_free_ifa(net->ro._s_addr); 3871 net->ro._s_addr = NULL; 3872 net->src_addr_selected = 0; 3873 if (ro->ro_rt) { 3874 RTFREE(ro->ro_rt); 3875 ro->ro_rt = NULL; 3876 } 3877 } 3878 if (net->src_addr_selected == 0) { 3879 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3880 /* KAME hack: embed scopeid */ 3881 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3882 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3883 return (EINVAL); 3884 } 3885 /* Cache the source address */ 3886 net->ro._s_addr = sctp_source_address_selection(inp, 3887 stcb, 3888 ro, 3889 net, 3890 0, 3891 vrf_id); 3892 (void)sa6_recoverscope(sin6); 3893 net->src_addr_selected = 1; 3894 } 3895 if (net->ro._s_addr == NULL) { 3896 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n"); 3897 net->src_addr_selected = 0; 3898 goto no_route; 3899 } 3900 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr; 3901 } else { 3902 sin6 = (struct sockaddr_in6 *)&ro->ro_dst; 3903 /* KAME hack: embed scopeid */ 3904 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3905 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3906 return (EINVAL); 3907 } 3908 if (over_addr == NULL) { 3909 struct sctp_ifa *_lsrc; 3910 3911 _lsrc = sctp_source_address_selection(inp, stcb, ro, 3912 net, 3913 out_of_asoc_ok, 3914 vrf_id); 3915 if (_lsrc == NULL) { 3916 goto no_route; 3917 } 3918 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr; 3919 sctp_free_ifa(_lsrc); 3920 } else { 3921 lsa6->sin6_addr = over_addr->sin6.sin6_addr; 3922 SCTP_RTALLOC(ro, vrf_id); 3923 } 3924 (void)sa6_recoverscope(sin6); 3925 } 3926 lsa6->sin6_port = inp->sctp_lport; 3927 3928 if (ro->ro_rt == NULL) { 3929 /* 3930 * src addr selection failed to find a route (or 3931 * valid source addr), so we can't get there from 3932 * here! 3933 */ 3934 goto no_route; 3935 } 3936 /* 3937 * XXX: sa6 may not have a valid sin6_scope_id in the 3938 * non-SCOPEDROUTING case. 3939 */ 3940 bzero(&lsa6_storage, sizeof(lsa6_storage)); 3941 lsa6_storage.sin6_family = AF_INET6; 3942 lsa6_storage.sin6_len = sizeof(lsa6_storage); 3943 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3944 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) { 3945 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error); 3946 sctp_m_freem(m); 3947 return (error); 3948 } 3949 /* XXX */ 3950 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3951 lsa6_storage.sin6_port = inp->sctp_lport; 3952 lsa6 = &lsa6_storage; 3953 ip6h->ip6_src = lsa6->sin6_addr; 3954 3955 if (port) { 3956 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 3957 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 3958 udp->uh_dport = port; 3959 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr)); 3960 udp->uh_sum = 0; 3961 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 3962 } else { 3963 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 3964 } 3965 3966 sctphdr->src_port = src_port; 3967 sctphdr->dest_port = dest_port; 3968 sctphdr->v_tag = v_tag; 3969 sctphdr->checksum = 0; 3970 3971 /* 3972 * We set the hop limit now since there is a good chance 3973 * that our ro pointer is now filled 3974 */ 3975 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro); 3976 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 3977 3978#ifdef SCTP_DEBUG 3979 /* Copy to be sure something bad is not happening */ 3980 sin6->sin6_addr = ip6h->ip6_dst; 3981 lsa6->sin6_addr = ip6h->ip6_src; 3982#endif 3983 3984 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n"); 3985 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: "); 3986 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6); 3987 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: "); 3988 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6); 3989 if (net) { 3990 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3991 /* preserve the port and scope for link local send */ 3992 prev_scope = sin6->sin6_scope_id; 3993 prev_port = sin6->sin6_port; 3994 } 3995 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 3996 /* failed to prepend data, give up */ 3997 sctp_m_freem(m); 3998 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3999 return (ENOMEM); 4000 } 4001#ifdef SCTP_PACKET_LOGGING 4002 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4003 sctp_packet_log(m, packet_length); 4004#endif 4005 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4006 if (port) { 4007 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4008 (stcb) && 4009 (stcb->asoc.loopback_scope))) { 4010 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 4011 SCTP_STAT_INCR(sctps_sendswcrc); 4012 } else { 4013 SCTP_STAT_INCR(sctps_sendnocrc); 4014 } 4015 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) { 4016 udp->uh_sum = 0xffff; 4017 } 4018 } else { 4019 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4020 (stcb) && 4021 (stcb->asoc.loopback_scope))) { 4022 m->m_pkthdr.csum_flags = CSUM_SCTP; 4023 m->m_pkthdr.csum_data = 0; 4024 SCTP_STAT_INCR(sctps_sendhwcrc); 4025 } else { 4026 SCTP_STAT_INCR(sctps_sendnocrc); 4027 } 4028 } 4029 /* send it out. table id is taken from stcb */ 4030#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4031 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4032 so = SCTP_INP_SO(inp); 4033 SCTP_SOCKET_UNLOCK(so, 0); 4034 } 4035#endif 4036 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id); 4037#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4038 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4039 atomic_add_int(&stcb->asoc.refcnt, 1); 4040 SCTP_TCB_UNLOCK(stcb); 4041 SCTP_SOCKET_LOCK(so, 0); 4042 SCTP_TCB_LOCK(stcb); 4043 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4044 } 4045#endif 4046 if (net) { 4047 /* for link local this must be done */ 4048 sin6->sin6_scope_id = prev_scope; 4049 sin6->sin6_port = prev_port; 4050 } 4051 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret); 4052 SCTP_STAT_INCR(sctps_sendpackets); 4053 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4054 if (ret) { 4055 SCTP_STAT_INCR(sctps_senderrors); 4056 } 4057 if (net == NULL) { 4058 /* Now if we had a temp route free it */ 4059 if (ro->ro_rt) { 4060 RTFREE(ro->ro_rt); 4061 } 4062 } else { 4063 /* PMTU check versus smallest asoc MTU goes here */ 4064 if (ro->ro_rt == NULL) { 4065 /* Route was freed */ 4066 if (net->ro._s_addr && 4067 net->src_addr_selected) { 4068 sctp_free_ifa(net->ro._s_addr); 4069 net->ro._s_addr = NULL; 4070 } 4071 net->src_addr_selected = 0; 4072 } 4073 if ((ro->ro_rt != NULL) && 4074 (net->ro._s_addr)) { 4075 uint32_t mtu; 4076 4077 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4078 if (mtu && 4079 (stcb->asoc.smallest_mtu > mtu)) { 4080#ifdef SCTP_PRINT_FOR_B_AND_M 4081 SCTP_PRINTF("sctp_mtu_size_reset called after ip6_output mtu-change:%d\n", 4082 mtu); 4083#endif 4084 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4085 net->mtu = mtu; 4086 if (net->port) { 4087 net->mtu -= sizeof(struct udphdr); 4088 } 4089 } 4090 } else if (ifp) { 4091 if (ND_IFINFO(ifp)->linkmtu && 4092 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 4093#ifdef SCTP_PRINT_FOR_B_AND_M 4094 SCTP_PRINTF("sctp_mtu_size_reset called via ifp ND_IFINFO() linkmtu:%d\n", 4095 ND_IFINFO(ifp)->linkmtu); 4096#endif 4097 sctp_mtu_size_reset(inp, 4098 &stcb->asoc, 4099 ND_IFINFO(ifp)->linkmtu); 4100 } 4101 } 4102 } 4103 return (ret); 4104 } 4105#endif 4106 else { 4107 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 4108 ((struct sockaddr *)to)->sa_family); 4109 sctp_m_freem(m); 4110 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 4111 return (EFAULT); 4112 } 4113} 4114 4115 4116void 4117sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked 4118#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4119 SCTP_UNUSED 4120#endif 4121) 4122{ 4123 struct mbuf *m, *m_at, *mp_last; 4124 struct sctp_nets *net; 4125 struct sctp_init_chunk *init; 4126 struct sctp_supported_addr_param *sup_addr; 4127 struct sctp_adaptation_layer_indication *ali; 4128 struct sctp_ecn_supported_param *ecn; 4129 struct sctp_prsctp_supported_param *prsctp; 4130 struct sctp_ecn_nonce_supported_param *ecn_nonce; 4131 struct sctp_supported_chunk_types_param *pr_supported; 4132 int cnt_inits_to = 0; 4133 int padval, ret; 4134 int num_ext; 4135 int p_len; 4136 4137 /* INIT's always go to the primary (and usually ONLY address) */ 4138 mp_last = NULL; 4139 net = stcb->asoc.primary_destination; 4140 if (net == NULL) { 4141 net = TAILQ_FIRST(&stcb->asoc.nets); 4142 if (net == NULL) { 4143 /* TSNH */ 4144 return; 4145 } 4146 /* we confirm any address we send an INIT to */ 4147 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4148 (void)sctp_set_primary_addr(stcb, NULL, net); 4149 } else { 4150 /* we confirm any address we send an INIT to */ 4151 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4152 } 4153 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n"); 4154#ifdef INET6 4155 if (((struct sockaddr *)&(net->ro._l_addr))->sa_family == AF_INET6) { 4156 /* 4157 * special hook, if we are sending to link local it will not 4158 * show up in our private address count. 4159 */ 4160 struct sockaddr_in6 *sin6l; 4161 4162 sin6l = &net->ro._l_addr.sin6; 4163 if (IN6_IS_ADDR_LINKLOCAL(&sin6l->sin6_addr)) 4164 cnt_inits_to = 1; 4165 } 4166#endif 4167 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 4168 /* This case should not happen */ 4169 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n"); 4170 return; 4171 } 4172 /* start the INIT timer */ 4173 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 4174 4175 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA); 4176 if (m == NULL) { 4177 /* No memory, INIT timer will re-attempt. */ 4178 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n"); 4179 return; 4180 } 4181 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); 4182 /* 4183 * assume peer supports asconf in order to be able to queue local 4184 * address changes while an INIT is in flight and before the assoc 4185 * is established. 4186 */ 4187 stcb->asoc.peer_supports_asconf = 1; 4188 /* Now lets put the SCTP header in place */ 4189 init = mtod(m, struct sctp_init_chunk *); 4190 /* now the chunk header */ 4191 init->ch.chunk_type = SCTP_INITIATION; 4192 init->ch.chunk_flags = 0; 4193 /* fill in later from mbuf we build */ 4194 init->ch.chunk_length = 0; 4195 /* place in my tag */ 4196 init->init.initiate_tag = htonl(stcb->asoc.my_vtag); 4197 /* set up some of the credits. */ 4198 init->init.a_rwnd = htonl(max(inp->sctp_socket ? SCTP_SB_LIMIT_RCV(inp->sctp_socket) : 0, 4199 SCTP_MINIMAL_RWND)); 4200 4201 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 4202 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 4203 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number); 4204 /* now the address restriction */ 4205 sup_addr = (struct sctp_supported_addr_param *)((caddr_t)init + 4206 sizeof(*init)); 4207 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 4208#ifdef INET6 4209 /* we support 2 types: IPv6/IPv4 */ 4210 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint16_t)); 4211 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 4212 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS); 4213#else 4214 /* we support 1 type: IPv4 */ 4215 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint8_t)); 4216 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 4217 sup_addr->addr_type[1] = htons(0); /* this is the padding */ 4218#endif 4219 SCTP_BUF_LEN(m) += sizeof(*sup_addr) + sizeof(uint16_t); 4220 /* adaptation layer indication parameter */ 4221 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t)); 4222 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 4223 ali->ph.param_length = htons(sizeof(*ali)); 4224 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 4225 SCTP_BUF_LEN(m) += sizeof(*ali); 4226 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali)); 4227 4228 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) { 4229 /* Add NAT friendly parameter */ 4230 struct sctp_paramhdr *ph; 4231 4232 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4233 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 4234 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 4235 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr); 4236 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ph + sizeof(*ph)); 4237 } 4238 /* now any cookie time extensions */ 4239 if (stcb->asoc.cookie_preserve_req) { 4240 struct sctp_cookie_perserve_param *cookie_preserve; 4241 4242 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn); 4243 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 4244 cookie_preserve->ph.param_length = htons( 4245 sizeof(*cookie_preserve)); 4246 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 4247 SCTP_BUF_LEN(m) += sizeof(*cookie_preserve); 4248 ecn = (struct sctp_ecn_supported_param *)( 4249 (caddr_t)cookie_preserve + sizeof(*cookie_preserve)); 4250 stcb->asoc.cookie_preserve_req = 0; 4251 } 4252 /* ECN parameter */ 4253 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) { 4254 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 4255 ecn->ph.param_length = htons(sizeof(*ecn)); 4256 SCTP_BUF_LEN(m) += sizeof(*ecn); 4257 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 4258 sizeof(*ecn)); 4259 } else { 4260 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 4261 } 4262 /* And now tell the peer we do pr-sctp */ 4263 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 4264 prsctp->ph.param_length = htons(sizeof(*prsctp)); 4265 SCTP_BUF_LEN(m) += sizeof(*prsctp); 4266 4267 /* And now tell the peer we do all the extensions */ 4268 pr_supported = (struct sctp_supported_chunk_types_param *) 4269 ((caddr_t)prsctp + sizeof(*prsctp)); 4270 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 4271 num_ext = 0; 4272 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 4273 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 4274 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 4275 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 4276 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 4277 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 4278 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 4279 } 4280 /* 4281 * EY if the initiator supports nr_sacks, need to report that to 4282 * responder in INIT chunk 4283 */ 4284 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) { 4285 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 4286 } 4287 p_len = sizeof(*pr_supported) + num_ext; 4288 pr_supported->ph.param_length = htons(p_len); 4289 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 4290 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4291 4292 4293 /* ECN nonce: And now tell the peer we support ECN nonce */ 4294 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) { 4295 ecn_nonce = (struct sctp_ecn_nonce_supported_param *) 4296 ((caddr_t)pr_supported + SCTP_SIZE32(p_len)); 4297 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 4298 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 4299 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce); 4300 } 4301 /* add authentication parameters */ 4302 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 4303 struct sctp_auth_random *randp; 4304 struct sctp_auth_hmac_algo *hmacs; 4305 struct sctp_auth_chunk_list *chunks; 4306 4307 /* attach RANDOM parameter, if available */ 4308 if (stcb->asoc.authinfo.random != NULL) { 4309 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4310 p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len; 4311 /* random key already contains the header */ 4312 bcopy(stcb->asoc.authinfo.random->key, randp, p_len); 4313 /* zero out any padding required */ 4314 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); 4315 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4316 } 4317 /* add HMAC_ALGO parameter */ 4318 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4319 p_len = sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 4320 (uint8_t *) hmacs->hmac_ids); 4321 if (p_len > 0) { 4322 p_len += sizeof(*hmacs); 4323 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 4324 hmacs->ph.param_length = htons(p_len); 4325 /* zero out any padding required */ 4326 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 4327 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4328 } 4329 /* add CHUNKS parameter */ 4330 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4331 p_len = sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, 4332 chunks->chunk_types); 4333 if (p_len > 0) { 4334 p_len += sizeof(*chunks); 4335 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 4336 chunks->ph.param_length = htons(p_len); 4337 /* zero out any padding required */ 4338 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 4339 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4340 } 4341 } 4342 m_at = m; 4343 /* now the addresses */ 4344 { 4345 struct sctp_scoping scp; 4346 4347 /* 4348 * To optimize this we could put the scoping stuff into a 4349 * structure and remove the individual uint8's from the 4350 * assoc structure. Then we could just sifa in the address 4351 * within the stcb.. but for now this is a quick hack to get 4352 * the address stuff teased apart. 4353 */ 4354 scp.ipv4_addr_legal = stcb->asoc.ipv4_addr_legal; 4355 scp.ipv6_addr_legal = stcb->asoc.ipv6_addr_legal; 4356 scp.loopback_scope = stcb->asoc.loopback_scope; 4357 scp.ipv4_local_scope = stcb->asoc.ipv4_local_scope; 4358 scp.local_scope = stcb->asoc.local_scope; 4359 scp.site_scope = stcb->asoc.site_scope; 4360 4361 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 4362 } 4363 4364 /* calulate the size and update pkt header and chunk header */ 4365 p_len = 0; 4366 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 4367 if (SCTP_BUF_NEXT(m_at) == NULL) 4368 mp_last = m_at; 4369 p_len += SCTP_BUF_LEN(m_at); 4370 } 4371 init->ch.chunk_length = htons(p_len); 4372 /* 4373 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 4374 * here since the timer will drive a retranmission. 4375 */ 4376 4377 /* I don't expect this to execute but we will be safe here */ 4378 padval = p_len % 4; 4379 if ((padval) && (mp_last)) { 4380 /* 4381 * The compiler worries that mp_last may not be set even 4382 * though I think it is impossible :-> however we add 4383 * mp_last here just in case. 4384 */ 4385 ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); 4386 if (ret) { 4387 /* Houston we have a problem, no space */ 4388 sctp_m_freem(m); 4389 return; 4390 } 4391 p_len += padval; 4392 } 4393 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n"); 4394 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 4395 (struct sockaddr *)&net->ro._l_addr, 4396 m, 0, NULL, 0, 0, 0, NULL, 0, 4397 inp->sctp_lport, stcb->rport, htonl(0), 4398 net->port, so_locked, NULL); 4399 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret); 4400 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 4401 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 4402} 4403 4404struct mbuf * 4405sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 4406 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly) 4407{ 4408 /* 4409 * Given a mbuf containing an INIT or INIT-ACK with the param_offset 4410 * being equal to the beginning of the params i.e. (iphlen + 4411 * sizeof(struct sctp_init_msg) parse through the parameters to the 4412 * end of the mbuf verifying that all parameters are known. 4413 * 4414 * For unknown parameters build and return a mbuf with 4415 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop 4416 * processing this chunk stop, and set *abort_processing to 1. 4417 * 4418 * By having param_offset be pre-set to where parameters begin it is 4419 * hoped that this routine may be reused in the future by new 4420 * features. 4421 */ 4422 struct sctp_paramhdr *phdr, params; 4423 4424 struct mbuf *mat, *op_err; 4425 char tempbuf[SCTP_PARAM_BUFFER_SIZE]; 4426 int at, limit, pad_needed; 4427 uint16_t ptype, plen, padded_size; 4428 int err_at; 4429 4430 *abort_processing = 0; 4431 mat = in_initpkt; 4432 err_at = 0; 4433 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 4434 at = param_offset; 4435 op_err = NULL; 4436 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n"); 4437 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4438 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 4439 ptype = ntohs(phdr->param_type); 4440 plen = ntohs(phdr->param_length); 4441 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) { 4442 /* wacked parameter */ 4443 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen); 4444 goto invalid_size; 4445 } 4446 limit -= SCTP_SIZE32(plen); 4447 /*- 4448 * All parameters for all chunks that we know/understand are 4449 * listed here. We process them other places and make 4450 * appropriate stop actions per the upper bits. However this 4451 * is the generic routine processor's can call to get back 4452 * an operr.. to either incorporate (init-ack) or send. 4453 */ 4454 padded_size = SCTP_SIZE32(plen); 4455 switch (ptype) { 4456 /* Param's with variable size */ 4457 case SCTP_HEARTBEAT_INFO: 4458 case SCTP_STATE_COOKIE: 4459 case SCTP_UNRECOG_PARAM: 4460 case SCTP_ERROR_CAUSE_IND: 4461 /* ok skip fwd */ 4462 at += padded_size; 4463 break; 4464 /* Param's with variable size within a range */ 4465 case SCTP_CHUNK_LIST: 4466 case SCTP_SUPPORTED_CHUNK_EXT: 4467 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) { 4468 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen); 4469 goto invalid_size; 4470 } 4471 at += padded_size; 4472 break; 4473 case SCTP_SUPPORTED_ADDRTYPE: 4474 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) { 4475 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen); 4476 goto invalid_size; 4477 } 4478 at += padded_size; 4479 break; 4480 case SCTP_RANDOM: 4481 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) { 4482 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen); 4483 goto invalid_size; 4484 } 4485 at += padded_size; 4486 break; 4487 case SCTP_SET_PRIM_ADDR: 4488 case SCTP_DEL_IP_ADDRESS: 4489 case SCTP_ADD_IP_ADDRESS: 4490 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) && 4491 (padded_size != sizeof(struct sctp_asconf_addr_param))) { 4492 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen); 4493 goto invalid_size; 4494 } 4495 at += padded_size; 4496 break; 4497 /* Param's with a fixed size */ 4498 case SCTP_IPV4_ADDRESS: 4499 if (padded_size != sizeof(struct sctp_ipv4addr_param)) { 4500 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen); 4501 goto invalid_size; 4502 } 4503 at += padded_size; 4504 break; 4505 case SCTP_IPV6_ADDRESS: 4506 if (padded_size != sizeof(struct sctp_ipv6addr_param)) { 4507 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen); 4508 goto invalid_size; 4509 } 4510 at += padded_size; 4511 break; 4512 case SCTP_COOKIE_PRESERVE: 4513 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) { 4514 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen); 4515 goto invalid_size; 4516 } 4517 at += padded_size; 4518 break; 4519 case SCTP_HAS_NAT_SUPPORT: 4520 *nat_friendly = 1; 4521 /* fall through */ 4522 case SCTP_ECN_NONCE_SUPPORTED: 4523 case SCTP_PRSCTP_SUPPORTED: 4524 4525 if (padded_size != sizeof(struct sctp_paramhdr)) { 4526 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecnnonce/prsctp/nat support %d\n", plen); 4527 goto invalid_size; 4528 } 4529 at += padded_size; 4530 break; 4531 case SCTP_ECN_CAPABLE: 4532 if (padded_size != sizeof(struct sctp_ecn_supported_param)) { 4533 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen); 4534 goto invalid_size; 4535 } 4536 at += padded_size; 4537 break; 4538 case SCTP_ULP_ADAPTATION: 4539 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) { 4540 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen); 4541 goto invalid_size; 4542 } 4543 at += padded_size; 4544 break; 4545 case SCTP_SUCCESS_REPORT: 4546 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) { 4547 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen); 4548 goto invalid_size; 4549 } 4550 at += padded_size; 4551 break; 4552 case SCTP_HOSTNAME_ADDRESS: 4553 { 4554 /* We can NOT handle HOST NAME addresses!! */ 4555 int l_len; 4556 4557 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n"); 4558 *abort_processing = 1; 4559 if (op_err == NULL) { 4560 /* Ok need to try to get a mbuf */ 4561#ifdef INET6 4562 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4563#else 4564 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4565#endif 4566 l_len += plen; 4567 l_len += sizeof(struct sctp_paramhdr); 4568 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4569 if (op_err) { 4570 SCTP_BUF_LEN(op_err) = 0; 4571 /* 4572 * pre-reserve space for ip 4573 * and sctp header and 4574 * chunk hdr 4575 */ 4576#ifdef INET6 4577 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4578#else 4579 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4580#endif 4581 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4582 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4583 } 4584 } 4585 if (op_err) { 4586 /* If we have space */ 4587 struct sctp_paramhdr s; 4588 4589 if (err_at % 4) { 4590 uint32_t cpthis = 0; 4591 4592 pad_needed = 4 - (err_at % 4); 4593 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4594 err_at += pad_needed; 4595 } 4596 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); 4597 s.param_length = htons(sizeof(s) + plen); 4598 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4599 err_at += sizeof(s); 4600 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 4601 if (phdr == NULL) { 4602 sctp_m_freem(op_err); 4603 /* 4604 * we are out of memory but 4605 * we still need to have a 4606 * look at what to do (the 4607 * system is in trouble 4608 * though). 4609 */ 4610 return (NULL); 4611 } 4612 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4613 err_at += plen; 4614 } 4615 return (op_err); 4616 break; 4617 } 4618 default: 4619 /* 4620 * we do not recognize the parameter figure out what 4621 * we do. 4622 */ 4623 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype); 4624 if ((ptype & 0x4000) == 0x4000) { 4625 /* Report bit is set?? */ 4626 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n"); 4627 if (op_err == NULL) { 4628 int l_len; 4629 4630 /* Ok need to try to get an mbuf */ 4631#ifdef INET6 4632 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4633#else 4634 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4635#endif 4636 l_len += plen; 4637 l_len += sizeof(struct sctp_paramhdr); 4638 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4639 if (op_err) { 4640 SCTP_BUF_LEN(op_err) = 0; 4641#ifdef INET6 4642 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4643#else 4644 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4645#endif 4646 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4647 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4648 } 4649 } 4650 if (op_err) { 4651 /* If we have space */ 4652 struct sctp_paramhdr s; 4653 4654 if (err_at % 4) { 4655 uint32_t cpthis = 0; 4656 4657 pad_needed = 4 - (err_at % 4); 4658 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4659 err_at += pad_needed; 4660 } 4661 s.param_type = htons(SCTP_UNRECOG_PARAM); 4662 s.param_length = htons(sizeof(s) + plen); 4663 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4664 err_at += sizeof(s); 4665 if (plen > sizeof(tempbuf)) { 4666 plen = sizeof(tempbuf); 4667 } 4668 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 4669 if (phdr == NULL) { 4670 sctp_m_freem(op_err); 4671 /* 4672 * we are out of memory but 4673 * we still need to have a 4674 * look at what to do (the 4675 * system is in trouble 4676 * though). 4677 */ 4678 op_err = NULL; 4679 goto more_processing; 4680 } 4681 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4682 err_at += plen; 4683 } 4684 } 4685 more_processing: 4686 if ((ptype & 0x8000) == 0x0000) { 4687 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n"); 4688 return (op_err); 4689 } else { 4690 /* skip this chunk and continue processing */ 4691 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n"); 4692 at += SCTP_SIZE32(plen); 4693 } 4694 break; 4695 4696 } 4697 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4698 } 4699 return (op_err); 4700invalid_size: 4701 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n"); 4702 *abort_processing = 1; 4703 if ((op_err == NULL) && phdr) { 4704 int l_len; 4705 4706#ifdef INET6 4707 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4708#else 4709 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4710#endif 4711 l_len += (2 * sizeof(struct sctp_paramhdr)); 4712 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4713 if (op_err) { 4714 SCTP_BUF_LEN(op_err) = 0; 4715#ifdef INET6 4716 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4717#else 4718 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4719#endif 4720 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4721 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4722 } 4723 } 4724 if ((op_err) && phdr) { 4725 struct sctp_paramhdr s; 4726 4727 if (err_at % 4) { 4728 uint32_t cpthis = 0; 4729 4730 pad_needed = 4 - (err_at % 4); 4731 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4732 err_at += pad_needed; 4733 } 4734 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION); 4735 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr)); 4736 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4737 err_at += sizeof(s); 4738 /* Only copy back the p-hdr that caused the issue */ 4739 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr); 4740 } 4741 return (op_err); 4742} 4743 4744static int 4745sctp_are_there_new_addresses(struct sctp_association *asoc, 4746 struct mbuf *in_initpkt, int iphlen, int offset) 4747{ 4748 /* 4749 * Given a INIT packet, look through the packet to verify that there 4750 * are NO new addresses. As we go through the parameters add reports 4751 * of any un-understood parameters that require an error. Also we 4752 * must return (1) to drop the packet if we see a un-understood 4753 * parameter that tells us to drop the chunk. 4754 */ 4755 struct sockaddr_in sin4, *sa4; 4756 4757#ifdef INET6 4758 struct sockaddr_in6 sin6, *sa6; 4759 4760#endif 4761 struct sockaddr *sa_touse; 4762 struct sockaddr *sa; 4763 struct sctp_paramhdr *phdr, params; 4764 struct ip *iph; 4765 4766#ifdef INET6 4767 struct ip6_hdr *ip6h; 4768 4769#endif 4770 struct mbuf *mat; 4771 uint16_t ptype, plen; 4772 int err_at; 4773 uint8_t fnd; 4774 struct sctp_nets *net; 4775 4776 memset(&sin4, 0, sizeof(sin4)); 4777#ifdef INET6 4778 memset(&sin6, 0, sizeof(sin6)); 4779#endif 4780 sin4.sin_family = AF_INET; 4781 sin4.sin_len = sizeof(sin4); 4782#ifdef INET6 4783 sin6.sin6_family = AF_INET6; 4784 sin6.sin6_len = sizeof(sin6); 4785#endif 4786 sa_touse = NULL; 4787 /* First what about the src address of the pkt ? */ 4788 iph = mtod(in_initpkt, struct ip *); 4789 switch (iph->ip_v) { 4790 case IPVERSION: 4791 /* source addr is IPv4 */ 4792 sin4.sin_addr = iph->ip_src; 4793 sa_touse = (struct sockaddr *)&sin4; 4794 break; 4795#ifdef INET6 4796 case IPV6_VERSION >> 4: 4797 /* source addr is IPv6 */ 4798 ip6h = mtod(in_initpkt, struct ip6_hdr *); 4799 sin6.sin6_addr = ip6h->ip6_src; 4800 sa_touse = (struct sockaddr *)&sin6; 4801 break; 4802#endif 4803 default: 4804 return (1); 4805 } 4806 4807 fnd = 0; 4808 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4809 sa = (struct sockaddr *)&net->ro._l_addr; 4810 if (sa->sa_family == sa_touse->sa_family) { 4811 if (sa->sa_family == AF_INET) { 4812 sa4 = (struct sockaddr_in *)sa; 4813 if (sa4->sin_addr.s_addr == 4814 sin4.sin_addr.s_addr) { 4815 fnd = 1; 4816 break; 4817 } 4818 } 4819#ifdef INET6 4820 if (sa->sa_family == AF_INET6) { 4821 sa6 = (struct sockaddr_in6 *)sa; 4822 if (SCTP6_ARE_ADDR_EQUAL(sa6, 4823 &sin6)) { 4824 fnd = 1; 4825 break; 4826 } 4827 } 4828#endif 4829 } 4830 } 4831 if (fnd == 0) { 4832 /* New address added! no need to look futher. */ 4833 return (1); 4834 } 4835 /* Ok so far lets munge through the rest of the packet */ 4836 mat = in_initpkt; 4837 err_at = 0; 4838 sa_touse = NULL; 4839 offset += sizeof(struct sctp_init_chunk); 4840 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4841 while (phdr) { 4842 ptype = ntohs(phdr->param_type); 4843 plen = ntohs(phdr->param_length); 4844 if (ptype == SCTP_IPV4_ADDRESS) { 4845 struct sctp_ipv4addr_param *p4, p4_buf; 4846 4847 phdr = sctp_get_next_param(mat, offset, 4848 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 4849 if (plen != sizeof(struct sctp_ipv4addr_param) || 4850 phdr == NULL) { 4851 return (1); 4852 } 4853 p4 = (struct sctp_ipv4addr_param *)phdr; 4854 sin4.sin_addr.s_addr = p4->addr; 4855 sa_touse = (struct sockaddr *)&sin4; 4856 } else if (ptype == SCTP_IPV6_ADDRESS) { 4857 struct sctp_ipv6addr_param *p6, p6_buf; 4858 4859 phdr = sctp_get_next_param(mat, offset, 4860 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 4861 if (plen != sizeof(struct sctp_ipv6addr_param) || 4862 phdr == NULL) { 4863 return (1); 4864 } 4865 p6 = (struct sctp_ipv6addr_param *)phdr; 4866#ifdef INET6 4867 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 4868 sizeof(p6->addr)); 4869#endif 4870 sa_touse = (struct sockaddr *)&sin4; 4871 } 4872 if (sa_touse) { 4873 /* ok, sa_touse points to one to check */ 4874 fnd = 0; 4875 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4876 sa = (struct sockaddr *)&net->ro._l_addr; 4877 if (sa->sa_family != sa_touse->sa_family) { 4878 continue; 4879 } 4880 if (sa->sa_family == AF_INET) { 4881 sa4 = (struct sockaddr_in *)sa; 4882 if (sa4->sin_addr.s_addr == 4883 sin4.sin_addr.s_addr) { 4884 fnd = 1; 4885 break; 4886 } 4887 } 4888#ifdef INET6 4889 if (sa->sa_family == AF_INET6) { 4890 sa6 = (struct sockaddr_in6 *)sa; 4891 if (SCTP6_ARE_ADDR_EQUAL( 4892 sa6, &sin6)) { 4893 fnd = 1; 4894 break; 4895 } 4896 } 4897#endif 4898 } 4899 if (!fnd) { 4900 /* New addr added! no need to look further */ 4901 return (1); 4902 } 4903 } 4904 offset += SCTP_SIZE32(plen); 4905 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4906 } 4907 return (0); 4908} 4909 4910/* 4911 * Given a MBUF chain that was sent into us containing an INIT. Build a 4912 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done 4913 * a pullup to include IPv6/4header, SCTP header and initial part of INIT 4914 * message (i.e. the struct sctp_init_msg). 4915 */ 4916void 4917sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4918 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh, 4919 struct sctp_init_chunk *init_chk, uint32_t vrf_id, uint16_t port, int hold_inp_lock) 4920{ 4921 struct sctp_association *asoc; 4922 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *mp_last; 4923 struct sctp_init_ack_chunk *initack; 4924 struct sctp_adaptation_layer_indication *ali; 4925 struct sctp_ecn_supported_param *ecn; 4926 struct sctp_prsctp_supported_param *prsctp; 4927 struct sctp_ecn_nonce_supported_param *ecn_nonce; 4928 struct sctp_supported_chunk_types_param *pr_supported; 4929 union sctp_sockstore store, store1, *over_addr; 4930 struct sockaddr_in *sin, *to_sin; 4931 4932#ifdef INET6 4933 struct sockaddr_in6 *sin6, *to_sin6; 4934 4935#endif 4936 struct ip *iph; 4937 4938#ifdef INET6 4939 struct ip6_hdr *ip6; 4940 4941#endif 4942 struct sockaddr *to; 4943 struct sctp_state_cookie stc; 4944 struct sctp_nets *net = NULL; 4945 uint8_t *signature = NULL; 4946 int cnt_inits_to = 0; 4947 uint16_t his_limit, i_want; 4948 int abort_flag, padval; 4949 int num_ext; 4950 int p_len; 4951 int nat_friendly = 0; 4952 struct socket *so; 4953 4954 if (stcb) 4955 asoc = &stcb->asoc; 4956 else 4957 asoc = NULL; 4958 mp_last = NULL; 4959 if ((asoc != NULL) && 4960 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 4961 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) { 4962 /* new addresses, out of here in non-cookie-wait states */ 4963 /* 4964 * Send a ABORT, we don't add the new address error clause 4965 * though we even set the T bit and copy in the 0 tag.. this 4966 * looks no different than if no listener was present. 4967 */ 4968 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL, vrf_id, port); 4969 return; 4970 } 4971 abort_flag = 0; 4972 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 4973 (offset + sizeof(struct sctp_init_chunk)), 4974 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly); 4975 if (abort_flag) { 4976do_a_abort: 4977 sctp_send_abort(init_pkt, iphlen, sh, 4978 init_chk->init.initiate_tag, op_err, vrf_id, port); 4979 return; 4980 } 4981 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 4982 if (m == NULL) { 4983 /* No memory, INIT timer will re-attempt. */ 4984 if (op_err) 4985 sctp_m_freem(op_err); 4986 return; 4987 } 4988 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); 4989 4990 /* the time I built cookie */ 4991 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); 4992 4993 /* populate any tie tags */ 4994 if (asoc != NULL) { 4995 /* unlock before tag selections */ 4996 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 4997 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 4998 stc.cookie_life = asoc->cookie_life; 4999 net = asoc->primary_destination; 5000 } else { 5001 stc.tie_tag_my_vtag = 0; 5002 stc.tie_tag_peer_vtag = 0; 5003 /* life I will award this cookie */ 5004 stc.cookie_life = inp->sctp_ep.def_cookie_life; 5005 } 5006 5007 /* copy in the ports for later check */ 5008 stc.myport = sh->dest_port; 5009 stc.peerport = sh->src_port; 5010 5011 /* 5012 * If we wanted to honor cookie life extentions, we would add to 5013 * stc.cookie_life. For now we should NOT honor any extension 5014 */ 5015 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 5016 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5017 struct inpcb *in_inp; 5018 5019 /* Its a V6 socket */ 5020 in_inp = (struct inpcb *)inp; 5021 stc.ipv6_addr_legal = 1; 5022 /* Now look at the binding flag to see if V4 will be legal */ 5023 if (SCTP_IPV6_V6ONLY(in_inp) == 0) { 5024 stc.ipv4_addr_legal = 1; 5025 } else { 5026 /* V4 addresses are NOT legal on the association */ 5027 stc.ipv4_addr_legal = 0; 5028 } 5029 } else { 5030 /* Its a V4 socket, no - V6 */ 5031 stc.ipv4_addr_legal = 1; 5032 stc.ipv6_addr_legal = 0; 5033 } 5034 5035#ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 5036 stc.ipv4_scope = 1; 5037#else 5038 stc.ipv4_scope = 0; 5039#endif 5040 /* now for scope setup */ 5041 memset((caddr_t)&store, 0, sizeof(store)); 5042 memset((caddr_t)&store1, 0, sizeof(store1)); 5043 sin = &store.sin; 5044 to_sin = &store1.sin; 5045#ifdef INET6 5046 sin6 = &store.sin6; 5047 to_sin6 = &store1.sin6; 5048#endif 5049 iph = mtod(init_pkt, struct ip *); 5050 /* establish the to_addr's */ 5051 switch (iph->ip_v) { 5052 case IPVERSION: 5053 to_sin->sin_port = sh->dest_port; 5054 to_sin->sin_family = AF_INET; 5055 to_sin->sin_len = sizeof(struct sockaddr_in); 5056 to_sin->sin_addr = iph->ip_dst; 5057 break; 5058#ifdef INET6 5059 case IPV6_VERSION >> 4: 5060 ip6 = mtod(init_pkt, struct ip6_hdr *); 5061 to_sin6->sin6_addr = ip6->ip6_dst; 5062 to_sin6->sin6_scope_id = 0; 5063 to_sin6->sin6_port = sh->dest_port; 5064 to_sin6->sin6_family = AF_INET6; 5065 to_sin6->sin6_len = sizeof(struct sockaddr_in6); 5066 break; 5067#endif 5068 default: 5069 goto do_a_abort; 5070 break; 5071 }; 5072 5073 if (net == NULL) { 5074 to = (struct sockaddr *)&store; 5075 switch (iph->ip_v) { 5076 case IPVERSION: 5077 { 5078 sin->sin_family = AF_INET; 5079 sin->sin_len = sizeof(struct sockaddr_in); 5080 sin->sin_port = sh->src_port; 5081 sin->sin_addr = iph->ip_src; 5082 /* lookup address */ 5083 stc.address[0] = sin->sin_addr.s_addr; 5084 stc.address[1] = 0; 5085 stc.address[2] = 0; 5086 stc.address[3] = 0; 5087 stc.addr_type = SCTP_IPV4_ADDRESS; 5088 /* local from address */ 5089 stc.laddress[0] = to_sin->sin_addr.s_addr; 5090 stc.laddress[1] = 0; 5091 stc.laddress[2] = 0; 5092 stc.laddress[3] = 0; 5093 stc.laddr_type = SCTP_IPV4_ADDRESS; 5094 /* scope_id is only for v6 */ 5095 stc.scope_id = 0; 5096#ifndef SCTP_DONT_DO_PRIVADDR_SCOPE 5097 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 5098 stc.ipv4_scope = 1; 5099 } 5100#else 5101 stc.ipv4_scope = 1; 5102#endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 5103 /* Must use the address in this case */ 5104 if (sctp_is_address_on_local_host((struct sockaddr *)sin, vrf_id)) { 5105 stc.loopback_scope = 1; 5106 stc.ipv4_scope = 1; 5107 stc.site_scope = 1; 5108 stc.local_scope = 0; 5109 } 5110 break; 5111 } 5112#ifdef INET6 5113 case IPV6_VERSION >> 4: 5114 { 5115 ip6 = mtod(init_pkt, struct ip6_hdr *); 5116 sin6->sin6_family = AF_INET6; 5117 sin6->sin6_len = sizeof(struct sockaddr_in6); 5118 sin6->sin6_port = sh->src_port; 5119 sin6->sin6_addr = ip6->ip6_src; 5120 /* lookup address */ 5121 memcpy(&stc.address, &sin6->sin6_addr, 5122 sizeof(struct in6_addr)); 5123 sin6->sin6_scope_id = 0; 5124 stc.addr_type = SCTP_IPV6_ADDRESS; 5125 stc.scope_id = 0; 5126 if (sctp_is_address_on_local_host((struct sockaddr *)sin6, vrf_id)) { 5127 /* 5128 * FIX ME: does this have scope from 5129 * rcvif? 5130 */ 5131 (void)sa6_recoverscope(sin6); 5132 stc.scope_id = sin6->sin6_scope_id; 5133 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 5134 stc.loopback_scope = 1; 5135 stc.local_scope = 0; 5136 stc.site_scope = 1; 5137 stc.ipv4_scope = 1; 5138 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5139 /* 5140 * If the new destination is a 5141 * LINK_LOCAL we must have common 5142 * both site and local scope. Don't 5143 * set local scope though since we 5144 * must depend on the source to be 5145 * added implicitly. We cannot 5146 * assure just because we share one 5147 * link that all links are common. 5148 */ 5149 stc.local_scope = 0; 5150 stc.site_scope = 1; 5151 stc.ipv4_scope = 1; 5152 /* 5153 * we start counting for the private 5154 * address stuff at 1. since the 5155 * link local we source from won't 5156 * show up in our scoped count. 5157 */ 5158 cnt_inits_to = 1; 5159 /* 5160 * pull out the scope_id from 5161 * incoming pkt 5162 */ 5163 /* 5164 * FIX ME: does this have scope from 5165 * rcvif? 5166 */ 5167 (void)sa6_recoverscope(sin6); 5168 stc.scope_id = sin6->sin6_scope_id; 5169 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 5170 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 5171 /* 5172 * If the new destination is 5173 * SITE_LOCAL then we must have site 5174 * scope in common. 5175 */ 5176 stc.site_scope = 1; 5177 } 5178 memcpy(&stc.laddress, &to_sin6->sin6_addr, sizeof(struct in6_addr)); 5179 stc.laddr_type = SCTP_IPV6_ADDRESS; 5180 break; 5181 } 5182#endif 5183 default: 5184 /* TSNH */ 5185 goto do_a_abort; 5186 break; 5187 } 5188 } else { 5189 /* set the scope per the existing tcb */ 5190 5191#ifdef INET6 5192 struct sctp_nets *lnet; 5193 5194#endif 5195 5196 stc.loopback_scope = asoc->loopback_scope; 5197 stc.ipv4_scope = asoc->ipv4_local_scope; 5198 stc.site_scope = asoc->site_scope; 5199 stc.local_scope = asoc->local_scope; 5200#ifdef INET6 5201 /* Why do we not consider IPv4 LL addresses? */ 5202 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 5203 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) { 5204 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) { 5205 /* 5206 * if we have a LL address, start 5207 * counting at 1. 5208 */ 5209 cnt_inits_to = 1; 5210 } 5211 } 5212 } 5213#endif 5214 /* use the net pointer */ 5215 to = (struct sockaddr *)&net->ro._l_addr; 5216 switch (to->sa_family) { 5217 case AF_INET: 5218 sin = (struct sockaddr_in *)to; 5219 stc.address[0] = sin->sin_addr.s_addr; 5220 stc.address[1] = 0; 5221 stc.address[2] = 0; 5222 stc.address[3] = 0; 5223 stc.addr_type = SCTP_IPV4_ADDRESS; 5224 if (net->src_addr_selected == 0) { 5225 /* 5226 * strange case here, the INIT should have 5227 * did the selection. 5228 */ 5229 net->ro._s_addr = sctp_source_address_selection(inp, 5230 stcb, (sctp_route_t *) & net->ro, 5231 net, 0, vrf_id); 5232 if (net->ro._s_addr == NULL) 5233 return; 5234 5235 net->src_addr_selected = 1; 5236 5237 } 5238 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr; 5239 stc.laddress[1] = 0; 5240 stc.laddress[2] = 0; 5241 stc.laddress[3] = 0; 5242 stc.laddr_type = SCTP_IPV4_ADDRESS; 5243 break; 5244#ifdef INET6 5245 case AF_INET6: 5246 sin6 = (struct sockaddr_in6 *)to; 5247 memcpy(&stc.address, &sin6->sin6_addr, 5248 sizeof(struct in6_addr)); 5249 stc.addr_type = SCTP_IPV6_ADDRESS; 5250 if (net->src_addr_selected == 0) { 5251 /* 5252 * strange case here, the INIT should have 5253 * did the selection. 5254 */ 5255 net->ro._s_addr = sctp_source_address_selection(inp, 5256 stcb, (sctp_route_t *) & net->ro, 5257 net, 0, vrf_id); 5258 if (net->ro._s_addr == NULL) 5259 return; 5260 5261 net->src_addr_selected = 1; 5262 } 5263 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr, 5264 sizeof(struct in6_addr)); 5265 stc.laddr_type = SCTP_IPV6_ADDRESS; 5266 break; 5267#endif 5268 } 5269 } 5270 /* Now lets put the SCTP header in place */ 5271 initack = mtod(m, struct sctp_init_ack_chunk *); 5272 /* Save it off for quick ref */ 5273 stc.peers_vtag = init_chk->init.initiate_tag; 5274 /* who are we */ 5275 memcpy(stc.identification, SCTP_VERSION_STRING, 5276 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 5277 /* now the chunk header */ 5278 initack->ch.chunk_type = SCTP_INITIATION_ACK; 5279 initack->ch.chunk_flags = 0; 5280 /* fill in later from mbuf we build */ 5281 initack->ch.chunk_length = 0; 5282 /* place in my tag */ 5283 if ((asoc != NULL) && 5284 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 5285 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) || 5286 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 5287 /* re-use the v-tags and init-seq here */ 5288 initack->init.initiate_tag = htonl(asoc->my_vtag); 5289 initack->init.initial_tsn = htonl(asoc->init_seq_number); 5290 } else { 5291 uint32_t vtag, itsn; 5292 5293 if (hold_inp_lock) { 5294 SCTP_INP_INCR_REF(inp); 5295 SCTP_INP_RUNLOCK(inp); 5296 } 5297 if (asoc) { 5298 atomic_add_int(&asoc->refcnt, 1); 5299 SCTP_TCB_UNLOCK(stcb); 5300 new_tag: 5301 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5302 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) { 5303 /* 5304 * Got a duplicate vtag on some guy behind a 5305 * nat make sure we don't use it. 5306 */ 5307 goto new_tag; 5308 } 5309 initack->init.initiate_tag = htonl(vtag); 5310 /* get a TSN to use too */ 5311 itsn = sctp_select_initial_TSN(&inp->sctp_ep); 5312 initack->init.initial_tsn = htonl(itsn); 5313 SCTP_TCB_LOCK(stcb); 5314 atomic_add_int(&asoc->refcnt, -1); 5315 } else { 5316 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5317 initack->init.initiate_tag = htonl(vtag); 5318 /* get a TSN to use too */ 5319 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 5320 } 5321 if (hold_inp_lock) { 5322 SCTP_INP_RLOCK(inp); 5323 SCTP_INP_DECR_REF(inp); 5324 } 5325 } 5326 /* save away my tag to */ 5327 stc.my_vtag = initack->init.initiate_tag; 5328 5329 /* set up some of the credits. */ 5330 so = inp->sctp_socket; 5331 if (so == NULL) { 5332 /* memory problem */ 5333 sctp_m_freem(m); 5334 return; 5335 } else { 5336 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND)); 5337 } 5338 /* set what I want */ 5339 his_limit = ntohs(init_chk->init.num_inbound_streams); 5340 /* choose what I want */ 5341 if (asoc != NULL) { 5342 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) { 5343 i_want = asoc->streamoutcnt; 5344 } else { 5345 i_want = inp->sctp_ep.pre_open_stream_count; 5346 } 5347 } else { 5348 i_want = inp->sctp_ep.pre_open_stream_count; 5349 } 5350 if (his_limit < i_want) { 5351 /* I Want more :< */ 5352 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams; 5353 } else { 5354 /* I can have what I want :> */ 5355 initack->init.num_outbound_streams = htons(i_want); 5356 } 5357 /* tell him his limt. */ 5358 initack->init.num_inbound_streams = 5359 htons(inp->sctp_ep.max_open_streams_intome); 5360 5361 /* adaptation layer indication parameter */ 5362 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)initack + sizeof(*initack)); 5363 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 5364 ali->ph.param_length = htons(sizeof(*ali)); 5365 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 5366 SCTP_BUF_LEN(m) += sizeof(*ali); 5367 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali)); 5368 5369 /* ECN parameter */ 5370 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) { 5371 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 5372 ecn->ph.param_length = htons(sizeof(*ecn)); 5373 SCTP_BUF_LEN(m) += sizeof(*ecn); 5374 5375 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 5376 sizeof(*ecn)); 5377 } else { 5378 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 5379 } 5380 /* And now tell the peer we do pr-sctp */ 5381 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 5382 prsctp->ph.param_length = htons(sizeof(*prsctp)); 5383 SCTP_BUF_LEN(m) += sizeof(*prsctp); 5384 if (nat_friendly) { 5385 /* Add NAT friendly parameter */ 5386 struct sctp_paramhdr *ph; 5387 5388 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5389 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 5390 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 5391 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr); 5392 } 5393 /* And now tell the peer we do all the extensions */ 5394 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5395 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 5396 num_ext = 0; 5397 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 5398 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 5399 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 5400 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 5401 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 5402 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) 5403 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 5404 /* 5405 * EY if the sysctl variable is set, tell the assoc. initiator that 5406 * we do nr_sack 5407 */ 5408 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) 5409 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 5410 p_len = sizeof(*pr_supported) + num_ext; 5411 pr_supported->ph.param_length = htons(p_len); 5412 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 5413 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5414 5415 /* ECN nonce: And now tell the peer we support ECN nonce */ 5416 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) { 5417 ecn_nonce = (struct sctp_ecn_nonce_supported_param *) 5418 ((caddr_t)pr_supported + SCTP_SIZE32(p_len)); 5419 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 5420 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 5421 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce); 5422 } 5423 /* add authentication parameters */ 5424 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 5425 struct sctp_auth_random *randp; 5426 struct sctp_auth_hmac_algo *hmacs; 5427 struct sctp_auth_chunk_list *chunks; 5428 uint16_t random_len; 5429 5430 /* generate and add RANDOM parameter */ 5431 random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 5432 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5433 randp->ph.param_type = htons(SCTP_RANDOM); 5434 p_len = sizeof(*randp) + random_len; 5435 randp->ph.param_length = htons(p_len); 5436 SCTP_READ_RANDOM(randp->random_data, random_len); 5437 /* zero out any padding required */ 5438 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); 5439 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5440 5441 /* add HMAC_ALGO parameter */ 5442 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5443 p_len = sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs, 5444 (uint8_t *) hmacs->hmac_ids); 5445 if (p_len > 0) { 5446 p_len += sizeof(*hmacs); 5447 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 5448 hmacs->ph.param_length = htons(p_len); 5449 /* zero out any padding required */ 5450 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 5451 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5452 } 5453 /* add CHUNKS parameter */ 5454 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5455 p_len = sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks, 5456 chunks->chunk_types); 5457 if (p_len > 0) { 5458 p_len += sizeof(*chunks); 5459 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 5460 chunks->ph.param_length = htons(p_len); 5461 /* zero out any padding required */ 5462 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 5463 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5464 } 5465 } 5466 m_at = m; 5467 /* now the addresses */ 5468 { 5469 struct sctp_scoping scp; 5470 5471 /* 5472 * To optimize this we could put the scoping stuff into a 5473 * structure and remove the individual uint8's from the stc 5474 * structure. Then we could just sifa in the address within 5475 * the stc.. but for now this is a quick hack to get the 5476 * address stuff teased apart. 5477 */ 5478 scp.ipv4_addr_legal = stc.ipv4_addr_legal; 5479 scp.ipv6_addr_legal = stc.ipv6_addr_legal; 5480 scp.loopback_scope = stc.loopback_scope; 5481 scp.ipv4_local_scope = stc.ipv4_scope; 5482 scp.local_scope = stc.local_scope; 5483 scp.site_scope = stc.site_scope; 5484 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 5485 } 5486 5487 /* tack on the operational error if present */ 5488 if (op_err) { 5489 struct mbuf *ol; 5490 int llen; 5491 5492 llen = 0; 5493 ol = op_err; 5494 while (ol) { 5495 llen += SCTP_BUF_LEN(ol); 5496 ol = SCTP_BUF_NEXT(ol); 5497 } 5498 if (llen % 4) { 5499 /* must add a pad to the param */ 5500 uint32_t cpthis = 0; 5501 int padlen; 5502 5503 padlen = 4 - (llen % 4); 5504 m_copyback(op_err, llen, padlen, (caddr_t)&cpthis); 5505 } 5506 while (SCTP_BUF_NEXT(m_at) != NULL) { 5507 m_at = SCTP_BUF_NEXT(m_at); 5508 } 5509 SCTP_BUF_NEXT(m_at) = op_err; 5510 while (SCTP_BUF_NEXT(m_at) != NULL) { 5511 m_at = SCTP_BUF_NEXT(m_at); 5512 } 5513 } 5514 /* pre-calulate the size and update pkt header and chunk header */ 5515 p_len = 0; 5516 for (m_tmp = m; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5517 p_len += SCTP_BUF_LEN(m_tmp); 5518 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5519 /* m_tmp should now point to last one */ 5520 break; 5521 } 5522 } 5523 5524 /* Now we must build a cookie */ 5525 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 0, &stc, &signature); 5526 if (m_cookie == NULL) { 5527 /* memory problem */ 5528 sctp_m_freem(m); 5529 return; 5530 } 5531 /* Now append the cookie to the end and update the space/size */ 5532 SCTP_BUF_NEXT(m_tmp) = m_cookie; 5533 5534 for (m_tmp = m_cookie; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5535 p_len += SCTP_BUF_LEN(m_tmp); 5536 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5537 /* m_tmp should now point to last one */ 5538 mp_last = m_tmp; 5539 break; 5540 } 5541 } 5542 /* 5543 * Place in the size, but we don't include the last pad (if any) in 5544 * the INIT-ACK. 5545 */ 5546 initack->ch.chunk_length = htons(p_len); 5547 5548 /* 5549 * Time to sign the cookie, we don't sign over the cookie signature 5550 * though thus we set trailer. 5551 */ 5552 (void)sctp_hmac_m(SCTP_HMAC, 5553 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], 5554 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), 5555 (uint8_t *) signature, SCTP_SIGNATURE_SIZE); 5556 /* 5557 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 5558 * here since the timer will drive a retranmission. 5559 */ 5560 padval = p_len % 4; 5561 if ((padval) && (mp_last)) { 5562 /* see my previous comments on mp_last */ 5563 int ret; 5564 5565 ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); 5566 if (ret) { 5567 /* Houston we have a problem, no space */ 5568 sctp_m_freem(m); 5569 return; 5570 } 5571 p_len += padval; 5572 } 5573 if (stc.loopback_scope) { 5574 over_addr = &store1; 5575 } else { 5576 over_addr = NULL; 5577 } 5578 5579 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0, 5580 0, NULL, 0, 5581 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag, 5582 port, SCTP_SO_NOT_LOCKED, over_addr); 5583 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 5584} 5585 5586 5587void 5588sctp_insert_on_wheel(struct sctp_tcb *stcb, 5589 struct sctp_association *asoc, 5590 struct sctp_stream_out *strq, int holds_lock) 5591{ 5592 if (holds_lock == 0) { 5593 SCTP_TCB_SEND_LOCK(stcb); 5594 } 5595 if ((strq->next_spoke.tqe_next == NULL) && 5596 (strq->next_spoke.tqe_prev == NULL)) { 5597 TAILQ_INSERT_TAIL(&asoc->out_wheel, strq, next_spoke); 5598 } 5599 if (holds_lock == 0) { 5600 SCTP_TCB_SEND_UNLOCK(stcb); 5601 } 5602} 5603 5604void 5605sctp_remove_from_wheel(struct sctp_tcb *stcb, 5606 struct sctp_association *asoc, 5607 struct sctp_stream_out *strq, 5608 int holds_lock) 5609{ 5610 /* take off and then setup so we know it is not on the wheel */ 5611 if (holds_lock == 0) { 5612 SCTP_TCB_SEND_LOCK(stcb); 5613 } 5614 if (TAILQ_EMPTY(&strq->outqueue)) { 5615 if (asoc->last_out_stream == strq) { 5616 asoc->last_out_stream = TAILQ_PREV(asoc->last_out_stream, sctpwheel_listhead, next_spoke); 5617 if (asoc->last_out_stream == NULL) { 5618 asoc->last_out_stream = TAILQ_LAST(&asoc->out_wheel, sctpwheel_listhead); 5619 } 5620 if (asoc->last_out_stream == strq) { 5621 asoc->last_out_stream = NULL; 5622 } 5623 } 5624 TAILQ_REMOVE(&asoc->out_wheel, strq, next_spoke); 5625 strq->next_spoke.tqe_next = NULL; 5626 strq->next_spoke.tqe_prev = NULL; 5627 } 5628 if (holds_lock == 0) { 5629 SCTP_TCB_SEND_UNLOCK(stcb); 5630 } 5631} 5632 5633static void 5634sctp_prune_prsctp(struct sctp_tcb *stcb, 5635 struct sctp_association *asoc, 5636 struct sctp_sndrcvinfo *srcv, 5637 int dataout) 5638{ 5639 int freed_spc = 0; 5640 struct sctp_tmit_chunk *chk, *nchk; 5641 5642 SCTP_TCB_LOCK_ASSERT(stcb); 5643 if ((asoc->peer_supports_prsctp) && 5644 (asoc->sent_queue_cnt_removeable > 0)) { 5645 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 5646 /* 5647 * Look for chunks marked with the PR_SCTP flag AND 5648 * the buffer space flag. If the one being sent is 5649 * equal or greater priority then purge the old one 5650 * and free some space. 5651 */ 5652 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 5653 /* 5654 * This one is PR-SCTP AND buffer space 5655 * limited type 5656 */ 5657 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5658 /* 5659 * Lower numbers equates to higher 5660 * priority so if the one we are 5661 * looking at has a larger or equal 5662 * priority we want to drop the data 5663 * and NOT retransmit it. 5664 */ 5665 if (chk->data) { 5666 /* 5667 * We release the book_size 5668 * if the mbuf is here 5669 */ 5670 int ret_spc; 5671 int cause; 5672 5673 if (chk->sent > SCTP_DATAGRAM_UNSENT) 5674 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT; 5675 else 5676 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT; 5677 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5678 cause, 5679 SCTP_SO_LOCKED); 5680 freed_spc += ret_spc; 5681 if (freed_spc >= dataout) { 5682 return; 5683 } 5684 } /* if chunk was present */ 5685 } /* if of sufficent priority */ 5686 } /* if chunk has enabled */ 5687 } /* tailqforeach */ 5688 5689 chk = TAILQ_FIRST(&asoc->send_queue); 5690 while (chk) { 5691 nchk = TAILQ_NEXT(chk, sctp_next); 5692 /* Here we must move to the sent queue and mark */ 5693 if (PR_SCTP_TTL_ENABLED(chk->flags)) { 5694 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5695 if (chk->data) { 5696 /* 5697 * We release the book_size 5698 * if the mbuf is here 5699 */ 5700 int ret_spc; 5701 5702 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5703 SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT, 5704 SCTP_SO_LOCKED); 5705 5706 freed_spc += ret_spc; 5707 if (freed_spc >= dataout) { 5708 return; 5709 } 5710 } /* end if chk->data */ 5711 } /* end if right class */ 5712 } /* end if chk pr-sctp */ 5713 chk = nchk; 5714 } /* end while (chk) */ 5715 } /* if enabled in asoc */ 5716} 5717 5718int 5719sctp_get_frag_point(struct sctp_tcb *stcb, 5720 struct sctp_association *asoc) 5721{ 5722 int siz, ovh; 5723 5724 /* 5725 * For endpoints that have both v6 and v4 addresses we must reserve 5726 * room for the ipv6 header, for those that are only dealing with V4 5727 * we use a larger frag point. 5728 */ 5729 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5730 ovh = SCTP_MED_OVERHEAD; 5731 } else { 5732 ovh = SCTP_MED_V4_OVERHEAD; 5733 } 5734 5735 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu) 5736 siz = asoc->smallest_mtu - ovh; 5737 else 5738 siz = (stcb->asoc.sctp_frag_point - ovh); 5739 /* 5740 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { 5741 */ 5742 /* A data chunk MUST fit in a cluster */ 5743 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */ 5744 /* } */ 5745 5746 /* adjust for an AUTH chunk if DATA requires auth */ 5747 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) 5748 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 5749 5750 if (siz % 4) { 5751 /* make it an even word boundary please */ 5752 siz -= (siz % 4); 5753 } 5754 return (siz); 5755} 5756 5757static void 5758sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp) 5759{ 5760 sp->pr_sctp_on = 0; 5761 /* 5762 * We assume that the user wants PR_SCTP_TTL if the user provides a 5763 * positive lifetime but does not specify any PR_SCTP policy. This 5764 * is a BAD assumption and causes problems at least with the 5765 * U-Vancovers MPI folks. I will change this to be no policy means 5766 * NO PR-SCTP. 5767 */ 5768 if (PR_SCTP_ENABLED(sp->sinfo_flags)) { 5769 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 5770 sp->pr_sctp_on = 1; 5771 } else { 5772 return; 5773 } 5774 switch (PR_SCTP_POLICY(sp->sinfo_flags)) { 5775 case CHUNK_FLAGS_PR_SCTP_BUF: 5776 /* 5777 * Time to live is a priority stored in tv_sec when doing 5778 * the buffer drop thing. 5779 */ 5780 sp->ts.tv_sec = sp->timetolive; 5781 sp->ts.tv_usec = 0; 5782 break; 5783 case CHUNK_FLAGS_PR_SCTP_TTL: 5784 { 5785 struct timeval tv; 5786 5787 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 5788 tv.tv_sec = sp->timetolive / 1000; 5789 tv.tv_usec = (sp->timetolive * 1000) % 1000000; 5790 /* 5791 * TODO sctp_constants.h needs alternative time 5792 * macros when _KERNEL is undefined. 5793 */ 5794 timevaladd(&sp->ts, &tv); 5795 } 5796 break; 5797 case CHUNK_FLAGS_PR_SCTP_RTX: 5798 /* 5799 * Time to live is a the number or retransmissions stored in 5800 * tv_sec. 5801 */ 5802 sp->ts.tv_sec = sp->timetolive; 5803 sp->ts.tv_usec = 0; 5804 break; 5805 default: 5806 SCTPDBG(SCTP_DEBUG_USRREQ1, 5807 "Unknown PR_SCTP policy %u.\n", 5808 PR_SCTP_POLICY(sp->sinfo_flags)); 5809 break; 5810 } 5811} 5812 5813static int 5814sctp_msg_append(struct sctp_tcb *stcb, 5815 struct sctp_nets *net, 5816 struct mbuf *m, 5817 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock) 5818{ 5819 int error = 0, holds_lock; 5820 struct mbuf *at; 5821 struct sctp_stream_queue_pending *sp = NULL; 5822 struct sctp_stream_out *strm; 5823 5824 /* 5825 * Given an mbuf chain, put it into the association send queue and 5826 * place it on the wheel 5827 */ 5828 holds_lock = hold_stcb_lock; 5829 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) { 5830 /* Invalid stream number */ 5831 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 5832 error = EINVAL; 5833 goto out_now; 5834 } 5835 if ((stcb->asoc.stream_locked) && 5836 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { 5837 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 5838 error = EINVAL; 5839 goto out_now; 5840 } 5841 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 5842 /* Now can we send this? */ 5843 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) || 5844 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5845 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 5846 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { 5847 /* got data while shutting down */ 5848 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 5849 error = ECONNRESET; 5850 goto out_now; 5851 } 5852 sctp_alloc_a_strmoq(stcb, sp); 5853 if (sp == NULL) { 5854 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 5855 error = ENOMEM; 5856 goto out_now; 5857 } 5858 sp->sinfo_flags = srcv->sinfo_flags; 5859 sp->timetolive = srcv->sinfo_timetolive; 5860 sp->ppid = srcv->sinfo_ppid; 5861 sp->context = srcv->sinfo_context; 5862 sp->strseq = 0; 5863 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 5864 sp->net = net; 5865 } else { 5866 sp->net = stcb->asoc.primary_destination; 5867 } 5868 atomic_add_int(&sp->net->ref_count, 1); 5869 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 5870 sp->stream = srcv->sinfo_stream; 5871 sp->msg_is_complete = 1; 5872 sp->sender_all_done = 1; 5873 sp->some_taken = 0; 5874 sp->data = m; 5875 sp->tail_mbuf = NULL; 5876 sp->length = 0; 5877 at = m; 5878 sctp_set_prsctp_policy(sp); 5879 /* 5880 * We could in theory (for sendall) sifa the length in, but we would 5881 * still have to hunt through the chain since we need to setup the 5882 * tail_mbuf 5883 */ 5884 while (at) { 5885 if (SCTP_BUF_NEXT(at) == NULL) 5886 sp->tail_mbuf = at; 5887 sp->length += SCTP_BUF_LEN(at); 5888 at = SCTP_BUF_NEXT(at); 5889 } 5890 SCTP_TCB_SEND_LOCK(stcb); 5891 sctp_snd_sb_alloc(stcb, sp->length); 5892 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1); 5893 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 5894 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 5895 sp->strseq = strm->next_sequence_sent; 5896 strm->next_sequence_sent++; 5897 } 5898 if ((strm->next_spoke.tqe_next == NULL) && 5899 (strm->next_spoke.tqe_prev == NULL)) { 5900 /* Not on wheel, insert */ 5901 sctp_insert_on_wheel(stcb, &stcb->asoc, strm, 1); 5902 } 5903 m = NULL; 5904 SCTP_TCB_SEND_UNLOCK(stcb); 5905out_now: 5906 if (m) { 5907 sctp_m_freem(m); 5908 } 5909 return (error); 5910} 5911 5912 5913static struct mbuf * 5914sctp_copy_mbufchain(struct mbuf *clonechain, 5915 struct mbuf *outchain, 5916 struct mbuf **endofchain, 5917 int can_take_mbuf, 5918 int sizeofcpy, 5919 uint8_t copy_by_ref) 5920{ 5921 struct mbuf *m; 5922 struct mbuf *appendchain; 5923 caddr_t cp; 5924 int len; 5925 5926 if (endofchain == NULL) { 5927 /* error */ 5928error_out: 5929 if (outchain) 5930 sctp_m_freem(outchain); 5931 return (NULL); 5932 } 5933 if (can_take_mbuf) { 5934 appendchain = clonechain; 5935 } else { 5936 if (!copy_by_ref && 5937 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN))) 5938 ) { 5939 /* Its not in a cluster */ 5940 if (*endofchain == NULL) { 5941 /* lets get a mbuf cluster */ 5942 if (outchain == NULL) { 5943 /* This is the general case */ 5944 new_mbuf: 5945 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 5946 if (outchain == NULL) { 5947 goto error_out; 5948 } 5949 SCTP_BUF_LEN(outchain) = 0; 5950 *endofchain = outchain; 5951 /* get the prepend space */ 5952 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4)); 5953 } else { 5954 /* 5955 * We really should not get a NULL 5956 * in endofchain 5957 */ 5958 /* find end */ 5959 m = outchain; 5960 while (m) { 5961 if (SCTP_BUF_NEXT(m) == NULL) { 5962 *endofchain = m; 5963 break; 5964 } 5965 m = SCTP_BUF_NEXT(m); 5966 } 5967 /* sanity */ 5968 if (*endofchain == NULL) { 5969 /* 5970 * huh, TSNH XXX maybe we 5971 * should panic 5972 */ 5973 sctp_m_freem(outchain); 5974 goto new_mbuf; 5975 } 5976 } 5977 /* get the new end of length */ 5978 len = M_TRAILINGSPACE(*endofchain); 5979 } else { 5980 /* how much is left at the end? */ 5981 len = M_TRAILINGSPACE(*endofchain); 5982 } 5983 /* Find the end of the data, for appending */ 5984 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain))); 5985 5986 /* Now lets copy it out */ 5987 if (len >= sizeofcpy) { 5988 /* It all fits, copy it in */ 5989 m_copydata(clonechain, 0, sizeofcpy, cp); 5990 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 5991 } else { 5992 /* fill up the end of the chain */ 5993 if (len > 0) { 5994 m_copydata(clonechain, 0, len, cp); 5995 SCTP_BUF_LEN((*endofchain)) += len; 5996 /* now we need another one */ 5997 sizeofcpy -= len; 5998 } 5999 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 6000 if (m == NULL) { 6001 /* We failed */ 6002 goto error_out; 6003 } 6004 SCTP_BUF_NEXT((*endofchain)) = m; 6005 *endofchain = m; 6006 cp = mtod((*endofchain), caddr_t); 6007 m_copydata(clonechain, len, sizeofcpy, cp); 6008 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 6009 } 6010 return (outchain); 6011 } else { 6012 /* copy the old fashion way */ 6013 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_DONTWAIT); 6014#ifdef SCTP_MBUF_LOGGING 6015 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6016 struct mbuf *mat; 6017 6018 mat = appendchain; 6019 while (mat) { 6020 if (SCTP_BUF_IS_EXTENDED(mat)) { 6021 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6022 } 6023 mat = SCTP_BUF_NEXT(mat); 6024 } 6025 } 6026#endif 6027 } 6028 } 6029 if (appendchain == NULL) { 6030 /* error */ 6031 if (outchain) 6032 sctp_m_freem(outchain); 6033 return (NULL); 6034 } 6035 if (outchain) { 6036 /* tack on to the end */ 6037 if (*endofchain != NULL) { 6038 SCTP_BUF_NEXT(((*endofchain))) = appendchain; 6039 } else { 6040 m = outchain; 6041 while (m) { 6042 if (SCTP_BUF_NEXT(m) == NULL) { 6043 SCTP_BUF_NEXT(m) = appendchain; 6044 break; 6045 } 6046 m = SCTP_BUF_NEXT(m); 6047 } 6048 } 6049 /* 6050 * save off the end and update the end-chain postion 6051 */ 6052 m = appendchain; 6053 while (m) { 6054 if (SCTP_BUF_NEXT(m) == NULL) { 6055 *endofchain = m; 6056 break; 6057 } 6058 m = SCTP_BUF_NEXT(m); 6059 } 6060 return (outchain); 6061 } else { 6062 /* save off the end and update the end-chain postion */ 6063 m = appendchain; 6064 while (m) { 6065 if (SCTP_BUF_NEXT(m) == NULL) { 6066 *endofchain = m; 6067 break; 6068 } 6069 m = SCTP_BUF_NEXT(m); 6070 } 6071 return (appendchain); 6072 } 6073} 6074 6075int 6076sctp_med_chunk_output(struct sctp_inpcb *inp, 6077 struct sctp_tcb *stcb, 6078 struct sctp_association *asoc, 6079 int *num_out, 6080 int *reason_code, 6081 int control_only, int from_where, 6082 struct timeval *now, int *now_filled, int frag_point, int so_locked 6083#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 6084 SCTP_UNUSED 6085#endif 6086); 6087 6088static void 6089sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, 6090 uint32_t val) 6091{ 6092 struct sctp_copy_all *ca; 6093 struct mbuf *m; 6094 int ret = 0; 6095 int added_control = 0; 6096 int un_sent, do_chunk_output = 1; 6097 struct sctp_association *asoc; 6098 6099 ca = (struct sctp_copy_all *)ptr; 6100 if (ca->m == NULL) { 6101 return; 6102 } 6103 if (ca->inp != inp) { 6104 /* TSNH */ 6105 return; 6106 } 6107 if ((ca->m) && ca->sndlen) { 6108 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_DONTWAIT); 6109 if (m == NULL) { 6110 /* can't copy so we are done */ 6111 ca->cnt_failed++; 6112 return; 6113 } 6114#ifdef SCTP_MBUF_LOGGING 6115 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6116 struct mbuf *mat; 6117 6118 mat = m; 6119 while (mat) { 6120 if (SCTP_BUF_IS_EXTENDED(mat)) { 6121 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6122 } 6123 mat = SCTP_BUF_NEXT(mat); 6124 } 6125 } 6126#endif 6127 } else { 6128 m = NULL; 6129 } 6130 SCTP_TCB_LOCK_ASSERT(stcb); 6131 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) { 6132 /* Abort this assoc with m as the user defined reason */ 6133 if (m) { 6134 struct sctp_paramhdr *ph; 6135 6136 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT); 6137 if (m) { 6138 ph = mtod(m, struct sctp_paramhdr *); 6139 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 6140 ph->param_length = htons(ca->sndlen); 6141 } 6142 /* 6143 * We add one here to keep the assoc from 6144 * dis-appearing on us. 6145 */ 6146 atomic_add_int(&stcb->asoc.refcnt, 1); 6147 sctp_abort_an_association(inp, stcb, 6148 SCTP_RESPONSE_TO_USER_REQ, 6149 m, SCTP_SO_NOT_LOCKED); 6150 /* 6151 * sctp_abort_an_association calls sctp_free_asoc() 6152 * free association will NOT free it since we 6153 * incremented the refcnt .. we do this to prevent 6154 * it being freed and things getting tricky since we 6155 * could end up (from free_asoc) calling inpcb_free 6156 * which would get a recursive lock call to the 6157 * iterator lock.. But as a consequence of that the 6158 * stcb will return to us un-locked.. since 6159 * free_asoc returns with either no TCB or the TCB 6160 * unlocked, we must relock.. to unlock in the 6161 * iterator timer :-0 6162 */ 6163 SCTP_TCB_LOCK(stcb); 6164 atomic_add_int(&stcb->asoc.refcnt, -1); 6165 goto no_chunk_output; 6166 } 6167 } else { 6168 if (m) { 6169 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m, 6170 &ca->sndrcv, 1); 6171 } 6172 asoc = &stcb->asoc; 6173 if (ca->sndrcv.sinfo_flags & SCTP_EOF) { 6174 /* shutdown this assoc */ 6175 int cnt; 6176 6177 cnt = sctp_is_there_unsent_data(stcb); 6178 6179 if (TAILQ_EMPTY(&asoc->send_queue) && 6180 TAILQ_EMPTY(&asoc->sent_queue) && 6181 (cnt == 0)) { 6182 if (asoc->locked_on_sending) { 6183 goto abort_anyway; 6184 } 6185 /* 6186 * there is nothing queued to send, so I'm 6187 * done... 6188 */ 6189 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6190 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6191 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6192 /* 6193 * only send SHUTDOWN the first time 6194 * through 6195 */ 6196 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 6197 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 6198 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 6199 } 6200 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 6201 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 6202 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 6203 asoc->primary_destination); 6204 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6205 asoc->primary_destination); 6206 added_control = 1; 6207 do_chunk_output = 0; 6208 } 6209 } else { 6210 /* 6211 * we still got (or just got) data to send, 6212 * so set SHUTDOWN_PENDING 6213 */ 6214 /* 6215 * XXX sockets draft says that SCTP_EOF 6216 * should be sent with no data. currently, 6217 * we will allow user data to be sent first 6218 * and move to SHUTDOWN-PENDING 6219 */ 6220 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6221 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6222 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6223 if (asoc->locked_on_sending) { 6224 /* 6225 * Locked to send out the 6226 * data 6227 */ 6228 struct sctp_stream_queue_pending *sp; 6229 6230 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 6231 if (sp) { 6232 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 6233 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 6234 } 6235 } 6236 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 6237 if (TAILQ_EMPTY(&asoc->send_queue) && 6238 TAILQ_EMPTY(&asoc->sent_queue) && 6239 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 6240 abort_anyway: 6241 atomic_add_int(&stcb->asoc.refcnt, 1); 6242 sctp_abort_an_association(stcb->sctp_ep, stcb, 6243 SCTP_RESPONSE_TO_USER_REQ, 6244 NULL, SCTP_SO_NOT_LOCKED); 6245 atomic_add_int(&stcb->asoc.refcnt, -1); 6246 goto no_chunk_output; 6247 } 6248 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6249 asoc->primary_destination); 6250 } 6251 } 6252 6253 } 6254 } 6255 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 6256 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 6257 6258 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 6259 (stcb->asoc.total_flight > 0) && 6260 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) 6261 ) { 6262 do_chunk_output = 0; 6263 } 6264 if (do_chunk_output) 6265 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED); 6266 else if (added_control) { 6267 int num_out = 0, reason = 0, now_filled = 0; 6268 struct timeval now; 6269 int frag_point; 6270 6271 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 6272 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 6273 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED); 6274 } 6275no_chunk_output: 6276 if (ret) { 6277 ca->cnt_failed++; 6278 } else { 6279 ca->cnt_sent++; 6280 } 6281} 6282 6283static void 6284sctp_sendall_completes(void *ptr, uint32_t val) 6285{ 6286 struct sctp_copy_all *ca; 6287 6288 ca = (struct sctp_copy_all *)ptr; 6289 /* 6290 * Do a notify here? Kacheong suggests that the notify be done at 6291 * the send time.. so you would push up a notification if any send 6292 * failed. Don't know if this is feasable since the only failures we 6293 * have is "memory" related and if you cannot get an mbuf to send 6294 * the data you surely can't get an mbuf to send up to notify the 6295 * user you can't send the data :-> 6296 */ 6297 6298 /* now free everything */ 6299 sctp_m_freem(ca->m); 6300 SCTP_FREE(ca, SCTP_M_COPYAL); 6301} 6302 6303 6304#define MC_ALIGN(m, len) do { \ 6305 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \ 6306} while (0) 6307 6308 6309 6310static struct mbuf * 6311sctp_copy_out_all(struct uio *uio, int len) 6312{ 6313 struct mbuf *ret, *at; 6314 int left, willcpy, cancpy, error; 6315 6316 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAIT, 1, MT_DATA); 6317 if (ret == NULL) { 6318 /* TSNH */ 6319 return (NULL); 6320 } 6321 left = len; 6322 SCTP_BUF_LEN(ret) = 0; 6323 /* save space for the data chunk header */ 6324 cancpy = M_TRAILINGSPACE(ret); 6325 willcpy = min(cancpy, left); 6326 at = ret; 6327 while (left > 0) { 6328 /* Align data to the end */ 6329 error = uiomove(mtod(at, caddr_t), willcpy, uio); 6330 if (error) { 6331 err_out_now: 6332 sctp_m_freem(at); 6333 return (NULL); 6334 } 6335 SCTP_BUF_LEN(at) = willcpy; 6336 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0; 6337 left -= willcpy; 6338 if (left > 0) { 6339 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 1, MT_DATA); 6340 if (SCTP_BUF_NEXT(at) == NULL) { 6341 goto err_out_now; 6342 } 6343 at = SCTP_BUF_NEXT(at); 6344 SCTP_BUF_LEN(at) = 0; 6345 cancpy = M_TRAILINGSPACE(at); 6346 willcpy = min(cancpy, left); 6347 } 6348 } 6349 return (ret); 6350} 6351 6352static int 6353sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, 6354 struct sctp_sndrcvinfo *srcv) 6355{ 6356 int ret; 6357 struct sctp_copy_all *ca; 6358 6359 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all), 6360 SCTP_M_COPYAL); 6361 if (ca == NULL) { 6362 sctp_m_freem(m); 6363 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6364 return (ENOMEM); 6365 } 6366 memset(ca, 0, sizeof(struct sctp_copy_all)); 6367 6368 ca->inp = inp; 6369 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo)); 6370 /* 6371 * take off the sendall flag, it would be bad if we failed to do 6372 * this :-0 6373 */ 6374 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; 6375 /* get length and mbuf chain */ 6376 if (uio) { 6377 ca->sndlen = uio->uio_resid; 6378 ca->m = sctp_copy_out_all(uio, ca->sndlen); 6379 if (ca->m == NULL) { 6380 SCTP_FREE(ca, SCTP_M_COPYAL); 6381 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6382 return (ENOMEM); 6383 } 6384 } else { 6385 /* Gather the length of the send */ 6386 struct mbuf *mat; 6387 6388 mat = m; 6389 ca->sndlen = 0; 6390 while (m) { 6391 ca->sndlen += SCTP_BUF_LEN(m); 6392 m = SCTP_BUF_NEXT(m); 6393 } 6394 ca->m = mat; 6395 } 6396 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, 6397 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, 6398 SCTP_ASOC_ANY_STATE, 6399 (void *)ca, 0, 6400 sctp_sendall_completes, inp, 1); 6401 if (ret) { 6402 SCTP_PRINTF("Failed to initiate iterator for sendall\n"); 6403 SCTP_FREE(ca, SCTP_M_COPYAL); 6404 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 6405 return (EFAULT); 6406 } 6407 return (0); 6408} 6409 6410 6411void 6412sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc) 6413{ 6414 struct sctp_tmit_chunk *chk, *nchk; 6415 6416 chk = TAILQ_FIRST(&asoc->control_send_queue); 6417 while (chk) { 6418 nchk = TAILQ_NEXT(chk, sctp_next); 6419 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 6420 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6421 if (chk->data) { 6422 sctp_m_freem(chk->data); 6423 chk->data = NULL; 6424 } 6425 asoc->ctrl_queue_cnt--; 6426 sctp_free_a_chunk(stcb, chk); 6427 } 6428 chk = nchk; 6429 } 6430} 6431 6432void 6433sctp_toss_old_asconf(struct sctp_tcb *stcb) 6434{ 6435 struct sctp_association *asoc; 6436 struct sctp_tmit_chunk *chk, *chk_tmp; 6437 struct sctp_asconf_chunk *acp; 6438 6439 asoc = &stcb->asoc; 6440 for (chk = TAILQ_FIRST(&asoc->asconf_send_queue); chk != NULL; 6441 chk = chk_tmp) { 6442 /* get next chk */ 6443 chk_tmp = TAILQ_NEXT(chk, sctp_next); 6444 /* find SCTP_ASCONF chunk in queue */ 6445 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 6446 if (chk->data) { 6447 acp = mtod(chk->data, struct sctp_asconf_chunk *); 6448 if (compare_with_wrap(ntohl(acp->serial_number), stcb->asoc.asconf_seq_out_acked, MAX_SEQ)) { 6449 /* Not Acked yet */ 6450 break; 6451 } 6452 } 6453 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 6454 if (chk->data) { 6455 sctp_m_freem(chk->data); 6456 chk->data = NULL; 6457 } 6458 asoc->ctrl_queue_cnt--; 6459 sctp_free_a_chunk(stcb, chk); 6460 } 6461 } 6462} 6463 6464 6465static void 6466sctp_clean_up_datalist(struct sctp_tcb *stcb, 6467 6468 struct sctp_association *asoc, 6469 struct sctp_tmit_chunk **data_list, 6470 int bundle_at, 6471 struct sctp_nets *net) 6472{ 6473 int i; 6474 struct sctp_tmit_chunk *tp1; 6475 6476 for (i = 0; i < bundle_at; i++) { 6477 /* off of the send queue */ 6478 if (i) { 6479 /* 6480 * Any chunk NOT 0 you zap the time chunk 0 gets 6481 * zapped or set based on if a RTO measurment is 6482 * needed. 6483 */ 6484 data_list[i]->do_rtt = 0; 6485 } 6486 /* record time */ 6487 data_list[i]->sent_rcv_time = net->last_sent_time; 6488 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq; 6489 TAILQ_REMOVE(&asoc->send_queue, 6490 data_list[i], 6491 sctp_next); 6492 /* on to the sent queue */ 6493 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead); 6494 if ((tp1) && (compare_with_wrap(tp1->rec.data.TSN_seq, 6495 data_list[i]->rec.data.TSN_seq, MAX_TSN))) { 6496 struct sctp_tmit_chunk *tpp; 6497 6498 /* need to move back */ 6499 back_up_more: 6500 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next); 6501 if (tpp == NULL) { 6502 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next); 6503 goto all_done; 6504 } 6505 tp1 = tpp; 6506 if (compare_with_wrap(tp1->rec.data.TSN_seq, 6507 data_list[i]->rec.data.TSN_seq, MAX_TSN)) { 6508 goto back_up_more; 6509 } 6510 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next); 6511 } else { 6512 TAILQ_INSERT_TAIL(&asoc->sent_queue, 6513 data_list[i], 6514 sctp_next); 6515 } 6516all_done: 6517 /* This does not lower until the cum-ack passes it */ 6518 asoc->sent_queue_cnt++; 6519 asoc->send_queue_cnt--; 6520 if ((asoc->peers_rwnd <= 0) && 6521 (asoc->total_flight == 0) && 6522 (bundle_at == 1)) { 6523 /* Mark the chunk as being a window probe */ 6524 SCTP_STAT_INCR(sctps_windowprobed); 6525 } 6526#ifdef SCTP_AUDITING_ENABLED 6527 sctp_audit_log(0xC2, 3); 6528#endif 6529 data_list[i]->sent = SCTP_DATAGRAM_SENT; 6530 data_list[i]->snd_count = 1; 6531 data_list[i]->rec.data.chunk_was_revoked = 0; 6532 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 6533 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 6534 data_list[i]->whoTo->flight_size, 6535 data_list[i]->book_size, 6536 (uintptr_t) data_list[i]->whoTo, 6537 data_list[i]->rec.data.TSN_seq); 6538 } 6539 sctp_flight_size_increase(data_list[i]); 6540 sctp_total_flight_increase(stcb, data_list[i]); 6541 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 6542 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 6543 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 6544 } 6545 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 6546 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 6547 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 6548 /* SWS sender side engages */ 6549 asoc->peers_rwnd = 0; 6550 } 6551 } 6552} 6553 6554static void 6555sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc) 6556{ 6557 struct sctp_tmit_chunk *chk, *nchk; 6558 6559 for (chk = TAILQ_FIRST(&asoc->control_send_queue); 6560 chk; chk = nchk) { 6561 nchk = TAILQ_NEXT(chk, sctp_next); 6562 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 6563 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 6564 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 6565 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 6566 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) || 6567 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 6568 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 6569 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 6570 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 6571 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 6572 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 6573 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 6574 /* Stray chunks must be cleaned up */ 6575 clean_up_anyway: 6576 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6577 if (chk->data) { 6578 sctp_m_freem(chk->data); 6579 chk->data = NULL; 6580 } 6581 asoc->ctrl_queue_cnt--;
| 35 36#include <netinet/sctp_os.h> 37#include <sys/proc.h> 38#include <netinet/sctp_var.h> 39#include <netinet/sctp_sysctl.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctp_pcb.h> 42#include <netinet/sctputil.h> 43#include <netinet/sctp_output.h> 44#include <netinet/sctp_uio.h> 45#include <netinet/sctputil.h> 46#include <netinet/sctp_auth.h> 47#include <netinet/sctp_timer.h> 48#include <netinet/sctp_asconf.h> 49#include <netinet/sctp_indata.h> 50#include <netinet/sctp_bsd_addr.h> 51#include <netinet/sctp_input.h> 52#include <netinet/sctp_crc32.h> 53#include <netinet/udp.h> 54#include <machine/in_cksum.h> 55 56 57 58#define SCTP_MAX_GAPS_INARRAY 4 59struct sack_track { 60 uint8_t right_edge; /* mergable on the right edge */ 61 uint8_t left_edge; /* mergable on the left edge */ 62 uint8_t num_entries; 63 uint8_t spare; 64 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY]; 65}; 66 67struct sack_track sack_array[256] = { 68 {0, 0, 0, 0, /* 0x00 */ 69 {{0, 0}, 70 {0, 0}, 71 {0, 0}, 72 {0, 0} 73 } 74 }, 75 {1, 0, 1, 0, /* 0x01 */ 76 {{0, 0}, 77 {0, 0}, 78 {0, 0}, 79 {0, 0} 80 } 81 }, 82 {0, 0, 1, 0, /* 0x02 */ 83 {{1, 1}, 84 {0, 0}, 85 {0, 0}, 86 {0, 0} 87 } 88 }, 89 {1, 0, 1, 0, /* 0x03 */ 90 {{0, 1}, 91 {0, 0}, 92 {0, 0}, 93 {0, 0} 94 } 95 }, 96 {0, 0, 1, 0, /* 0x04 */ 97 {{2, 2}, 98 {0, 0}, 99 {0, 0}, 100 {0, 0} 101 } 102 }, 103 {1, 0, 2, 0, /* 0x05 */ 104 {{0, 0}, 105 {2, 2}, 106 {0, 0}, 107 {0, 0} 108 } 109 }, 110 {0, 0, 1, 0, /* 0x06 */ 111 {{1, 2}, 112 {0, 0}, 113 {0, 0}, 114 {0, 0} 115 } 116 }, 117 {1, 0, 1, 0, /* 0x07 */ 118 {{0, 2}, 119 {0, 0}, 120 {0, 0}, 121 {0, 0} 122 } 123 }, 124 {0, 0, 1, 0, /* 0x08 */ 125 {{3, 3}, 126 {0, 0}, 127 {0, 0}, 128 {0, 0} 129 } 130 }, 131 {1, 0, 2, 0, /* 0x09 */ 132 {{0, 0}, 133 {3, 3}, 134 {0, 0}, 135 {0, 0} 136 } 137 }, 138 {0, 0, 2, 0, /* 0x0a */ 139 {{1, 1}, 140 {3, 3}, 141 {0, 0}, 142 {0, 0} 143 } 144 }, 145 {1, 0, 2, 0, /* 0x0b */ 146 {{0, 1}, 147 {3, 3}, 148 {0, 0}, 149 {0, 0} 150 } 151 }, 152 {0, 0, 1, 0, /* 0x0c */ 153 {{2, 3}, 154 {0, 0}, 155 {0, 0}, 156 {0, 0} 157 } 158 }, 159 {1, 0, 2, 0, /* 0x0d */ 160 {{0, 0}, 161 {2, 3}, 162 {0, 0}, 163 {0, 0} 164 } 165 }, 166 {0, 0, 1, 0, /* 0x0e */ 167 {{1, 3}, 168 {0, 0}, 169 {0, 0}, 170 {0, 0} 171 } 172 }, 173 {1, 0, 1, 0, /* 0x0f */ 174 {{0, 3}, 175 {0, 0}, 176 {0, 0}, 177 {0, 0} 178 } 179 }, 180 {0, 0, 1, 0, /* 0x10 */ 181 {{4, 4}, 182 {0, 0}, 183 {0, 0}, 184 {0, 0} 185 } 186 }, 187 {1, 0, 2, 0, /* 0x11 */ 188 {{0, 0}, 189 {4, 4}, 190 {0, 0}, 191 {0, 0} 192 } 193 }, 194 {0, 0, 2, 0, /* 0x12 */ 195 {{1, 1}, 196 {4, 4}, 197 {0, 0}, 198 {0, 0} 199 } 200 }, 201 {1, 0, 2, 0, /* 0x13 */ 202 {{0, 1}, 203 {4, 4}, 204 {0, 0}, 205 {0, 0} 206 } 207 }, 208 {0, 0, 2, 0, /* 0x14 */ 209 {{2, 2}, 210 {4, 4}, 211 {0, 0}, 212 {0, 0} 213 } 214 }, 215 {1, 0, 3, 0, /* 0x15 */ 216 {{0, 0}, 217 {2, 2}, 218 {4, 4}, 219 {0, 0} 220 } 221 }, 222 {0, 0, 2, 0, /* 0x16 */ 223 {{1, 2}, 224 {4, 4}, 225 {0, 0}, 226 {0, 0} 227 } 228 }, 229 {1, 0, 2, 0, /* 0x17 */ 230 {{0, 2}, 231 {4, 4}, 232 {0, 0}, 233 {0, 0} 234 } 235 }, 236 {0, 0, 1, 0, /* 0x18 */ 237 {{3, 4}, 238 {0, 0}, 239 {0, 0}, 240 {0, 0} 241 } 242 }, 243 {1, 0, 2, 0, /* 0x19 */ 244 {{0, 0}, 245 {3, 4}, 246 {0, 0}, 247 {0, 0} 248 } 249 }, 250 {0, 0, 2, 0, /* 0x1a */ 251 {{1, 1}, 252 {3, 4}, 253 {0, 0}, 254 {0, 0} 255 } 256 }, 257 {1, 0, 2, 0, /* 0x1b */ 258 {{0, 1}, 259 {3, 4}, 260 {0, 0}, 261 {0, 0} 262 } 263 }, 264 {0, 0, 1, 0, /* 0x1c */ 265 {{2, 4}, 266 {0, 0}, 267 {0, 0}, 268 {0, 0} 269 } 270 }, 271 {1, 0, 2, 0, /* 0x1d */ 272 {{0, 0}, 273 {2, 4}, 274 {0, 0}, 275 {0, 0} 276 } 277 }, 278 {0, 0, 1, 0, /* 0x1e */ 279 {{1, 4}, 280 {0, 0}, 281 {0, 0}, 282 {0, 0} 283 } 284 }, 285 {1, 0, 1, 0, /* 0x1f */ 286 {{0, 4}, 287 {0, 0}, 288 {0, 0}, 289 {0, 0} 290 } 291 }, 292 {0, 0, 1, 0, /* 0x20 */ 293 {{5, 5}, 294 {0, 0}, 295 {0, 0}, 296 {0, 0} 297 } 298 }, 299 {1, 0, 2, 0, /* 0x21 */ 300 {{0, 0}, 301 {5, 5}, 302 {0, 0}, 303 {0, 0} 304 } 305 }, 306 {0, 0, 2, 0, /* 0x22 */ 307 {{1, 1}, 308 {5, 5}, 309 {0, 0}, 310 {0, 0} 311 } 312 }, 313 {1, 0, 2, 0, /* 0x23 */ 314 {{0, 1}, 315 {5, 5}, 316 {0, 0}, 317 {0, 0} 318 } 319 }, 320 {0, 0, 2, 0, /* 0x24 */ 321 {{2, 2}, 322 {5, 5}, 323 {0, 0}, 324 {0, 0} 325 } 326 }, 327 {1, 0, 3, 0, /* 0x25 */ 328 {{0, 0}, 329 {2, 2}, 330 {5, 5}, 331 {0, 0} 332 } 333 }, 334 {0, 0, 2, 0, /* 0x26 */ 335 {{1, 2}, 336 {5, 5}, 337 {0, 0}, 338 {0, 0} 339 } 340 }, 341 {1, 0, 2, 0, /* 0x27 */ 342 {{0, 2}, 343 {5, 5}, 344 {0, 0}, 345 {0, 0} 346 } 347 }, 348 {0, 0, 2, 0, /* 0x28 */ 349 {{3, 3}, 350 {5, 5}, 351 {0, 0}, 352 {0, 0} 353 } 354 }, 355 {1, 0, 3, 0, /* 0x29 */ 356 {{0, 0}, 357 {3, 3}, 358 {5, 5}, 359 {0, 0} 360 } 361 }, 362 {0, 0, 3, 0, /* 0x2a */ 363 {{1, 1}, 364 {3, 3}, 365 {5, 5}, 366 {0, 0} 367 } 368 }, 369 {1, 0, 3, 0, /* 0x2b */ 370 {{0, 1}, 371 {3, 3}, 372 {5, 5}, 373 {0, 0} 374 } 375 }, 376 {0, 0, 2, 0, /* 0x2c */ 377 {{2, 3}, 378 {5, 5}, 379 {0, 0}, 380 {0, 0} 381 } 382 }, 383 {1, 0, 3, 0, /* 0x2d */ 384 {{0, 0}, 385 {2, 3}, 386 {5, 5}, 387 {0, 0} 388 } 389 }, 390 {0, 0, 2, 0, /* 0x2e */ 391 {{1, 3}, 392 {5, 5}, 393 {0, 0}, 394 {0, 0} 395 } 396 }, 397 {1, 0, 2, 0, /* 0x2f */ 398 {{0, 3}, 399 {5, 5}, 400 {0, 0}, 401 {0, 0} 402 } 403 }, 404 {0, 0, 1, 0, /* 0x30 */ 405 {{4, 5}, 406 {0, 0}, 407 {0, 0}, 408 {0, 0} 409 } 410 }, 411 {1, 0, 2, 0, /* 0x31 */ 412 {{0, 0}, 413 {4, 5}, 414 {0, 0}, 415 {0, 0} 416 } 417 }, 418 {0, 0, 2, 0, /* 0x32 */ 419 {{1, 1}, 420 {4, 5}, 421 {0, 0}, 422 {0, 0} 423 } 424 }, 425 {1, 0, 2, 0, /* 0x33 */ 426 {{0, 1}, 427 {4, 5}, 428 {0, 0}, 429 {0, 0} 430 } 431 }, 432 {0, 0, 2, 0, /* 0x34 */ 433 {{2, 2}, 434 {4, 5}, 435 {0, 0}, 436 {0, 0} 437 } 438 }, 439 {1, 0, 3, 0, /* 0x35 */ 440 {{0, 0}, 441 {2, 2}, 442 {4, 5}, 443 {0, 0} 444 } 445 }, 446 {0, 0, 2, 0, /* 0x36 */ 447 {{1, 2}, 448 {4, 5}, 449 {0, 0}, 450 {0, 0} 451 } 452 }, 453 {1, 0, 2, 0, /* 0x37 */ 454 {{0, 2}, 455 {4, 5}, 456 {0, 0}, 457 {0, 0} 458 } 459 }, 460 {0, 0, 1, 0, /* 0x38 */ 461 {{3, 5}, 462 {0, 0}, 463 {0, 0}, 464 {0, 0} 465 } 466 }, 467 {1, 0, 2, 0, /* 0x39 */ 468 {{0, 0}, 469 {3, 5}, 470 {0, 0}, 471 {0, 0} 472 } 473 }, 474 {0, 0, 2, 0, /* 0x3a */ 475 {{1, 1}, 476 {3, 5}, 477 {0, 0}, 478 {0, 0} 479 } 480 }, 481 {1, 0, 2, 0, /* 0x3b */ 482 {{0, 1}, 483 {3, 5}, 484 {0, 0}, 485 {0, 0} 486 } 487 }, 488 {0, 0, 1, 0, /* 0x3c */ 489 {{2, 5}, 490 {0, 0}, 491 {0, 0}, 492 {0, 0} 493 } 494 }, 495 {1, 0, 2, 0, /* 0x3d */ 496 {{0, 0}, 497 {2, 5}, 498 {0, 0}, 499 {0, 0} 500 } 501 }, 502 {0, 0, 1, 0, /* 0x3e */ 503 {{1, 5}, 504 {0, 0}, 505 {0, 0}, 506 {0, 0} 507 } 508 }, 509 {1, 0, 1, 0, /* 0x3f */ 510 {{0, 5}, 511 {0, 0}, 512 {0, 0}, 513 {0, 0} 514 } 515 }, 516 {0, 0, 1, 0, /* 0x40 */ 517 {{6, 6}, 518 {0, 0}, 519 {0, 0}, 520 {0, 0} 521 } 522 }, 523 {1, 0, 2, 0, /* 0x41 */ 524 {{0, 0}, 525 {6, 6}, 526 {0, 0}, 527 {0, 0} 528 } 529 }, 530 {0, 0, 2, 0, /* 0x42 */ 531 {{1, 1}, 532 {6, 6}, 533 {0, 0}, 534 {0, 0} 535 } 536 }, 537 {1, 0, 2, 0, /* 0x43 */ 538 {{0, 1}, 539 {6, 6}, 540 {0, 0}, 541 {0, 0} 542 } 543 }, 544 {0, 0, 2, 0, /* 0x44 */ 545 {{2, 2}, 546 {6, 6}, 547 {0, 0}, 548 {0, 0} 549 } 550 }, 551 {1, 0, 3, 0, /* 0x45 */ 552 {{0, 0}, 553 {2, 2}, 554 {6, 6}, 555 {0, 0} 556 } 557 }, 558 {0, 0, 2, 0, /* 0x46 */ 559 {{1, 2}, 560 {6, 6}, 561 {0, 0}, 562 {0, 0} 563 } 564 }, 565 {1, 0, 2, 0, /* 0x47 */ 566 {{0, 2}, 567 {6, 6}, 568 {0, 0}, 569 {0, 0} 570 } 571 }, 572 {0, 0, 2, 0, /* 0x48 */ 573 {{3, 3}, 574 {6, 6}, 575 {0, 0}, 576 {0, 0} 577 } 578 }, 579 {1, 0, 3, 0, /* 0x49 */ 580 {{0, 0}, 581 {3, 3}, 582 {6, 6}, 583 {0, 0} 584 } 585 }, 586 {0, 0, 3, 0, /* 0x4a */ 587 {{1, 1}, 588 {3, 3}, 589 {6, 6}, 590 {0, 0} 591 } 592 }, 593 {1, 0, 3, 0, /* 0x4b */ 594 {{0, 1}, 595 {3, 3}, 596 {6, 6}, 597 {0, 0} 598 } 599 }, 600 {0, 0, 2, 0, /* 0x4c */ 601 {{2, 3}, 602 {6, 6}, 603 {0, 0}, 604 {0, 0} 605 } 606 }, 607 {1, 0, 3, 0, /* 0x4d */ 608 {{0, 0}, 609 {2, 3}, 610 {6, 6}, 611 {0, 0} 612 } 613 }, 614 {0, 0, 2, 0, /* 0x4e */ 615 {{1, 3}, 616 {6, 6}, 617 {0, 0}, 618 {0, 0} 619 } 620 }, 621 {1, 0, 2, 0, /* 0x4f */ 622 {{0, 3}, 623 {6, 6}, 624 {0, 0}, 625 {0, 0} 626 } 627 }, 628 {0, 0, 2, 0, /* 0x50 */ 629 {{4, 4}, 630 {6, 6}, 631 {0, 0}, 632 {0, 0} 633 } 634 }, 635 {1, 0, 3, 0, /* 0x51 */ 636 {{0, 0}, 637 {4, 4}, 638 {6, 6}, 639 {0, 0} 640 } 641 }, 642 {0, 0, 3, 0, /* 0x52 */ 643 {{1, 1}, 644 {4, 4}, 645 {6, 6}, 646 {0, 0} 647 } 648 }, 649 {1, 0, 3, 0, /* 0x53 */ 650 {{0, 1}, 651 {4, 4}, 652 {6, 6}, 653 {0, 0} 654 } 655 }, 656 {0, 0, 3, 0, /* 0x54 */ 657 {{2, 2}, 658 {4, 4}, 659 {6, 6}, 660 {0, 0} 661 } 662 }, 663 {1, 0, 4, 0, /* 0x55 */ 664 {{0, 0}, 665 {2, 2}, 666 {4, 4}, 667 {6, 6} 668 } 669 }, 670 {0, 0, 3, 0, /* 0x56 */ 671 {{1, 2}, 672 {4, 4}, 673 {6, 6}, 674 {0, 0} 675 } 676 }, 677 {1, 0, 3, 0, /* 0x57 */ 678 {{0, 2}, 679 {4, 4}, 680 {6, 6}, 681 {0, 0} 682 } 683 }, 684 {0, 0, 2, 0, /* 0x58 */ 685 {{3, 4}, 686 {6, 6}, 687 {0, 0}, 688 {0, 0} 689 } 690 }, 691 {1, 0, 3, 0, /* 0x59 */ 692 {{0, 0}, 693 {3, 4}, 694 {6, 6}, 695 {0, 0} 696 } 697 }, 698 {0, 0, 3, 0, /* 0x5a */ 699 {{1, 1}, 700 {3, 4}, 701 {6, 6}, 702 {0, 0} 703 } 704 }, 705 {1, 0, 3, 0, /* 0x5b */ 706 {{0, 1}, 707 {3, 4}, 708 {6, 6}, 709 {0, 0} 710 } 711 }, 712 {0, 0, 2, 0, /* 0x5c */ 713 {{2, 4}, 714 {6, 6}, 715 {0, 0}, 716 {0, 0} 717 } 718 }, 719 {1, 0, 3, 0, /* 0x5d */ 720 {{0, 0}, 721 {2, 4}, 722 {6, 6}, 723 {0, 0} 724 } 725 }, 726 {0, 0, 2, 0, /* 0x5e */ 727 {{1, 4}, 728 {6, 6}, 729 {0, 0}, 730 {0, 0} 731 } 732 }, 733 {1, 0, 2, 0, /* 0x5f */ 734 {{0, 4}, 735 {6, 6}, 736 {0, 0}, 737 {0, 0} 738 } 739 }, 740 {0, 0, 1, 0, /* 0x60 */ 741 {{5, 6}, 742 {0, 0}, 743 {0, 0}, 744 {0, 0} 745 } 746 }, 747 {1, 0, 2, 0, /* 0x61 */ 748 {{0, 0}, 749 {5, 6}, 750 {0, 0}, 751 {0, 0} 752 } 753 }, 754 {0, 0, 2, 0, /* 0x62 */ 755 {{1, 1}, 756 {5, 6}, 757 {0, 0}, 758 {0, 0} 759 } 760 }, 761 {1, 0, 2, 0, /* 0x63 */ 762 {{0, 1}, 763 {5, 6}, 764 {0, 0}, 765 {0, 0} 766 } 767 }, 768 {0, 0, 2, 0, /* 0x64 */ 769 {{2, 2}, 770 {5, 6}, 771 {0, 0}, 772 {0, 0} 773 } 774 }, 775 {1, 0, 3, 0, /* 0x65 */ 776 {{0, 0}, 777 {2, 2}, 778 {5, 6}, 779 {0, 0} 780 } 781 }, 782 {0, 0, 2, 0, /* 0x66 */ 783 {{1, 2}, 784 {5, 6}, 785 {0, 0}, 786 {0, 0} 787 } 788 }, 789 {1, 0, 2, 0, /* 0x67 */ 790 {{0, 2}, 791 {5, 6}, 792 {0, 0}, 793 {0, 0} 794 } 795 }, 796 {0, 0, 2, 0, /* 0x68 */ 797 {{3, 3}, 798 {5, 6}, 799 {0, 0}, 800 {0, 0} 801 } 802 }, 803 {1, 0, 3, 0, /* 0x69 */ 804 {{0, 0}, 805 {3, 3}, 806 {5, 6}, 807 {0, 0} 808 } 809 }, 810 {0, 0, 3, 0, /* 0x6a */ 811 {{1, 1}, 812 {3, 3}, 813 {5, 6}, 814 {0, 0} 815 } 816 }, 817 {1, 0, 3, 0, /* 0x6b */ 818 {{0, 1}, 819 {3, 3}, 820 {5, 6}, 821 {0, 0} 822 } 823 }, 824 {0, 0, 2, 0, /* 0x6c */ 825 {{2, 3}, 826 {5, 6}, 827 {0, 0}, 828 {0, 0} 829 } 830 }, 831 {1, 0, 3, 0, /* 0x6d */ 832 {{0, 0}, 833 {2, 3}, 834 {5, 6}, 835 {0, 0} 836 } 837 }, 838 {0, 0, 2, 0, /* 0x6e */ 839 {{1, 3}, 840 {5, 6}, 841 {0, 0}, 842 {0, 0} 843 } 844 }, 845 {1, 0, 2, 0, /* 0x6f */ 846 {{0, 3}, 847 {5, 6}, 848 {0, 0}, 849 {0, 0} 850 } 851 }, 852 {0, 0, 1, 0, /* 0x70 */ 853 {{4, 6}, 854 {0, 0}, 855 {0, 0}, 856 {0, 0} 857 } 858 }, 859 {1, 0, 2, 0, /* 0x71 */ 860 {{0, 0}, 861 {4, 6}, 862 {0, 0}, 863 {0, 0} 864 } 865 }, 866 {0, 0, 2, 0, /* 0x72 */ 867 {{1, 1}, 868 {4, 6}, 869 {0, 0}, 870 {0, 0} 871 } 872 }, 873 {1, 0, 2, 0, /* 0x73 */ 874 {{0, 1}, 875 {4, 6}, 876 {0, 0}, 877 {0, 0} 878 } 879 }, 880 {0, 0, 2, 0, /* 0x74 */ 881 {{2, 2}, 882 {4, 6}, 883 {0, 0}, 884 {0, 0} 885 } 886 }, 887 {1, 0, 3, 0, /* 0x75 */ 888 {{0, 0}, 889 {2, 2}, 890 {4, 6}, 891 {0, 0} 892 } 893 }, 894 {0, 0, 2, 0, /* 0x76 */ 895 {{1, 2}, 896 {4, 6}, 897 {0, 0}, 898 {0, 0} 899 } 900 }, 901 {1, 0, 2, 0, /* 0x77 */ 902 {{0, 2}, 903 {4, 6}, 904 {0, 0}, 905 {0, 0} 906 } 907 }, 908 {0, 0, 1, 0, /* 0x78 */ 909 {{3, 6}, 910 {0, 0}, 911 {0, 0}, 912 {0, 0} 913 } 914 }, 915 {1, 0, 2, 0, /* 0x79 */ 916 {{0, 0}, 917 {3, 6}, 918 {0, 0}, 919 {0, 0} 920 } 921 }, 922 {0, 0, 2, 0, /* 0x7a */ 923 {{1, 1}, 924 {3, 6}, 925 {0, 0}, 926 {0, 0} 927 } 928 }, 929 {1, 0, 2, 0, /* 0x7b */ 930 {{0, 1}, 931 {3, 6}, 932 {0, 0}, 933 {0, 0} 934 } 935 }, 936 {0, 0, 1, 0, /* 0x7c */ 937 {{2, 6}, 938 {0, 0}, 939 {0, 0}, 940 {0, 0} 941 } 942 }, 943 {1, 0, 2, 0, /* 0x7d */ 944 {{0, 0}, 945 {2, 6}, 946 {0, 0}, 947 {0, 0} 948 } 949 }, 950 {0, 0, 1, 0, /* 0x7e */ 951 {{1, 6}, 952 {0, 0}, 953 {0, 0}, 954 {0, 0} 955 } 956 }, 957 {1, 0, 1, 0, /* 0x7f */ 958 {{0, 6}, 959 {0, 0}, 960 {0, 0}, 961 {0, 0} 962 } 963 }, 964 {0, 1, 1, 0, /* 0x80 */ 965 {{7, 7}, 966 {0, 0}, 967 {0, 0}, 968 {0, 0} 969 } 970 }, 971 {1, 1, 2, 0, /* 0x81 */ 972 {{0, 0}, 973 {7, 7}, 974 {0, 0}, 975 {0, 0} 976 } 977 }, 978 {0, 1, 2, 0, /* 0x82 */ 979 {{1, 1}, 980 {7, 7}, 981 {0, 0}, 982 {0, 0} 983 } 984 }, 985 {1, 1, 2, 0, /* 0x83 */ 986 {{0, 1}, 987 {7, 7}, 988 {0, 0}, 989 {0, 0} 990 } 991 }, 992 {0, 1, 2, 0, /* 0x84 */ 993 {{2, 2}, 994 {7, 7}, 995 {0, 0}, 996 {0, 0} 997 } 998 }, 999 {1, 1, 3, 0, /* 0x85 */ 1000 {{0, 0}, 1001 {2, 2}, 1002 {7, 7}, 1003 {0, 0} 1004 } 1005 }, 1006 {0, 1, 2, 0, /* 0x86 */ 1007 {{1, 2}, 1008 {7, 7}, 1009 {0, 0}, 1010 {0, 0} 1011 } 1012 }, 1013 {1, 1, 2, 0, /* 0x87 */ 1014 {{0, 2}, 1015 {7, 7}, 1016 {0, 0}, 1017 {0, 0} 1018 } 1019 }, 1020 {0, 1, 2, 0, /* 0x88 */ 1021 {{3, 3}, 1022 {7, 7}, 1023 {0, 0}, 1024 {0, 0} 1025 } 1026 }, 1027 {1, 1, 3, 0, /* 0x89 */ 1028 {{0, 0}, 1029 {3, 3}, 1030 {7, 7}, 1031 {0, 0} 1032 } 1033 }, 1034 {0, 1, 3, 0, /* 0x8a */ 1035 {{1, 1}, 1036 {3, 3}, 1037 {7, 7}, 1038 {0, 0} 1039 } 1040 }, 1041 {1, 1, 3, 0, /* 0x8b */ 1042 {{0, 1}, 1043 {3, 3}, 1044 {7, 7}, 1045 {0, 0} 1046 } 1047 }, 1048 {0, 1, 2, 0, /* 0x8c */ 1049 {{2, 3}, 1050 {7, 7}, 1051 {0, 0}, 1052 {0, 0} 1053 } 1054 }, 1055 {1, 1, 3, 0, /* 0x8d */ 1056 {{0, 0}, 1057 {2, 3}, 1058 {7, 7}, 1059 {0, 0} 1060 } 1061 }, 1062 {0, 1, 2, 0, /* 0x8e */ 1063 {{1, 3}, 1064 {7, 7}, 1065 {0, 0}, 1066 {0, 0} 1067 } 1068 }, 1069 {1, 1, 2, 0, /* 0x8f */ 1070 {{0, 3}, 1071 {7, 7}, 1072 {0, 0}, 1073 {0, 0} 1074 } 1075 }, 1076 {0, 1, 2, 0, /* 0x90 */ 1077 {{4, 4}, 1078 {7, 7}, 1079 {0, 0}, 1080 {0, 0} 1081 } 1082 }, 1083 {1, 1, 3, 0, /* 0x91 */ 1084 {{0, 0}, 1085 {4, 4}, 1086 {7, 7}, 1087 {0, 0} 1088 } 1089 }, 1090 {0, 1, 3, 0, /* 0x92 */ 1091 {{1, 1}, 1092 {4, 4}, 1093 {7, 7}, 1094 {0, 0} 1095 } 1096 }, 1097 {1, 1, 3, 0, /* 0x93 */ 1098 {{0, 1}, 1099 {4, 4}, 1100 {7, 7}, 1101 {0, 0} 1102 } 1103 }, 1104 {0, 1, 3, 0, /* 0x94 */ 1105 {{2, 2}, 1106 {4, 4}, 1107 {7, 7}, 1108 {0, 0} 1109 } 1110 }, 1111 {1, 1, 4, 0, /* 0x95 */ 1112 {{0, 0}, 1113 {2, 2}, 1114 {4, 4}, 1115 {7, 7} 1116 } 1117 }, 1118 {0, 1, 3, 0, /* 0x96 */ 1119 {{1, 2}, 1120 {4, 4}, 1121 {7, 7}, 1122 {0, 0} 1123 } 1124 }, 1125 {1, 1, 3, 0, /* 0x97 */ 1126 {{0, 2}, 1127 {4, 4}, 1128 {7, 7}, 1129 {0, 0} 1130 } 1131 }, 1132 {0, 1, 2, 0, /* 0x98 */ 1133 {{3, 4}, 1134 {7, 7}, 1135 {0, 0}, 1136 {0, 0} 1137 } 1138 }, 1139 {1, 1, 3, 0, /* 0x99 */ 1140 {{0, 0}, 1141 {3, 4}, 1142 {7, 7}, 1143 {0, 0} 1144 } 1145 }, 1146 {0, 1, 3, 0, /* 0x9a */ 1147 {{1, 1}, 1148 {3, 4}, 1149 {7, 7}, 1150 {0, 0} 1151 } 1152 }, 1153 {1, 1, 3, 0, /* 0x9b */ 1154 {{0, 1}, 1155 {3, 4}, 1156 {7, 7}, 1157 {0, 0} 1158 } 1159 }, 1160 {0, 1, 2, 0, /* 0x9c */ 1161 {{2, 4}, 1162 {7, 7}, 1163 {0, 0}, 1164 {0, 0} 1165 } 1166 }, 1167 {1, 1, 3, 0, /* 0x9d */ 1168 {{0, 0}, 1169 {2, 4}, 1170 {7, 7}, 1171 {0, 0} 1172 } 1173 }, 1174 {0, 1, 2, 0, /* 0x9e */ 1175 {{1, 4}, 1176 {7, 7}, 1177 {0, 0}, 1178 {0, 0} 1179 } 1180 }, 1181 {1, 1, 2, 0, /* 0x9f */ 1182 {{0, 4}, 1183 {7, 7}, 1184 {0, 0}, 1185 {0, 0} 1186 } 1187 }, 1188 {0, 1, 2, 0, /* 0xa0 */ 1189 {{5, 5}, 1190 {7, 7}, 1191 {0, 0}, 1192 {0, 0} 1193 } 1194 }, 1195 {1, 1, 3, 0, /* 0xa1 */ 1196 {{0, 0}, 1197 {5, 5}, 1198 {7, 7}, 1199 {0, 0} 1200 } 1201 }, 1202 {0, 1, 3, 0, /* 0xa2 */ 1203 {{1, 1}, 1204 {5, 5}, 1205 {7, 7}, 1206 {0, 0} 1207 } 1208 }, 1209 {1, 1, 3, 0, /* 0xa3 */ 1210 {{0, 1}, 1211 {5, 5}, 1212 {7, 7}, 1213 {0, 0} 1214 } 1215 }, 1216 {0, 1, 3, 0, /* 0xa4 */ 1217 {{2, 2}, 1218 {5, 5}, 1219 {7, 7}, 1220 {0, 0} 1221 } 1222 }, 1223 {1, 1, 4, 0, /* 0xa5 */ 1224 {{0, 0}, 1225 {2, 2}, 1226 {5, 5}, 1227 {7, 7} 1228 } 1229 }, 1230 {0, 1, 3, 0, /* 0xa6 */ 1231 {{1, 2}, 1232 {5, 5}, 1233 {7, 7}, 1234 {0, 0} 1235 } 1236 }, 1237 {1, 1, 3, 0, /* 0xa7 */ 1238 {{0, 2}, 1239 {5, 5}, 1240 {7, 7}, 1241 {0, 0} 1242 } 1243 }, 1244 {0, 1, 3, 0, /* 0xa8 */ 1245 {{3, 3}, 1246 {5, 5}, 1247 {7, 7}, 1248 {0, 0} 1249 } 1250 }, 1251 {1, 1, 4, 0, /* 0xa9 */ 1252 {{0, 0}, 1253 {3, 3}, 1254 {5, 5}, 1255 {7, 7} 1256 } 1257 }, 1258 {0, 1, 4, 0, /* 0xaa */ 1259 {{1, 1}, 1260 {3, 3}, 1261 {5, 5}, 1262 {7, 7} 1263 } 1264 }, 1265 {1, 1, 4, 0, /* 0xab */ 1266 {{0, 1}, 1267 {3, 3}, 1268 {5, 5}, 1269 {7, 7} 1270 } 1271 }, 1272 {0, 1, 3, 0, /* 0xac */ 1273 {{2, 3}, 1274 {5, 5}, 1275 {7, 7}, 1276 {0, 0} 1277 } 1278 }, 1279 {1, 1, 4, 0, /* 0xad */ 1280 {{0, 0}, 1281 {2, 3}, 1282 {5, 5}, 1283 {7, 7} 1284 } 1285 }, 1286 {0, 1, 3, 0, /* 0xae */ 1287 {{1, 3}, 1288 {5, 5}, 1289 {7, 7}, 1290 {0, 0} 1291 } 1292 }, 1293 {1, 1, 3, 0, /* 0xaf */ 1294 {{0, 3}, 1295 {5, 5}, 1296 {7, 7}, 1297 {0, 0} 1298 } 1299 }, 1300 {0, 1, 2, 0, /* 0xb0 */ 1301 {{4, 5}, 1302 {7, 7}, 1303 {0, 0}, 1304 {0, 0} 1305 } 1306 }, 1307 {1, 1, 3, 0, /* 0xb1 */ 1308 {{0, 0}, 1309 {4, 5}, 1310 {7, 7}, 1311 {0, 0} 1312 } 1313 }, 1314 {0, 1, 3, 0, /* 0xb2 */ 1315 {{1, 1}, 1316 {4, 5}, 1317 {7, 7}, 1318 {0, 0} 1319 } 1320 }, 1321 {1, 1, 3, 0, /* 0xb3 */ 1322 {{0, 1}, 1323 {4, 5}, 1324 {7, 7}, 1325 {0, 0} 1326 } 1327 }, 1328 {0, 1, 3, 0, /* 0xb4 */ 1329 {{2, 2}, 1330 {4, 5}, 1331 {7, 7}, 1332 {0, 0} 1333 } 1334 }, 1335 {1, 1, 4, 0, /* 0xb5 */ 1336 {{0, 0}, 1337 {2, 2}, 1338 {4, 5}, 1339 {7, 7} 1340 } 1341 }, 1342 {0, 1, 3, 0, /* 0xb6 */ 1343 {{1, 2}, 1344 {4, 5}, 1345 {7, 7}, 1346 {0, 0} 1347 } 1348 }, 1349 {1, 1, 3, 0, /* 0xb7 */ 1350 {{0, 2}, 1351 {4, 5}, 1352 {7, 7}, 1353 {0, 0} 1354 } 1355 }, 1356 {0, 1, 2, 0, /* 0xb8 */ 1357 {{3, 5}, 1358 {7, 7}, 1359 {0, 0}, 1360 {0, 0} 1361 } 1362 }, 1363 {1, 1, 3, 0, /* 0xb9 */ 1364 {{0, 0}, 1365 {3, 5}, 1366 {7, 7}, 1367 {0, 0} 1368 } 1369 }, 1370 {0, 1, 3, 0, /* 0xba */ 1371 {{1, 1}, 1372 {3, 5}, 1373 {7, 7}, 1374 {0, 0} 1375 } 1376 }, 1377 {1, 1, 3, 0, /* 0xbb */ 1378 {{0, 1}, 1379 {3, 5}, 1380 {7, 7}, 1381 {0, 0} 1382 } 1383 }, 1384 {0, 1, 2, 0, /* 0xbc */ 1385 {{2, 5}, 1386 {7, 7}, 1387 {0, 0}, 1388 {0, 0} 1389 } 1390 }, 1391 {1, 1, 3, 0, /* 0xbd */ 1392 {{0, 0}, 1393 {2, 5}, 1394 {7, 7}, 1395 {0, 0} 1396 } 1397 }, 1398 {0, 1, 2, 0, /* 0xbe */ 1399 {{1, 5}, 1400 {7, 7}, 1401 {0, 0}, 1402 {0, 0} 1403 } 1404 }, 1405 {1, 1, 2, 0, /* 0xbf */ 1406 {{0, 5}, 1407 {7, 7}, 1408 {0, 0}, 1409 {0, 0} 1410 } 1411 }, 1412 {0, 1, 1, 0, /* 0xc0 */ 1413 {{6, 7}, 1414 {0, 0}, 1415 {0, 0}, 1416 {0, 0} 1417 } 1418 }, 1419 {1, 1, 2, 0, /* 0xc1 */ 1420 {{0, 0}, 1421 {6, 7}, 1422 {0, 0}, 1423 {0, 0} 1424 } 1425 }, 1426 {0, 1, 2, 0, /* 0xc2 */ 1427 {{1, 1}, 1428 {6, 7}, 1429 {0, 0}, 1430 {0, 0} 1431 } 1432 }, 1433 {1, 1, 2, 0, /* 0xc3 */ 1434 {{0, 1}, 1435 {6, 7}, 1436 {0, 0}, 1437 {0, 0} 1438 } 1439 }, 1440 {0, 1, 2, 0, /* 0xc4 */ 1441 {{2, 2}, 1442 {6, 7}, 1443 {0, 0}, 1444 {0, 0} 1445 } 1446 }, 1447 {1, 1, 3, 0, /* 0xc5 */ 1448 {{0, 0}, 1449 {2, 2}, 1450 {6, 7}, 1451 {0, 0} 1452 } 1453 }, 1454 {0, 1, 2, 0, /* 0xc6 */ 1455 {{1, 2}, 1456 {6, 7}, 1457 {0, 0}, 1458 {0, 0} 1459 } 1460 }, 1461 {1, 1, 2, 0, /* 0xc7 */ 1462 {{0, 2}, 1463 {6, 7}, 1464 {0, 0}, 1465 {0, 0} 1466 } 1467 }, 1468 {0, 1, 2, 0, /* 0xc8 */ 1469 {{3, 3}, 1470 {6, 7}, 1471 {0, 0}, 1472 {0, 0} 1473 } 1474 }, 1475 {1, 1, 3, 0, /* 0xc9 */ 1476 {{0, 0}, 1477 {3, 3}, 1478 {6, 7}, 1479 {0, 0} 1480 } 1481 }, 1482 {0, 1, 3, 0, /* 0xca */ 1483 {{1, 1}, 1484 {3, 3}, 1485 {6, 7}, 1486 {0, 0} 1487 } 1488 }, 1489 {1, 1, 3, 0, /* 0xcb */ 1490 {{0, 1}, 1491 {3, 3}, 1492 {6, 7}, 1493 {0, 0} 1494 } 1495 }, 1496 {0, 1, 2, 0, /* 0xcc */ 1497 {{2, 3}, 1498 {6, 7}, 1499 {0, 0}, 1500 {0, 0} 1501 } 1502 }, 1503 {1, 1, 3, 0, /* 0xcd */ 1504 {{0, 0}, 1505 {2, 3}, 1506 {6, 7}, 1507 {0, 0} 1508 } 1509 }, 1510 {0, 1, 2, 0, /* 0xce */ 1511 {{1, 3}, 1512 {6, 7}, 1513 {0, 0}, 1514 {0, 0} 1515 } 1516 }, 1517 {1, 1, 2, 0, /* 0xcf */ 1518 {{0, 3}, 1519 {6, 7}, 1520 {0, 0}, 1521 {0, 0} 1522 } 1523 }, 1524 {0, 1, 2, 0, /* 0xd0 */ 1525 {{4, 4}, 1526 {6, 7}, 1527 {0, 0}, 1528 {0, 0} 1529 } 1530 }, 1531 {1, 1, 3, 0, /* 0xd1 */ 1532 {{0, 0}, 1533 {4, 4}, 1534 {6, 7}, 1535 {0, 0} 1536 } 1537 }, 1538 {0, 1, 3, 0, /* 0xd2 */ 1539 {{1, 1}, 1540 {4, 4}, 1541 {6, 7}, 1542 {0, 0} 1543 } 1544 }, 1545 {1, 1, 3, 0, /* 0xd3 */ 1546 {{0, 1}, 1547 {4, 4}, 1548 {6, 7}, 1549 {0, 0} 1550 } 1551 }, 1552 {0, 1, 3, 0, /* 0xd4 */ 1553 {{2, 2}, 1554 {4, 4}, 1555 {6, 7}, 1556 {0, 0} 1557 } 1558 }, 1559 {1, 1, 4, 0, /* 0xd5 */ 1560 {{0, 0}, 1561 {2, 2}, 1562 {4, 4}, 1563 {6, 7} 1564 } 1565 }, 1566 {0, 1, 3, 0, /* 0xd6 */ 1567 {{1, 2}, 1568 {4, 4}, 1569 {6, 7}, 1570 {0, 0} 1571 } 1572 }, 1573 {1, 1, 3, 0, /* 0xd7 */ 1574 {{0, 2}, 1575 {4, 4}, 1576 {6, 7}, 1577 {0, 0} 1578 } 1579 }, 1580 {0, 1, 2, 0, /* 0xd8 */ 1581 {{3, 4}, 1582 {6, 7}, 1583 {0, 0}, 1584 {0, 0} 1585 } 1586 }, 1587 {1, 1, 3, 0, /* 0xd9 */ 1588 {{0, 0}, 1589 {3, 4}, 1590 {6, 7}, 1591 {0, 0} 1592 } 1593 }, 1594 {0, 1, 3, 0, /* 0xda */ 1595 {{1, 1}, 1596 {3, 4}, 1597 {6, 7}, 1598 {0, 0} 1599 } 1600 }, 1601 {1, 1, 3, 0, /* 0xdb */ 1602 {{0, 1}, 1603 {3, 4}, 1604 {6, 7}, 1605 {0, 0} 1606 } 1607 }, 1608 {0, 1, 2, 0, /* 0xdc */ 1609 {{2, 4}, 1610 {6, 7}, 1611 {0, 0}, 1612 {0, 0} 1613 } 1614 }, 1615 {1, 1, 3, 0, /* 0xdd */ 1616 {{0, 0}, 1617 {2, 4}, 1618 {6, 7}, 1619 {0, 0} 1620 } 1621 }, 1622 {0, 1, 2, 0, /* 0xde */ 1623 {{1, 4}, 1624 {6, 7}, 1625 {0, 0}, 1626 {0, 0} 1627 } 1628 }, 1629 {1, 1, 2, 0, /* 0xdf */ 1630 {{0, 4}, 1631 {6, 7}, 1632 {0, 0}, 1633 {0, 0} 1634 } 1635 }, 1636 {0, 1, 1, 0, /* 0xe0 */ 1637 {{5, 7}, 1638 {0, 0}, 1639 {0, 0}, 1640 {0, 0} 1641 } 1642 }, 1643 {1, 1, 2, 0, /* 0xe1 */ 1644 {{0, 0}, 1645 {5, 7}, 1646 {0, 0}, 1647 {0, 0} 1648 } 1649 }, 1650 {0, 1, 2, 0, /* 0xe2 */ 1651 {{1, 1}, 1652 {5, 7}, 1653 {0, 0}, 1654 {0, 0} 1655 } 1656 }, 1657 {1, 1, 2, 0, /* 0xe3 */ 1658 {{0, 1}, 1659 {5, 7}, 1660 {0, 0}, 1661 {0, 0} 1662 } 1663 }, 1664 {0, 1, 2, 0, /* 0xe4 */ 1665 {{2, 2}, 1666 {5, 7}, 1667 {0, 0}, 1668 {0, 0} 1669 } 1670 }, 1671 {1, 1, 3, 0, /* 0xe5 */ 1672 {{0, 0}, 1673 {2, 2}, 1674 {5, 7}, 1675 {0, 0} 1676 } 1677 }, 1678 {0, 1, 2, 0, /* 0xe6 */ 1679 {{1, 2}, 1680 {5, 7}, 1681 {0, 0}, 1682 {0, 0} 1683 } 1684 }, 1685 {1, 1, 2, 0, /* 0xe7 */ 1686 {{0, 2}, 1687 {5, 7}, 1688 {0, 0}, 1689 {0, 0} 1690 } 1691 }, 1692 {0, 1, 2, 0, /* 0xe8 */ 1693 {{3, 3}, 1694 {5, 7}, 1695 {0, 0}, 1696 {0, 0} 1697 } 1698 }, 1699 {1, 1, 3, 0, /* 0xe9 */ 1700 {{0, 0}, 1701 {3, 3}, 1702 {5, 7}, 1703 {0, 0} 1704 } 1705 }, 1706 {0, 1, 3, 0, /* 0xea */ 1707 {{1, 1}, 1708 {3, 3}, 1709 {5, 7}, 1710 {0, 0} 1711 } 1712 }, 1713 {1, 1, 3, 0, /* 0xeb */ 1714 {{0, 1}, 1715 {3, 3}, 1716 {5, 7}, 1717 {0, 0} 1718 } 1719 }, 1720 {0, 1, 2, 0, /* 0xec */ 1721 {{2, 3}, 1722 {5, 7}, 1723 {0, 0}, 1724 {0, 0} 1725 } 1726 }, 1727 {1, 1, 3, 0, /* 0xed */ 1728 {{0, 0}, 1729 {2, 3}, 1730 {5, 7}, 1731 {0, 0} 1732 } 1733 }, 1734 {0, 1, 2, 0, /* 0xee */ 1735 {{1, 3}, 1736 {5, 7}, 1737 {0, 0}, 1738 {0, 0} 1739 } 1740 }, 1741 {1, 1, 2, 0, /* 0xef */ 1742 {{0, 3}, 1743 {5, 7}, 1744 {0, 0}, 1745 {0, 0} 1746 } 1747 }, 1748 {0, 1, 1, 0, /* 0xf0 */ 1749 {{4, 7}, 1750 {0, 0}, 1751 {0, 0}, 1752 {0, 0} 1753 } 1754 }, 1755 {1, 1, 2, 0, /* 0xf1 */ 1756 {{0, 0}, 1757 {4, 7}, 1758 {0, 0}, 1759 {0, 0} 1760 } 1761 }, 1762 {0, 1, 2, 0, /* 0xf2 */ 1763 {{1, 1}, 1764 {4, 7}, 1765 {0, 0}, 1766 {0, 0} 1767 } 1768 }, 1769 {1, 1, 2, 0, /* 0xf3 */ 1770 {{0, 1}, 1771 {4, 7}, 1772 {0, 0}, 1773 {0, 0} 1774 } 1775 }, 1776 {0, 1, 2, 0, /* 0xf4 */ 1777 {{2, 2}, 1778 {4, 7}, 1779 {0, 0}, 1780 {0, 0} 1781 } 1782 }, 1783 {1, 1, 3, 0, /* 0xf5 */ 1784 {{0, 0}, 1785 {2, 2}, 1786 {4, 7}, 1787 {0, 0} 1788 } 1789 }, 1790 {0, 1, 2, 0, /* 0xf6 */ 1791 {{1, 2}, 1792 {4, 7}, 1793 {0, 0}, 1794 {0, 0} 1795 } 1796 }, 1797 {1, 1, 2, 0, /* 0xf7 */ 1798 {{0, 2}, 1799 {4, 7}, 1800 {0, 0}, 1801 {0, 0} 1802 } 1803 }, 1804 {0, 1, 1, 0, /* 0xf8 */ 1805 {{3, 7}, 1806 {0, 0}, 1807 {0, 0}, 1808 {0, 0} 1809 } 1810 }, 1811 {1, 1, 2, 0, /* 0xf9 */ 1812 {{0, 0}, 1813 {3, 7}, 1814 {0, 0}, 1815 {0, 0} 1816 } 1817 }, 1818 {0, 1, 2, 0, /* 0xfa */ 1819 {{1, 1}, 1820 {3, 7}, 1821 {0, 0}, 1822 {0, 0} 1823 } 1824 }, 1825 {1, 1, 2, 0, /* 0xfb */ 1826 {{0, 1}, 1827 {3, 7}, 1828 {0, 0}, 1829 {0, 0} 1830 } 1831 }, 1832 {0, 1, 1, 0, /* 0xfc */ 1833 {{2, 7}, 1834 {0, 0}, 1835 {0, 0}, 1836 {0, 0} 1837 } 1838 }, 1839 {1, 1, 2, 0, /* 0xfd */ 1840 {{0, 0}, 1841 {2, 7}, 1842 {0, 0}, 1843 {0, 0} 1844 } 1845 }, 1846 {0, 1, 1, 0, /* 0xfe */ 1847 {{1, 7}, 1848 {0, 0}, 1849 {0, 0}, 1850 {0, 0} 1851 } 1852 }, 1853 {1, 1, 1, 0, /* 0xff */ 1854 {{0, 7}, 1855 {0, 0}, 1856 {0, 0}, 1857 {0, 0} 1858 } 1859 } 1860}; 1861 1862 1863int 1864sctp_is_address_in_scope(struct sctp_ifa *ifa, 1865 int ipv4_addr_legal, 1866 int ipv6_addr_legal, 1867 int loopback_scope, 1868 int ipv4_local_scope, 1869 int local_scope, 1870 int site_scope, 1871 int do_update) 1872{ 1873 if ((loopback_scope == 0) && 1874 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) { 1875 /* 1876 * skip loopback if not in scope * 1877 */ 1878 return (0); 1879 } 1880 switch (ifa->address.sa.sa_family) { 1881 case AF_INET: 1882 if (ipv4_addr_legal) { 1883 struct sockaddr_in *sin; 1884 1885 sin = (struct sockaddr_in *)&ifa->address.sin; 1886 if (sin->sin_addr.s_addr == 0) { 1887 /* not in scope , unspecified */ 1888 return (0); 1889 } 1890 if ((ipv4_local_scope == 0) && 1891 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1892 /* private address not in scope */ 1893 return (0); 1894 } 1895 } else { 1896 return (0); 1897 } 1898 break; 1899#ifdef INET6 1900 case AF_INET6: 1901 if (ipv6_addr_legal) { 1902 struct sockaddr_in6 *sin6; 1903 1904 /* 1905 * Must update the flags, bummer, which means any 1906 * IFA locks must now be applied HERE <-> 1907 */ 1908 if (do_update) { 1909 sctp_gather_internal_ifa_flags(ifa); 1910 } 1911 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1912 return (0); 1913 } 1914 /* ok to use deprecated addresses? */ 1915 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1916 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1917 /* skip unspecifed addresses */ 1918 return (0); 1919 } 1920 if ( /* (local_scope == 0) && */ 1921 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1922 return (0); 1923 } 1924 if ((site_scope == 0) && 1925 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1926 return (0); 1927 } 1928 } else { 1929 return (0); 1930 } 1931 break; 1932#endif 1933 default: 1934 return (0); 1935 } 1936 return (1); 1937} 1938 1939static struct mbuf * 1940sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa) 1941{ 1942 struct sctp_paramhdr *parmh; 1943 struct mbuf *mret; 1944 int len; 1945 1946 if (ifa->address.sa.sa_family == AF_INET) { 1947 len = sizeof(struct sctp_ipv4addr_param); 1948 } else if (ifa->address.sa.sa_family == AF_INET6) { 1949 len = sizeof(struct sctp_ipv6addr_param); 1950 } else { 1951 /* unknown type */ 1952 return (m); 1953 } 1954 if (M_TRAILINGSPACE(m) >= len) { 1955 /* easy side we just drop it on the end */ 1956 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 1957 mret = m; 1958 } else { 1959 /* Need more space */ 1960 mret = m; 1961 while (SCTP_BUF_NEXT(mret) != NULL) { 1962 mret = SCTP_BUF_NEXT(mret); 1963 } 1964 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA); 1965 if (SCTP_BUF_NEXT(mret) == NULL) { 1966 /* We are hosed, can't add more addresses */ 1967 return (m); 1968 } 1969 mret = SCTP_BUF_NEXT(mret); 1970 parmh = mtod(mret, struct sctp_paramhdr *); 1971 } 1972 /* now add the parameter */ 1973 switch (ifa->address.sa.sa_family) { 1974 case AF_INET: 1975 { 1976 struct sctp_ipv4addr_param *ipv4p; 1977 struct sockaddr_in *sin; 1978 1979 sin = (struct sockaddr_in *)&ifa->address.sin; 1980 ipv4p = (struct sctp_ipv4addr_param *)parmh; 1981 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 1982 parmh->param_length = htons(len); 1983 ipv4p->addr = sin->sin_addr.s_addr; 1984 SCTP_BUF_LEN(mret) += len; 1985 break; 1986 } 1987#ifdef INET6 1988 case AF_INET6: 1989 { 1990 struct sctp_ipv6addr_param *ipv6p; 1991 struct sockaddr_in6 *sin6; 1992 1993 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1994 ipv6p = (struct sctp_ipv6addr_param *)parmh; 1995 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 1996 parmh->param_length = htons(len); 1997 memcpy(ipv6p->addr, &sin6->sin6_addr, 1998 sizeof(ipv6p->addr)); 1999 /* clear embedded scope in the address */ 2000 in6_clearscope((struct in6_addr *)ipv6p->addr); 2001 SCTP_BUF_LEN(mret) += len; 2002 break; 2003 } 2004#endif 2005 default: 2006 return (m); 2007 } 2008 return (mret); 2009} 2010 2011 2012struct mbuf * 2013sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope, 2014 struct mbuf *m_at, int cnt_inits_to) 2015{ 2016 struct sctp_vrf *vrf = NULL; 2017 int cnt, limit_out = 0, total_count; 2018 uint32_t vrf_id; 2019 2020 vrf_id = inp->def_vrf_id; 2021 SCTP_IPI_ADDR_RLOCK(); 2022 vrf = sctp_find_vrf(vrf_id); 2023 if (vrf == NULL) { 2024 SCTP_IPI_ADDR_RUNLOCK(); 2025 return (m_at); 2026 } 2027 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2028 struct sctp_ifa *sctp_ifap; 2029 struct sctp_ifn *sctp_ifnp; 2030 2031 cnt = cnt_inits_to; 2032 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) { 2033 limit_out = 1; 2034 cnt = SCTP_ADDRESS_LIMIT; 2035 goto skip_count; 2036 } 2037 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2038 if ((scope->loopback_scope == 0) && 2039 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2040 /* 2041 * Skip loopback devices if loopback_scope 2042 * not set 2043 */ 2044 continue; 2045 } 2046 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2047 if (sctp_is_address_in_scope(sctp_ifap, 2048 scope->ipv4_addr_legal, 2049 scope->ipv6_addr_legal, 2050 scope->loopback_scope, 2051 scope->ipv4_local_scope, 2052 scope->local_scope, 2053 scope->site_scope, 1) == 0) { 2054 continue; 2055 } 2056 cnt++; 2057 if (cnt > SCTP_ADDRESS_LIMIT) { 2058 break; 2059 } 2060 } 2061 if (cnt > SCTP_ADDRESS_LIMIT) { 2062 break; 2063 } 2064 } 2065skip_count: 2066 if (cnt > 1) { 2067 total_count = 0; 2068 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2069 cnt = 0; 2070 if ((scope->loopback_scope == 0) && 2071 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2072 /* 2073 * Skip loopback devices if 2074 * loopback_scope not set 2075 */ 2076 continue; 2077 } 2078 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2079 if (sctp_is_address_in_scope(sctp_ifap, 2080 scope->ipv4_addr_legal, 2081 scope->ipv6_addr_legal, 2082 scope->loopback_scope, 2083 scope->ipv4_local_scope, 2084 scope->local_scope, 2085 scope->site_scope, 0) == 0) { 2086 continue; 2087 } 2088 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap); 2089 if (limit_out) { 2090 cnt++; 2091 total_count++; 2092 if (cnt >= 2) { 2093 /* 2094 * two from each 2095 * address 2096 */ 2097 break; 2098 } 2099 if (total_count > SCTP_ADDRESS_LIMIT) { 2100 /* No more addresses */ 2101 break; 2102 } 2103 } 2104 } 2105 } 2106 } 2107 } else { 2108 struct sctp_laddr *laddr; 2109 2110 cnt = cnt_inits_to; 2111 /* First, how many ? */ 2112 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2113 if (laddr->ifa == NULL) { 2114 continue; 2115 } 2116 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2117 /* 2118 * Address being deleted by the system, dont 2119 * list. 2120 */ 2121 continue; 2122 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2123 /* 2124 * Address being deleted on this ep don't 2125 * list. 2126 */ 2127 continue; 2128 } 2129 if (sctp_is_address_in_scope(laddr->ifa, 2130 scope->ipv4_addr_legal, 2131 scope->ipv6_addr_legal, 2132 scope->loopback_scope, 2133 scope->ipv4_local_scope, 2134 scope->local_scope, 2135 scope->site_scope, 1) == 0) { 2136 continue; 2137 } 2138 cnt++; 2139 } 2140 if (cnt > SCTP_ADDRESS_LIMIT) { 2141 limit_out = 1; 2142 } 2143 /* 2144 * To get through a NAT we only list addresses if we have 2145 * more than one. That way if you just bind a single address 2146 * we let the source of the init dictate our address. 2147 */ 2148 if (cnt > 1) { 2149 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2150 cnt = 0; 2151 if (laddr->ifa == NULL) { 2152 continue; 2153 } 2154 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2155 continue; 2156 2157 if (sctp_is_address_in_scope(laddr->ifa, 2158 scope->ipv4_addr_legal, 2159 scope->ipv6_addr_legal, 2160 scope->loopback_scope, 2161 scope->ipv4_local_scope, 2162 scope->local_scope, 2163 scope->site_scope, 0) == 0) { 2164 continue; 2165 } 2166 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 2167 cnt++; 2168 if (cnt >= SCTP_ADDRESS_LIMIT) { 2169 break; 2170 } 2171 } 2172 } 2173 } 2174 SCTP_IPI_ADDR_RUNLOCK(); 2175 return (m_at); 2176} 2177 2178static struct sctp_ifa * 2179sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa, 2180 uint8_t dest_is_loop, 2181 uint8_t dest_is_priv, 2182 sa_family_t fam) 2183{ 2184 uint8_t dest_is_global = 0; 2185 2186 /* dest_is_priv is true if destination is a private address */ 2187 /* dest_is_loop is true if destination is a loopback addresses */ 2188 2189 /* 2190 * Here we determine if its a preferred address. A preferred address 2191 * means it is the same scope or higher scope then the destination. 2192 * L = loopback, P = private, G = global 2193 * ----------------------------------------- src | dest | result 2194 * ---------------------------------------- L | L | yes 2195 * ----------------------------------------- P | L | 2196 * yes-v4 no-v6 ----------------------------------------- G | 2197 * L | yes-v4 no-v6 ----------------------------------------- L 2198 * | P | no ----------------------------------------- P | 2199 * P | yes ----------------------------------------- G | 2200 * P | no ----------------------------------------- L | G 2201 * | no ----------------------------------------- P | G | 2202 * no ----------------------------------------- G | G | 2203 * yes ----------------------------------------- 2204 */ 2205 2206 if (ifa->address.sa.sa_family != fam) { 2207 /* forget mis-matched family */ 2208 return (NULL); 2209 } 2210 if ((dest_is_priv == 0) && (dest_is_loop == 0)) { 2211 dest_is_global = 1; 2212 } 2213 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:"); 2214 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa); 2215 /* Ok the address may be ok */ 2216 if (fam == AF_INET6) { 2217 /* ok to use deprecated addresses? no lets not! */ 2218 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2219 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n"); 2220 return (NULL); 2221 } 2222 if (ifa->src_is_priv && !ifa->src_is_loop) { 2223 if (dest_is_loop) { 2224 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n"); 2225 return (NULL); 2226 } 2227 } 2228 if (ifa->src_is_glob) { 2229 if (dest_is_loop) { 2230 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n"); 2231 return (NULL); 2232 } 2233 } 2234 } 2235 /* 2236 * Now that we know what is what, implement or table this could in 2237 * theory be done slicker (it used to be), but this is 2238 * straightforward and easier to validate :-) 2239 */ 2240 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n", 2241 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob); 2242 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n", 2243 dest_is_loop, dest_is_priv, dest_is_global); 2244 2245 if ((ifa->src_is_loop) && (dest_is_priv)) { 2246 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n"); 2247 return (NULL); 2248 } 2249 if ((ifa->src_is_glob) && (dest_is_priv)) { 2250 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n"); 2251 return (NULL); 2252 } 2253 if ((ifa->src_is_loop) && (dest_is_global)) { 2254 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n"); 2255 return (NULL); 2256 } 2257 if ((ifa->src_is_priv) && (dest_is_global)) { 2258 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n"); 2259 return (NULL); 2260 } 2261 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n"); 2262 /* its a preferred address */ 2263 return (ifa); 2264} 2265 2266static struct sctp_ifa * 2267sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa, 2268 uint8_t dest_is_loop, 2269 uint8_t dest_is_priv, 2270 sa_family_t fam) 2271{ 2272 uint8_t dest_is_global = 0; 2273 2274 /* 2275 * Here we determine if its a acceptable address. A acceptable 2276 * address means it is the same scope or higher scope but we can 2277 * allow for NAT which means its ok to have a global dest and a 2278 * private src. 2279 * 2280 * L = loopback, P = private, G = global 2281 * ----------------------------------------- src | dest | result 2282 * ----------------------------------------- L | L | yes 2283 * ----------------------------------------- P | L | 2284 * yes-v4 no-v6 ----------------------------------------- G | 2285 * L | yes ----------------------------------------- L | 2286 * P | no ----------------------------------------- P | P 2287 * | yes ----------------------------------------- G | P 2288 * | yes - May not work ----------------------------------------- 2289 * L | G | no ----------------------------------------- P 2290 * | G | yes - May not work 2291 * ----------------------------------------- G | G | yes 2292 * ----------------------------------------- 2293 */ 2294 2295 if (ifa->address.sa.sa_family != fam) { 2296 /* forget non matching family */ 2297 return (NULL); 2298 } 2299 /* Ok the address may be ok */ 2300 if ((dest_is_loop == 0) && (dest_is_priv == 0)) { 2301 dest_is_global = 1; 2302 } 2303 if (fam == AF_INET6) { 2304 /* ok to use deprecated addresses? */ 2305 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2306 return (NULL); 2307 } 2308 if (ifa->src_is_priv) { 2309 /* Special case, linklocal to loop */ 2310 if (dest_is_loop) 2311 return (NULL); 2312 } 2313 } 2314 /* 2315 * Now that we know what is what, implement our table. This could in 2316 * theory be done slicker (it used to be), but this is 2317 * straightforward and easier to validate :-) 2318 */ 2319 if ((ifa->src_is_loop == 1) && (dest_is_priv)) { 2320 return (NULL); 2321 } 2322 if ((ifa->src_is_loop == 1) && (dest_is_global)) { 2323 return (NULL); 2324 } 2325 /* its an acceptable address */ 2326 return (ifa); 2327} 2328 2329int 2330sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 2331{ 2332 struct sctp_laddr *laddr; 2333 2334 if (stcb == NULL) { 2335 /* There are no restrictions, no TCB :-) */ 2336 return (0); 2337 } 2338 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 2339 if (laddr->ifa == NULL) { 2340 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2341 __FUNCTION__); 2342 continue; 2343 } 2344 if (laddr->ifa == ifa) { 2345 /* Yes it is on the list */ 2346 return (1); 2347 } 2348 } 2349 return (0); 2350} 2351 2352 2353int 2354sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 2355{ 2356 struct sctp_laddr *laddr; 2357 2358 if (ifa == NULL) 2359 return (0); 2360 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2361 if (laddr->ifa == NULL) { 2362 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2363 __FUNCTION__); 2364 continue; 2365 } 2366 if ((laddr->ifa == ifa) && laddr->action == 0) 2367 /* same pointer */ 2368 return (1); 2369 } 2370 return (0); 2371} 2372 2373 2374 2375static struct sctp_ifa * 2376sctp_choose_boundspecific_inp(struct sctp_inpcb *inp, 2377 sctp_route_t * ro, 2378 uint32_t vrf_id, 2379 int non_asoc_addr_ok, 2380 uint8_t dest_is_priv, 2381 uint8_t dest_is_loop, 2382 sa_family_t fam) 2383{ 2384 struct sctp_laddr *laddr, *starting_point; 2385 void *ifn; 2386 int resettotop = 0; 2387 struct sctp_ifn *sctp_ifn; 2388 struct sctp_ifa *sctp_ifa, *sifa; 2389 struct sctp_vrf *vrf; 2390 uint32_t ifn_index; 2391 2392 vrf = sctp_find_vrf(vrf_id); 2393 if (vrf == NULL) 2394 return (NULL); 2395 2396 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2397 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2398 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2399 /* 2400 * first question, is the ifn we will emit on in our list, if so, we 2401 * want such an address. Note that we first looked for a preferred 2402 * address. 2403 */ 2404 if (sctp_ifn) { 2405 /* is a preferred one on the interface we route out? */ 2406 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2407 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2408 (non_asoc_addr_ok == 0)) 2409 continue; 2410 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, 2411 dest_is_loop, 2412 dest_is_priv, fam); 2413 if (sifa == NULL) 2414 continue; 2415 if (sctp_is_addr_in_ep(inp, sifa)) { 2416 atomic_add_int(&sifa->refcount, 1); 2417 return (sifa); 2418 } 2419 } 2420 } 2421 /* 2422 * ok, now we now need to find one on the list of the addresses. We 2423 * can't get one on the emitting interface so let's find first a 2424 * preferred one. If not that an acceptable one otherwise... we 2425 * return NULL. 2426 */ 2427 starting_point = inp->next_addr_touse; 2428once_again: 2429 if (inp->next_addr_touse == NULL) { 2430 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2431 resettotop = 1; 2432 } 2433 for (laddr = inp->next_addr_touse; laddr; 2434 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2435 if (laddr->ifa == NULL) { 2436 /* address has been removed */ 2437 continue; 2438 } 2439 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2440 /* address is being deleted */ 2441 continue; 2442 } 2443 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, 2444 dest_is_priv, fam); 2445 if (sifa == NULL) 2446 continue; 2447 atomic_add_int(&sifa->refcount, 1); 2448 return (sifa); 2449 } 2450 if (resettotop == 0) { 2451 inp->next_addr_touse = NULL; 2452 goto once_again; 2453 } 2454 inp->next_addr_touse = starting_point; 2455 resettotop = 0; 2456once_again_too: 2457 if (inp->next_addr_touse == NULL) { 2458 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2459 resettotop = 1; 2460 } 2461 /* ok, what about an acceptable address in the inp */ 2462 for (laddr = inp->next_addr_touse; laddr; 2463 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2464 if (laddr->ifa == NULL) { 2465 /* address has been removed */ 2466 continue; 2467 } 2468 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2469 /* address is being deleted */ 2470 continue; 2471 } 2472 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2473 dest_is_priv, fam); 2474 if (sifa == NULL) 2475 continue; 2476 atomic_add_int(&sifa->refcount, 1); 2477 return (sifa); 2478 } 2479 if (resettotop == 0) { 2480 inp->next_addr_touse = NULL; 2481 goto once_again_too; 2482 } 2483 /* 2484 * no address bound can be a source for the destination we are in 2485 * trouble 2486 */ 2487 return (NULL); 2488} 2489 2490 2491 2492static struct sctp_ifa * 2493sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp, 2494 struct sctp_tcb *stcb, 2495 struct sctp_nets *net, 2496 sctp_route_t * ro, 2497 uint32_t vrf_id, 2498 uint8_t dest_is_priv, 2499 uint8_t dest_is_loop, 2500 int non_asoc_addr_ok, 2501 sa_family_t fam) 2502{ 2503 struct sctp_laddr *laddr, *starting_point; 2504 void *ifn; 2505 struct sctp_ifn *sctp_ifn; 2506 struct sctp_ifa *sctp_ifa, *sifa; 2507 uint8_t start_at_beginning = 0; 2508 struct sctp_vrf *vrf; 2509 uint32_t ifn_index; 2510 2511 /* 2512 * first question, is the ifn we will emit on in our list, if so, we 2513 * want that one. 2514 */ 2515 vrf = sctp_find_vrf(vrf_id); 2516 if (vrf == NULL) 2517 return (NULL); 2518 2519 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2520 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2521 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2522 2523 /* 2524 * first question, is the ifn we will emit on in our list? If so, 2525 * we want that one. First we look for a preferred. Second, we go 2526 * for an acceptable. 2527 */ 2528 if (sctp_ifn) { 2529 /* first try for a preferred address on the ep */ 2530 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2531 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2532 continue; 2533 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2534 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2535 if (sifa == NULL) 2536 continue; 2537 if (((non_asoc_addr_ok == 0) && 2538 (sctp_is_addr_restricted(stcb, sifa))) || 2539 (non_asoc_addr_ok && 2540 (sctp_is_addr_restricted(stcb, sifa)) && 2541 (!sctp_is_addr_pending(stcb, sifa)))) { 2542 /* on the no-no list */ 2543 continue; 2544 } 2545 atomic_add_int(&sifa->refcount, 1); 2546 return (sifa); 2547 } 2548 } 2549 /* next try for an acceptable address on the ep */ 2550 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2551 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2552 continue; 2553 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2554 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2555 if (sifa == NULL) 2556 continue; 2557 if (((non_asoc_addr_ok == 0) && 2558 (sctp_is_addr_restricted(stcb, sifa))) || 2559 (non_asoc_addr_ok && 2560 (sctp_is_addr_restricted(stcb, sifa)) && 2561 (!sctp_is_addr_pending(stcb, sifa)))) { 2562 /* on the no-no list */ 2563 continue; 2564 } 2565 atomic_add_int(&sifa->refcount, 1); 2566 return (sifa); 2567 } 2568 } 2569 2570 } 2571 /* 2572 * if we can't find one like that then we must look at all addresses 2573 * bound to pick one at first preferable then secondly acceptable. 2574 */ 2575 starting_point = stcb->asoc.last_used_address; 2576sctp_from_the_top: 2577 if (stcb->asoc.last_used_address == NULL) { 2578 start_at_beginning = 1; 2579 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2580 } 2581 /* search beginning with the last used address */ 2582 for (laddr = stcb->asoc.last_used_address; laddr; 2583 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2584 if (laddr->ifa == NULL) { 2585 /* address has been removed */ 2586 continue; 2587 } 2588 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2589 /* address is being deleted */ 2590 continue; 2591 } 2592 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2593 if (sifa == NULL) 2594 continue; 2595 if (((non_asoc_addr_ok == 0) && 2596 (sctp_is_addr_restricted(stcb, sifa))) || 2597 (non_asoc_addr_ok && 2598 (sctp_is_addr_restricted(stcb, sifa)) && 2599 (!sctp_is_addr_pending(stcb, sifa)))) { 2600 /* on the no-no list */ 2601 continue; 2602 } 2603 stcb->asoc.last_used_address = laddr; 2604 atomic_add_int(&sifa->refcount, 1); 2605 return (sifa); 2606 } 2607 if (start_at_beginning == 0) { 2608 stcb->asoc.last_used_address = NULL; 2609 goto sctp_from_the_top; 2610 } 2611 /* now try for any higher scope than the destination */ 2612 stcb->asoc.last_used_address = starting_point; 2613 start_at_beginning = 0; 2614sctp_from_the_top2: 2615 if (stcb->asoc.last_used_address == NULL) { 2616 start_at_beginning = 1; 2617 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2618 } 2619 /* search beginning with the last used address */ 2620 for (laddr = stcb->asoc.last_used_address; laddr; 2621 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2622 if (laddr->ifa == NULL) { 2623 /* address has been removed */ 2624 continue; 2625 } 2626 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2627 /* address is being deleted */ 2628 continue; 2629 } 2630 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2631 dest_is_priv, fam); 2632 if (sifa == NULL) 2633 continue; 2634 if (((non_asoc_addr_ok == 0) && 2635 (sctp_is_addr_restricted(stcb, sifa))) || 2636 (non_asoc_addr_ok && 2637 (sctp_is_addr_restricted(stcb, sifa)) && 2638 (!sctp_is_addr_pending(stcb, sifa)))) { 2639 /* on the no-no list */ 2640 continue; 2641 } 2642 stcb->asoc.last_used_address = laddr; 2643 atomic_add_int(&sifa->refcount, 1); 2644 return (sifa); 2645 } 2646 if (start_at_beginning == 0) { 2647 stcb->asoc.last_used_address = NULL; 2648 goto sctp_from_the_top2; 2649 } 2650 return (NULL); 2651} 2652 2653static struct sctp_ifa * 2654sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn, 2655 struct sctp_tcb *stcb, 2656 int non_asoc_addr_ok, 2657 uint8_t dest_is_loop, 2658 uint8_t dest_is_priv, 2659 int addr_wanted, 2660 sa_family_t fam, 2661 sctp_route_t * ro 2662) 2663{ 2664 struct sctp_ifa *ifa, *sifa; 2665 int num_eligible_addr = 0; 2666 2667#ifdef INET6 2668 struct sockaddr_in6 sin6, lsa6; 2669 2670 if (fam == AF_INET6) { 2671 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6)); 2672 (void)sa6_recoverscope(&sin6); 2673 } 2674#endif /* INET6 */ 2675 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2676 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2677 (non_asoc_addr_ok == 0)) 2678 continue; 2679 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2680 dest_is_priv, fam); 2681 if (sifa == NULL) 2682 continue; 2683#ifdef INET6 2684 if (fam == AF_INET6 && 2685 dest_is_loop && 2686 sifa->src_is_loop && sifa->src_is_priv) { 2687 /* 2688 * don't allow fe80::1 to be a src on loop ::1, we 2689 * don't list it to the peer so we will get an 2690 * abort. 2691 */ 2692 continue; 2693 } 2694 if (fam == AF_INET6 && 2695 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) && 2696 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 2697 /* 2698 * link-local <-> link-local must belong to the same 2699 * scope. 2700 */ 2701 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6)); 2702 (void)sa6_recoverscope(&lsa6); 2703 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) { 2704 continue; 2705 } 2706 } 2707#endif /* INET6 */ 2708 2709 /* 2710 * Check if the IPv6 address matches to next-hop. In the 2711 * mobile case, old IPv6 address may be not deleted from the 2712 * interface. Then, the interface has previous and new 2713 * addresses. We should use one corresponding to the 2714 * next-hop. (by micchie) 2715 */ 2716#ifdef INET6 2717 if (stcb && fam == AF_INET6 && 2718 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2719 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) 2720 == 0) { 2721 continue; 2722 } 2723 } 2724#endif 2725 /* Avoid topologically incorrect IPv4 address */ 2726 if (stcb && fam == AF_INET && 2727 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2728 if (sctp_v4src_match_nexthop(sifa, ro) == 0) { 2729 continue; 2730 } 2731 } 2732 if (stcb) { 2733 if (((non_asoc_addr_ok == 0) && 2734 (sctp_is_addr_restricted(stcb, sifa))) || 2735 (non_asoc_addr_ok && 2736 (sctp_is_addr_restricted(stcb, sifa)) && 2737 (!sctp_is_addr_pending(stcb, sifa)))) { 2738 /* 2739 * It is restricted for some reason.. 2740 * probably not yet added. 2741 */ 2742 continue; 2743 } 2744 } 2745 if (num_eligible_addr >= addr_wanted) { 2746 return (sifa); 2747 } 2748 num_eligible_addr++; 2749 } 2750 return (NULL); 2751} 2752 2753 2754static int 2755sctp_count_num_preferred_boundall(struct sctp_ifn *ifn, 2756 struct sctp_tcb *stcb, 2757 int non_asoc_addr_ok, 2758 uint8_t dest_is_loop, 2759 uint8_t dest_is_priv, 2760 sa_family_t fam) 2761{ 2762 struct sctp_ifa *ifa, *sifa; 2763 int num_eligible_addr = 0; 2764 2765 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2766 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2767 (non_asoc_addr_ok == 0)) { 2768 continue; 2769 } 2770 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2771 dest_is_priv, fam); 2772 if (sifa == NULL) { 2773 continue; 2774 } 2775 if (stcb) { 2776 if (((non_asoc_addr_ok == 0) && 2777 (sctp_is_addr_restricted(stcb, sifa))) || 2778 (non_asoc_addr_ok && 2779 (sctp_is_addr_restricted(stcb, sifa)) && 2780 (!sctp_is_addr_pending(stcb, sifa)))) { 2781 /* 2782 * It is restricted for some reason.. 2783 * probably not yet added. 2784 */ 2785 continue; 2786 } 2787 } 2788 num_eligible_addr++; 2789 } 2790 return (num_eligible_addr); 2791} 2792 2793static struct sctp_ifa * 2794sctp_choose_boundall(struct sctp_inpcb *inp, 2795 struct sctp_tcb *stcb, 2796 struct sctp_nets *net, 2797 sctp_route_t * ro, 2798 uint32_t vrf_id, 2799 uint8_t dest_is_priv, 2800 uint8_t dest_is_loop, 2801 int non_asoc_addr_ok, 2802 sa_family_t fam) 2803{ 2804 int cur_addr_num = 0, num_preferred = 0; 2805 void *ifn; 2806 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn; 2807 struct sctp_ifa *sctp_ifa, *sifa; 2808 uint32_t ifn_index; 2809 struct sctp_vrf *vrf; 2810 2811 /*- 2812 * For boundall we can use any address in the association. 2813 * If non_asoc_addr_ok is set we can use any address (at least in 2814 * theory). So we look for preferred addresses first. If we find one, 2815 * we use it. Otherwise we next try to get an address on the 2816 * interface, which we should be able to do (unless non_asoc_addr_ok 2817 * is false and we are routed out that way). In these cases where we 2818 * can't use the address of the interface we go through all the 2819 * ifn's looking for an address we can use and fill that in. Punting 2820 * means we send back address 0, which will probably cause problems 2821 * actually since then IP will fill in the address of the route ifn, 2822 * which means we probably already rejected it.. i.e. here comes an 2823 * abort :-<. 2824 */ 2825 vrf = sctp_find_vrf(vrf_id); 2826 if (vrf == NULL) 2827 return (NULL); 2828 2829 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2830 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2831 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2832 if (sctp_ifn == NULL) { 2833 /* ?? We don't have this guy ?? */ 2834 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No ifn emit interface?\n"); 2835 goto bound_all_plan_b; 2836 } 2837 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn_index:%d name:%s is emit interface\n", 2838 ifn_index, sctp_ifn->ifn_name); 2839 2840 if (net) { 2841 cur_addr_num = net->indx_of_eligible_next_to_use; 2842 } 2843 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, 2844 stcb, 2845 non_asoc_addr_ok, 2846 dest_is_loop, 2847 dest_is_priv, fam); 2848 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n", 2849 num_preferred, sctp_ifn->ifn_name); 2850 if (num_preferred == 0) { 2851 /* 2852 * no eligible addresses, we must use some other interface 2853 * address if we can find one. 2854 */ 2855 goto bound_all_plan_b; 2856 } 2857 /* 2858 * Ok we have num_eligible_addr set with how many we can use, this 2859 * may vary from call to call due to addresses being deprecated 2860 * etc.. 2861 */ 2862 if (cur_addr_num >= num_preferred) { 2863 cur_addr_num = 0; 2864 } 2865 /* 2866 * select the nth address from the list (where cur_addr_num is the 2867 * nth) and 0 is the first one, 1 is the second one etc... 2868 */ 2869 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num); 2870 2871 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2872 dest_is_priv, cur_addr_num, fam, ro); 2873 2874 /* if sctp_ifa is NULL something changed??, fall to plan b. */ 2875 if (sctp_ifa) { 2876 atomic_add_int(&sctp_ifa->refcount, 1); 2877 if (net) { 2878 /* save off where the next one we will want */ 2879 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2880 } 2881 return (sctp_ifa); 2882 } 2883 /* 2884 * plan_b: Look at all interfaces and find a preferred address. If 2885 * no preferred fall through to plan_c. 2886 */ 2887bound_all_plan_b: 2888 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n"); 2889 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2890 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n", 2891 sctp_ifn->ifn_name); 2892 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2893 /* wrong base scope */ 2894 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n"); 2895 continue; 2896 } 2897 if ((sctp_ifn == looked_at) && looked_at) { 2898 /* already looked at this guy */ 2899 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n"); 2900 continue; 2901 } 2902 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, stcb, non_asoc_addr_ok, 2903 dest_is_loop, dest_is_priv, fam); 2904 SCTPDBG(SCTP_DEBUG_OUTPUT2, 2905 "Found ifn:%p %d preferred source addresses\n", 2906 ifn, num_preferred); 2907 if (num_preferred == 0) { 2908 /* None on this interface. */ 2909 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n"); 2910 continue; 2911 } 2912 SCTPDBG(SCTP_DEBUG_OUTPUT2, 2913 "num preferred:%d on interface:%p cur_addr_num:%d\n", 2914 num_preferred, sctp_ifn, cur_addr_num); 2915 2916 /* 2917 * Ok we have num_eligible_addr set with how many we can 2918 * use, this may vary from call to call due to addresses 2919 * being deprecated etc.. 2920 */ 2921 if (cur_addr_num >= num_preferred) { 2922 cur_addr_num = 0; 2923 } 2924 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2925 dest_is_priv, cur_addr_num, fam, ro); 2926 if (sifa == NULL) 2927 continue; 2928 if (net) { 2929 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2930 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n", 2931 cur_addr_num); 2932 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:"); 2933 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 2934 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:"); 2935 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa); 2936 } 2937 atomic_add_int(&sifa->refcount, 1); 2938 return (sifa); 2939 2940 } 2941 2942 /* plan_c: do we have an acceptable address on the emit interface */ 2943 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan C: find acceptable on interface\n"); 2944 if (emit_ifn == NULL) { 2945 goto plan_d; 2946 } 2947 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { 2948 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2949 (non_asoc_addr_ok == 0)) 2950 continue; 2951 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, 2952 dest_is_priv, fam); 2953 if (sifa == NULL) 2954 continue; 2955 if (stcb) { 2956 if (((non_asoc_addr_ok == 0) && 2957 (sctp_is_addr_restricted(stcb, sifa))) || 2958 (non_asoc_addr_ok && 2959 (sctp_is_addr_restricted(stcb, sifa)) && 2960 (!sctp_is_addr_pending(stcb, sifa)))) { 2961 /* 2962 * It is restricted for some reason.. 2963 * probably not yet added. 2964 */ 2965 continue; 2966 } 2967 } 2968 atomic_add_int(&sifa->refcount, 1); 2969 return (sifa); 2970 } 2971plan_d: 2972 /* 2973 * plan_d: We are in trouble. No preferred address on the emit 2974 * interface. And not even a preferred address on all interfaces. Go 2975 * out and see if we can find an acceptable address somewhere 2976 * amongst all interfaces. 2977 */ 2978 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D\n"); 2979 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2980 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2981 /* wrong base scope */ 2982 continue; 2983 } 2984 if ((sctp_ifn == looked_at) && looked_at) 2985 /* already looked at this guy */ 2986 continue; 2987 2988 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2989 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2990 (non_asoc_addr_ok == 0)) 2991 continue; 2992 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 2993 dest_is_loop, 2994 dest_is_priv, fam); 2995 if (sifa == NULL) 2996 continue; 2997 if (stcb) { 2998 if (((non_asoc_addr_ok == 0) && 2999 (sctp_is_addr_restricted(stcb, sifa))) || 3000 (non_asoc_addr_ok && 3001 (sctp_is_addr_restricted(stcb, sifa)) && 3002 (!sctp_is_addr_pending(stcb, sifa)))) { 3003 /* 3004 * It is restricted for some 3005 * reason.. probably not yet added. 3006 */ 3007 continue; 3008 } 3009 } 3010 atomic_add_int(&sifa->refcount, 1); 3011 return (sifa); 3012 } 3013 } 3014 /* 3015 * Ok we can find NO address to source from that is not on our 3016 * restricted list and non_asoc_address is NOT ok, or it is on our 3017 * restricted list. We can't source to it :-( 3018 */ 3019 return (NULL); 3020} 3021 3022 3023 3024/* tcb may be NULL */ 3025struct sctp_ifa * 3026sctp_source_address_selection(struct sctp_inpcb *inp, 3027 struct sctp_tcb *stcb, 3028 sctp_route_t * ro, 3029 struct sctp_nets *net, 3030 int non_asoc_addr_ok, uint32_t vrf_id) 3031{ 3032 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 3033 3034#ifdef INET6 3035 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst; 3036 3037#endif 3038 struct sctp_ifa *answer; 3039 uint8_t dest_is_priv, dest_is_loop; 3040 sa_family_t fam; 3041 3042 /*- 3043 * Rules: - Find the route if needed, cache if I can. - Look at 3044 * interface address in route, Is it in the bound list. If so we 3045 * have the best source. - If not we must rotate amongst the 3046 * addresses. 3047 * 3048 * Cavets and issues 3049 * 3050 * Do we need to pay attention to scope. We can have a private address 3051 * or a global address we are sourcing or sending to. So if we draw 3052 * it out 3053 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3054 * For V4 3055 * ------------------------------------------ 3056 * source * dest * result 3057 * ----------------------------------------- 3058 * <a> Private * Global * NAT 3059 * ----------------------------------------- 3060 * <b> Private * Private * No problem 3061 * ----------------------------------------- 3062 * <c> Global * Private * Huh, How will this work? 3063 * ----------------------------------------- 3064 * <d> Global * Global * No Problem 3065 *------------------------------------------ 3066 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3067 * For V6 3068 *------------------------------------------ 3069 * source * dest * result 3070 * ----------------------------------------- 3071 * <a> Linklocal * Global * 3072 * ----------------------------------------- 3073 * <b> Linklocal * Linklocal * No problem 3074 * ----------------------------------------- 3075 * <c> Global * Linklocal * Huh, How will this work? 3076 * ----------------------------------------- 3077 * <d> Global * Global * No Problem 3078 *------------------------------------------ 3079 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3080 * 3081 * And then we add to that what happens if there are multiple addresses 3082 * assigned to an interface. Remember the ifa on a ifn is a linked 3083 * list of addresses. So one interface can have more than one IP 3084 * address. What happens if we have both a private and a global 3085 * address? Do we then use context of destination to sort out which 3086 * one is best? And what about NAT's sending P->G may get you a NAT 3087 * translation, or should you select the G thats on the interface in 3088 * preference. 3089 * 3090 * Decisions: 3091 * 3092 * - count the number of addresses on the interface. 3093 * - if it is one, no problem except case <c>. 3094 * For <a> we will assume a NAT out there. 3095 * - if there are more than one, then we need to worry about scope P 3096 * or G. We should prefer G -> G and P -> P if possible. 3097 * Then as a secondary fall back to mixed types G->P being a last 3098 * ditch one. 3099 * - The above all works for bound all, but bound specific we need to 3100 * use the same concept but instead only consider the bound 3101 * addresses. If the bound set is NOT assigned to the interface then 3102 * we must use rotation amongst the bound addresses.. 3103 */ 3104 if (ro->ro_rt == NULL) { 3105 /* 3106 * Need a route to cache. 3107 */ 3108 SCTP_RTALLOC(ro, vrf_id); 3109 } 3110 if (ro->ro_rt == NULL) { 3111 return (NULL); 3112 } 3113 fam = to->sin_family; 3114 dest_is_priv = dest_is_loop = 0; 3115 /* Setup our scopes for the destination */ 3116 switch (fam) { 3117 case AF_INET: 3118 /* Scope based on outbound address */ 3119 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3120 dest_is_loop = 1; 3121 if (net != NULL) { 3122 /* mark it as local */ 3123 net->addr_is_local = 1; 3124 } 3125 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 3126 dest_is_priv = 1; 3127 } 3128 break; 3129#ifdef INET6 3130 case AF_INET6: 3131 /* Scope based on outbound address */ 3132 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) || 3133 SCTP_ROUTE_IS_REAL_LOOP(ro)) { 3134 /* 3135 * If the address is a loopback address, which 3136 * consists of "::1" OR "fe80::1%lo0", we are 3137 * loopback scope. But we don't use dest_is_priv 3138 * (link local addresses). 3139 */ 3140 dest_is_loop = 1; 3141 if (net != NULL) { 3142 /* mark it as local */ 3143 net->addr_is_local = 1; 3144 } 3145 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3146 dest_is_priv = 1; 3147 } 3148 break; 3149#endif 3150 } 3151 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:"); 3152 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)to); 3153 SCTP_IPI_ADDR_RLOCK(); 3154 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3155 /* 3156 * Bound all case 3157 */ 3158 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, 3159 dest_is_priv, dest_is_loop, 3160 non_asoc_addr_ok, fam); 3161 SCTP_IPI_ADDR_RUNLOCK(); 3162 return (answer); 3163 } 3164 /* 3165 * Subset bound case 3166 */ 3167 if (stcb) { 3168 answer = sctp_choose_boundspecific_stcb(inp, stcb, net, ro, 3169 vrf_id, dest_is_priv, 3170 dest_is_loop, 3171 non_asoc_addr_ok, fam); 3172 } else { 3173 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id, 3174 non_asoc_addr_ok, 3175 dest_is_priv, 3176 dest_is_loop, fam); 3177 } 3178 SCTP_IPI_ADDR_RUNLOCK(); 3179 return (answer); 3180} 3181 3182static int 3183sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize) 3184{ 3185 struct cmsghdr cmh; 3186 int tlen, at; 3187 3188 tlen = SCTP_BUF_LEN(control); 3189 at = 0; 3190 /* 3191 * Independent of how many mbufs, find the c_type inside the control 3192 * structure and copy out the data. 3193 */ 3194 while (at < tlen) { 3195 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3196 /* not enough room for one more we are done. */ 3197 return (0); 3198 } 3199 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3200 if (((int)cmh.cmsg_len + at) > tlen) { 3201 /* 3202 * this is real messed up since there is not enough 3203 * data here to cover the cmsg header. We are done. 3204 */ 3205 return (0); 3206 } 3207 if ((cmh.cmsg_level == IPPROTO_SCTP) && 3208 (c_type == cmh.cmsg_type)) { 3209 /* found the one we want, copy it out */ 3210 at += CMSG_ALIGN(sizeof(struct cmsghdr)); 3211 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) { 3212 /* 3213 * space of cmsg_len after header not big 3214 * enough 3215 */ 3216 return (0); 3217 } 3218 m_copydata(control, at, cpsize, data); 3219 return (1); 3220 } else { 3221 at += CMSG_ALIGN(cmh.cmsg_len); 3222 if (cmh.cmsg_len == 0) { 3223 break; 3224 } 3225 } 3226 } 3227 /* not found */ 3228 return (0); 3229} 3230 3231static struct mbuf * 3232sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset, 3233 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t ** signature) 3234{ 3235 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 3236 struct sctp_state_cookie *stc; 3237 struct sctp_paramhdr *ph; 3238 uint8_t *foo; 3239 int sig_offset; 3240 uint16_t cookie_sz; 3241 3242 mret = NULL; 3243 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) + 3244 sizeof(struct sctp_paramhdr)), 0, 3245 M_DONTWAIT, 1, MT_DATA); 3246 if (mret == NULL) { 3247 return (NULL); 3248 } 3249 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_DONTWAIT); 3250 if (copy_init == NULL) { 3251 sctp_m_freem(mret); 3252 return (NULL); 3253 } 3254#ifdef SCTP_MBUF_LOGGING 3255 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3256 struct mbuf *mat; 3257 3258 mat = copy_init; 3259 while (mat) { 3260 if (SCTP_BUF_IS_EXTENDED(mat)) { 3261 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3262 } 3263 mat = SCTP_BUF_NEXT(mat); 3264 } 3265 } 3266#endif 3267 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL, 3268 M_DONTWAIT); 3269 if (copy_initack == NULL) { 3270 sctp_m_freem(mret); 3271 sctp_m_freem(copy_init); 3272 return (NULL); 3273 } 3274#ifdef SCTP_MBUF_LOGGING 3275 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3276 struct mbuf *mat; 3277 3278 mat = copy_initack; 3279 while (mat) { 3280 if (SCTP_BUF_IS_EXTENDED(mat)) { 3281 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3282 } 3283 mat = SCTP_BUF_NEXT(mat); 3284 } 3285 } 3286#endif 3287 /* easy side we just drop it on the end */ 3288 ph = mtod(mret, struct sctp_paramhdr *); 3289 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) + 3290 sizeof(struct sctp_paramhdr); 3291 stc = (struct sctp_state_cookie *)((caddr_t)ph + 3292 sizeof(struct sctp_paramhdr)); 3293 ph->param_type = htons(SCTP_STATE_COOKIE); 3294 ph->param_length = 0; /* fill in at the end */ 3295 /* Fill in the stc cookie data */ 3296 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie)); 3297 3298 /* tack the INIT and then the INIT-ACK onto the chain */ 3299 cookie_sz = 0; 3300 m_at = mret; 3301 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3302 cookie_sz += SCTP_BUF_LEN(m_at); 3303 if (SCTP_BUF_NEXT(m_at) == NULL) { 3304 SCTP_BUF_NEXT(m_at) = copy_init; 3305 break; 3306 } 3307 } 3308 3309 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3310 cookie_sz += SCTP_BUF_LEN(m_at); 3311 if (SCTP_BUF_NEXT(m_at) == NULL) { 3312 SCTP_BUF_NEXT(m_at) = copy_initack; 3313 break; 3314 } 3315 } 3316 3317 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3318 cookie_sz += SCTP_BUF_LEN(m_at); 3319 if (SCTP_BUF_NEXT(m_at) == NULL) { 3320 break; 3321 } 3322 } 3323 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_DONTWAIT, 1, MT_DATA); 3324 if (sig == NULL) { 3325 /* no space, so free the entire chain */ 3326 sctp_m_freem(mret); 3327 return (NULL); 3328 } 3329 SCTP_BUF_LEN(sig) = 0; 3330 SCTP_BUF_NEXT(m_at) = sig; 3331 sig_offset = 0; 3332 foo = (uint8_t *) (mtod(sig, caddr_t)+sig_offset); 3333 memset(foo, 0, SCTP_SIGNATURE_SIZE); 3334 *signature = foo; 3335 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE; 3336 cookie_sz += SCTP_SIGNATURE_SIZE; 3337 ph->param_length = htons(cookie_sz); 3338 return (mret); 3339} 3340 3341 3342static uint8_t 3343sctp_get_ect(struct sctp_tcb *stcb, 3344 struct sctp_tmit_chunk *chk) 3345{ 3346 uint8_t this_random; 3347 3348 /* Huh? */ 3349 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 0) 3350 return (0); 3351 3352 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce) == 0) 3353 /* no nonce, always return ECT0 */ 3354 return (SCTP_ECT0_BIT); 3355 3356 if (stcb->asoc.peer_supports_ecn_nonce == 0) { 3357 /* Peer does NOT support it, so we send a ECT0 only */ 3358 return (SCTP_ECT0_BIT); 3359 } 3360 if (chk == NULL) 3361 return (SCTP_ECT0_BIT); 3362 3363 if ((stcb->asoc.hb_random_idx > 3) || 3364 ((stcb->asoc.hb_random_idx == 3) && 3365 (stcb->asoc.hb_ect_randombit > 7))) { 3366 uint32_t rndval; 3367 3368warp_drive_sa: 3369 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 3370 memcpy(stcb->asoc.hb_random_values, &rndval, 3371 sizeof(stcb->asoc.hb_random_values)); 3372 this_random = stcb->asoc.hb_random_values[0]; 3373 stcb->asoc.hb_random_idx = 0; 3374 stcb->asoc.hb_ect_randombit = 0; 3375 } else { 3376 if (stcb->asoc.hb_ect_randombit > 7) { 3377 stcb->asoc.hb_ect_randombit = 0; 3378 stcb->asoc.hb_random_idx++; 3379 if (stcb->asoc.hb_random_idx > 3) { 3380 goto warp_drive_sa; 3381 } 3382 } 3383 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 3384 } 3385 if ((this_random >> stcb->asoc.hb_ect_randombit) & 0x01) { 3386 if (chk != NULL) 3387 /* ECN Nonce stuff */ 3388 chk->rec.data.ect_nonce = SCTP_ECT1_BIT; 3389 stcb->asoc.hb_ect_randombit++; 3390 return (SCTP_ECT1_BIT); 3391 } else { 3392 stcb->asoc.hb_ect_randombit++; 3393 return (SCTP_ECT0_BIT); 3394 } 3395} 3396 3397static int 3398sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 3399 struct sctp_tcb *stcb, /* may be NULL */ 3400 struct sctp_nets *net, 3401 struct sockaddr *to, 3402 struct mbuf *m, 3403 uint32_t auth_offset, 3404 struct sctp_auth_chunk *auth, 3405 uint16_t auth_keyid, 3406 int nofragment_flag, 3407 int ecn_ok, 3408 struct sctp_tmit_chunk *chk, 3409 int out_of_asoc_ok, 3410 uint16_t src_port, 3411 uint16_t dest_port, 3412 uint32_t v_tag, 3413 uint16_t port, 3414 int so_locked, 3415#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3416 SCTP_UNUSED 3417#endif 3418 union sctp_sockstore *over_addr 3419) 3420/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 3421{ 3422 /* 3423 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet 3424 * header WITH an SCTPHDR but no IP header, endpoint inp and sa 3425 * structure: - fill in the HMAC digest of any AUTH chunk in the 3426 * packet. - calculate and fill in the SCTP checksum. - prepend an 3427 * IP address header. - if boundall use INADDR_ANY. - if 3428 * boundspecific do source address selection. - set fragmentation 3429 * option for ipV4. - On return from IP output, check/adjust mtu 3430 * size of output interface and smallest_mtu size as well. 3431 */ 3432 /* Will need ifdefs around this */ 3433 struct mbuf *o_pak; 3434 struct mbuf *newm; 3435 struct sctphdr *sctphdr; 3436 int packet_length; 3437 int ret; 3438 uint32_t vrf_id; 3439 sctp_route_t *ro = NULL; 3440 struct udphdr *udp = NULL; 3441 3442#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3443 struct socket *so = NULL; 3444 3445#endif 3446 3447 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 3448 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 3449 sctp_m_freem(m); 3450 return (EFAULT); 3451 } 3452 if (stcb) { 3453 vrf_id = stcb->asoc.vrf_id; 3454 } else { 3455 vrf_id = inp->def_vrf_id; 3456 } 3457 3458 /* fill in the HMAC digest for any AUTH chunk in the packet */ 3459 if ((auth != NULL) && (stcb != NULL)) { 3460 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid); 3461 } 3462 if (to->sa_family == AF_INET) { 3463 struct ip *ip = NULL; 3464 sctp_route_t iproute; 3465 uint8_t tos_value; 3466 int len; 3467 3468 len = sizeof(struct ip) + sizeof(struct sctphdr); 3469 if (port) { 3470 len += sizeof(struct udphdr); 3471 } 3472 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA); 3473 if (newm == NULL) { 3474 sctp_m_freem(m); 3475 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3476 return (ENOMEM); 3477 } 3478 SCTP_ALIGN_TO_END(newm, len); 3479 SCTP_BUF_LEN(newm) = len; 3480 SCTP_BUF_NEXT(newm) = m; 3481 m = newm; 3482 packet_length = sctp_calculate_len(m); 3483 ip = mtod(m, struct ip *); 3484 ip->ip_v = IPVERSION; 3485 ip->ip_hl = (sizeof(struct ip) >> 2); 3486 if (net) { 3487 tos_value = net->tos_flowlabel & 0x000000ff; 3488 } else { 3489 tos_value = inp->ip_inp.inp.inp_ip_tos; 3490 } 3491 if ((nofragment_flag) && (port == 0)) { 3492 ip->ip_off = IP_DF; 3493 } else 3494 ip->ip_off = 0; 3495 3496 /* FreeBSD has a function for ip_id's */ 3497 ip->ip_id = ip_newid(); 3498 3499 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; 3500 ip->ip_len = packet_length; 3501 if (stcb) { 3502 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 3503 /* Enable ECN */ 3504 ip->ip_tos = ((u_char)(tos_value & 0xfc) | sctp_get_ect(stcb, chk)); 3505 } else { 3506 /* No ECN */ 3507 ip->ip_tos = (u_char)(tos_value & 0xfc); 3508 } 3509 } else { 3510 /* no association at all */ 3511 ip->ip_tos = (tos_value & 0xfc); 3512 } 3513 if (port) { 3514 ip->ip_p = IPPROTO_UDP; 3515 } else { 3516 ip->ip_p = IPPROTO_SCTP; 3517 } 3518 ip->ip_sum = 0; 3519 if (net == NULL) { 3520 ro = &iproute; 3521 memset(&iproute, 0, sizeof(iproute)); 3522 memcpy(&ro->ro_dst, to, to->sa_len); 3523 } else { 3524 ro = (sctp_route_t *) & net->ro; 3525 } 3526 /* Now the address selection part */ 3527 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr; 3528 3529 /* call the routine to select the src address */ 3530 if (net && out_of_asoc_ok == 0) { 3531 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 3532 sctp_free_ifa(net->ro._s_addr); 3533 net->ro._s_addr = NULL; 3534 net->src_addr_selected = 0; 3535 if (ro->ro_rt) { 3536 RTFREE(ro->ro_rt); 3537 ro->ro_rt = NULL; 3538 } 3539 } 3540 if (net->src_addr_selected == 0) { 3541 /* Cache the source address */ 3542 net->ro._s_addr = sctp_source_address_selection(inp, stcb, 3543 ro, net, 0, 3544 vrf_id); 3545 net->src_addr_selected = 1; 3546 } 3547 if (net->ro._s_addr == NULL) { 3548 /* No route to host */ 3549 net->src_addr_selected = 0; 3550 goto no_route; 3551 } 3552 ip->ip_src = net->ro._s_addr->address.sin.sin_addr; 3553 } else { 3554 if (over_addr == NULL) { 3555 struct sctp_ifa *_lsrc; 3556 3557 _lsrc = sctp_source_address_selection(inp, stcb, ro, 3558 net, 3559 out_of_asoc_ok, 3560 vrf_id); 3561 if (_lsrc == NULL) { 3562 goto no_route; 3563 } 3564 ip->ip_src = _lsrc->address.sin.sin_addr; 3565 sctp_free_ifa(_lsrc); 3566 } else { 3567 ip->ip_src = over_addr->sin.sin_addr; 3568 SCTP_RTALLOC(ro, vrf_id); 3569 } 3570 } 3571 if (port) { 3572 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip)); 3573 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 3574 udp->uh_dport = port; 3575 udp->uh_ulen = htons(packet_length - sizeof(struct ip)); 3576 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 3577 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 3578 } else { 3579 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip)); 3580 } 3581 3582 sctphdr->src_port = src_port; 3583 sctphdr->dest_port = dest_port; 3584 sctphdr->v_tag = v_tag; 3585 sctphdr->checksum = 0; 3586 3587 /* 3588 * If source address selection fails and we find no route 3589 * then the ip_output should fail as well with a 3590 * NO_ROUTE_TO_HOST type error. We probably should catch 3591 * that somewhere and abort the association right away 3592 * (assuming this is an INIT being sent). 3593 */ 3594 if ((ro->ro_rt == NULL)) { 3595 /* 3596 * src addr selection failed to find a route (or 3597 * valid source addr), so we can't get there from 3598 * here (yet)! 3599 */ 3600 no_route: 3601 SCTPDBG(SCTP_DEBUG_OUTPUT1, 3602 "%s: dropped packet - no valid source addr\n", 3603 __FUNCTION__); 3604 if (net) { 3605 SCTPDBG(SCTP_DEBUG_OUTPUT1, 3606 "Destination was "); 3607 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, 3608 &net->ro._l_addr.sa); 3609 if (net->dest_state & SCTP_ADDR_CONFIRMED) { 3610 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) { 3611 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", net); 3612 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 3613 stcb, 3614 SCTP_FAILED_THRESHOLD, 3615 (void *)net, 3616 so_locked); 3617 net->dest_state &= ~SCTP_ADDR_REACHABLE; 3618 net->dest_state |= SCTP_ADDR_NOT_REACHABLE; 3619 /* 3620 * JRS 5/14/07 - If a 3621 * destination is 3622 * unreachable, the PF bit 3623 * is turned off. This 3624 * allows an unambiguous use 3625 * of the PF bit for 3626 * destinations that are 3627 * reachable but potentially 3628 * failed. If the 3629 * destination is set to the 3630 * unreachable state, also 3631 * set the destination to 3632 * the PF state. 3633 */ 3634 /* 3635 * Add debug message here if 3636 * destination is not in PF 3637 * state. 3638 */ 3639 /* 3640 * Stop any running T3 3641 * timers here? 3642 */ 3643 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_pf)) { 3644 net->dest_state &= ~SCTP_ADDR_PF; 3645 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination %p moved from PF to unreachable.\n", 3646 net); 3647 } 3648 } 3649 } 3650 if (stcb) { 3651 if (net == stcb->asoc.primary_destination) { 3652 /* need a new primary */ 3653 struct sctp_nets *alt; 3654 3655 alt = sctp_find_alternate_net(stcb, net, 0); 3656 if (alt != net) { 3657 if (sctp_set_primary_addr(stcb, 3658 (struct sockaddr *)NULL, 3659 alt) == 0) { 3660 net->dest_state |= SCTP_ADDR_WAS_PRIMARY; 3661 if (net->ro._s_addr) { 3662 sctp_free_ifa(net->ro._s_addr); 3663 net->ro._s_addr = NULL; 3664 } 3665 net->src_addr_selected = 0; 3666 } 3667 } 3668 } 3669 } 3670 } 3671 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 3672 sctp_m_freem(m); 3673 return (EHOSTUNREACH); 3674 } 3675 if (ro != &iproute) { 3676 memcpy(&iproute, ro, sizeof(*ro)); 3677 } 3678 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n", 3679 (uint32_t) (ntohl(ip->ip_src.s_addr))); 3680 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n", 3681 (uint32_t) (ntohl(ip->ip_dst.s_addr))); 3682 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n", 3683 ro->ro_rt); 3684 3685 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 3686 /* failed to prepend data, give up */ 3687 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3688 sctp_m_freem(m); 3689 return (ENOMEM); 3690 } 3691#ifdef SCTP_PACKET_LOGGING 3692 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 3693 sctp_packet_log(m, packet_length); 3694#endif 3695 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 3696 if (port) { 3697 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 3698 (stcb) && 3699 (stcb->asoc.loopback_scope))) { 3700 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr)); 3701 SCTP_STAT_INCR(sctps_sendswcrc); 3702 } else { 3703 SCTP_STAT_INCR(sctps_sendnocrc); 3704 } 3705 SCTP_ENABLE_UDP_CSUM(o_pak); 3706 } else { 3707 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 3708 (stcb) && 3709 (stcb->asoc.loopback_scope))) { 3710 m->m_pkthdr.csum_flags = CSUM_SCTP; 3711 m->m_pkthdr.csum_data = 0; 3712 SCTP_STAT_INCR(sctps_sendhwcrc); 3713 } else { 3714 SCTP_STAT_INCR(sctps_sendnocrc); 3715 } 3716 } 3717 /* send it out. table id is taken from stcb */ 3718#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3719 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 3720 so = SCTP_INP_SO(inp); 3721 SCTP_SOCKET_UNLOCK(so, 0); 3722 } 3723#endif 3724 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id); 3725#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3726 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 3727 atomic_add_int(&stcb->asoc.refcnt, 1); 3728 SCTP_TCB_UNLOCK(stcb); 3729 SCTP_SOCKET_LOCK(so, 0); 3730 SCTP_TCB_LOCK(stcb); 3731 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3732 } 3733#endif 3734 SCTP_STAT_INCR(sctps_sendpackets); 3735 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 3736 if (ret) 3737 SCTP_STAT_INCR(sctps_senderrors); 3738 3739 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret); 3740 if (net == NULL) { 3741 /* free tempy routes */ 3742 if (ro->ro_rt) { 3743 RTFREE(ro->ro_rt); 3744 ro->ro_rt = NULL; 3745 } 3746 } else { 3747 /* PMTU check versus smallest asoc MTU goes here */ 3748 if ((ro->ro_rt != NULL) && 3749 (net->ro._s_addr)) { 3750 uint32_t mtu; 3751 3752 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 3753 if (net->port) { 3754 mtu -= sizeof(struct udphdr); 3755 } 3756 if (mtu && (stcb->asoc.smallest_mtu > mtu)) { 3757#ifdef SCTP_PRINT_FOR_B_AND_M 3758 SCTP_PRINTF("sctp_mtu_size_reset called after ip_output mtu-change:%d\n", mtu); 3759#endif 3760 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 3761 net->mtu = mtu; 3762 } 3763 } else if (ro->ro_rt == NULL) { 3764 /* route was freed */ 3765 if (net->ro._s_addr && 3766 net->src_addr_selected) { 3767 sctp_free_ifa(net->ro._s_addr); 3768 net->ro._s_addr = NULL; 3769 } 3770 net->src_addr_selected = 0; 3771 } 3772 } 3773 return (ret); 3774 } 3775#ifdef INET6 3776 else if (to->sa_family == AF_INET6) { 3777 uint32_t flowlabel; 3778 struct ip6_hdr *ip6h; 3779 struct route_in6 ip6route; 3780 struct ifnet *ifp; 3781 u_char flowTop; 3782 uint16_t flowBottom; 3783 u_char tosBottom, tosTop; 3784 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 3785 int prev_scope = 0; 3786 struct sockaddr_in6 lsa6_storage; 3787 int error; 3788 u_short prev_port = 0; 3789 int len; 3790 3791 if (net != NULL) { 3792 flowlabel = net->tos_flowlabel; 3793 } else { 3794 flowlabel = ((struct in6pcb *)inp)->in6p_flowinfo; 3795 } 3796 3797 len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr); 3798 if (port) { 3799 len += sizeof(struct udphdr); 3800 } 3801 newm = sctp_get_mbuf_for_msg(len, 1, M_DONTWAIT, 1, MT_DATA); 3802 if (newm == NULL) { 3803 sctp_m_freem(m); 3804 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3805 return (ENOMEM); 3806 } 3807 SCTP_ALIGN_TO_END(newm, len); 3808 SCTP_BUF_LEN(newm) = len; 3809 SCTP_BUF_NEXT(newm) = m; 3810 m = newm; 3811 packet_length = sctp_calculate_len(m); 3812 3813 ip6h = mtod(m, struct ip6_hdr *); 3814 /* 3815 * We assume here that inp_flow is in host byte order within 3816 * the TCB! 3817 */ 3818 flowBottom = flowlabel & 0x0000ffff; 3819 flowTop = ((flowlabel & 0x000f0000) >> 16); 3820 tosTop = (((flowlabel & 0xf0) >> 4) | IPV6_VERSION); 3821 /* protect *sin6 from overwrite */ 3822 sin6 = (struct sockaddr_in6 *)to; 3823 tmp = *sin6; 3824 sin6 = &tmp; 3825 3826 /* KAME hack: embed scopeid */ 3827 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3828 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3829 return (EINVAL); 3830 } 3831 if (net == NULL) { 3832 memset(&ip6route, 0, sizeof(ip6route)); 3833 ro = (sctp_route_t *) & ip6route; 3834 memcpy(&ro->ro_dst, sin6, sin6->sin6_len); 3835 } else { 3836 ro = (sctp_route_t *) & net->ro; 3837 } 3838 if (stcb != NULL) { 3839 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 3840 /* Enable ECN */ 3841 tosBottom = (((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) | sctp_get_ect(stcb, chk)) << 4); 3842 } else { 3843 /* No ECN */ 3844 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 3845 } 3846 } else { 3847 /* we could get no asoc if it is a O-O-T-B packet */ 3848 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 3849 } 3850 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom | flowTop) << 16) | flowBottom)); 3851 if (port) { 3852 ip6h->ip6_nxt = IPPROTO_UDP; 3853 } else { 3854 ip6h->ip6_nxt = IPPROTO_SCTP; 3855 } 3856 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr)); 3857 ip6h->ip6_dst = sin6->sin6_addr; 3858 3859 /* 3860 * Add SRC address selection here: we can only reuse to a 3861 * limited degree the kame src-addr-sel, since we can try 3862 * their selection but it may not be bound. 3863 */ 3864 bzero(&lsa6_tmp, sizeof(lsa6_tmp)); 3865 lsa6_tmp.sin6_family = AF_INET6; 3866 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 3867 lsa6 = &lsa6_tmp; 3868 if (net && out_of_asoc_ok == 0) { 3869 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 3870 sctp_free_ifa(net->ro._s_addr); 3871 net->ro._s_addr = NULL; 3872 net->src_addr_selected = 0; 3873 if (ro->ro_rt) { 3874 RTFREE(ro->ro_rt); 3875 ro->ro_rt = NULL; 3876 } 3877 } 3878 if (net->src_addr_selected == 0) { 3879 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3880 /* KAME hack: embed scopeid */ 3881 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3882 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3883 return (EINVAL); 3884 } 3885 /* Cache the source address */ 3886 net->ro._s_addr = sctp_source_address_selection(inp, 3887 stcb, 3888 ro, 3889 net, 3890 0, 3891 vrf_id); 3892 (void)sa6_recoverscope(sin6); 3893 net->src_addr_selected = 1; 3894 } 3895 if (net->ro._s_addr == NULL) { 3896 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n"); 3897 net->src_addr_selected = 0; 3898 goto no_route; 3899 } 3900 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr; 3901 } else { 3902 sin6 = (struct sockaddr_in6 *)&ro->ro_dst; 3903 /* KAME hack: embed scopeid */ 3904 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3905 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 3906 return (EINVAL); 3907 } 3908 if (over_addr == NULL) { 3909 struct sctp_ifa *_lsrc; 3910 3911 _lsrc = sctp_source_address_selection(inp, stcb, ro, 3912 net, 3913 out_of_asoc_ok, 3914 vrf_id); 3915 if (_lsrc == NULL) { 3916 goto no_route; 3917 } 3918 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr; 3919 sctp_free_ifa(_lsrc); 3920 } else { 3921 lsa6->sin6_addr = over_addr->sin6.sin6_addr; 3922 SCTP_RTALLOC(ro, vrf_id); 3923 } 3924 (void)sa6_recoverscope(sin6); 3925 } 3926 lsa6->sin6_port = inp->sctp_lport; 3927 3928 if (ro->ro_rt == NULL) { 3929 /* 3930 * src addr selection failed to find a route (or 3931 * valid source addr), so we can't get there from 3932 * here! 3933 */ 3934 goto no_route; 3935 } 3936 /* 3937 * XXX: sa6 may not have a valid sin6_scope_id in the 3938 * non-SCOPEDROUTING case. 3939 */ 3940 bzero(&lsa6_storage, sizeof(lsa6_storage)); 3941 lsa6_storage.sin6_family = AF_INET6; 3942 lsa6_storage.sin6_len = sizeof(lsa6_storage); 3943 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3944 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) { 3945 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error); 3946 sctp_m_freem(m); 3947 return (error); 3948 } 3949 /* XXX */ 3950 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3951 lsa6_storage.sin6_port = inp->sctp_lport; 3952 lsa6 = &lsa6_storage; 3953 ip6h->ip6_src = lsa6->sin6_addr; 3954 3955 if (port) { 3956 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 3957 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 3958 udp->uh_dport = port; 3959 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr)); 3960 udp->uh_sum = 0; 3961 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 3962 } else { 3963 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 3964 } 3965 3966 sctphdr->src_port = src_port; 3967 sctphdr->dest_port = dest_port; 3968 sctphdr->v_tag = v_tag; 3969 sctphdr->checksum = 0; 3970 3971 /* 3972 * We set the hop limit now since there is a good chance 3973 * that our ro pointer is now filled 3974 */ 3975 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro); 3976 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 3977 3978#ifdef SCTP_DEBUG 3979 /* Copy to be sure something bad is not happening */ 3980 sin6->sin6_addr = ip6h->ip6_dst; 3981 lsa6->sin6_addr = ip6h->ip6_src; 3982#endif 3983 3984 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n"); 3985 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: "); 3986 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6); 3987 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: "); 3988 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6); 3989 if (net) { 3990 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3991 /* preserve the port and scope for link local send */ 3992 prev_scope = sin6->sin6_scope_id; 3993 prev_port = sin6->sin6_port; 3994 } 3995 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 3996 /* failed to prepend data, give up */ 3997 sctp_m_freem(m); 3998 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 3999 return (ENOMEM); 4000 } 4001#ifdef SCTP_PACKET_LOGGING 4002 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4003 sctp_packet_log(m, packet_length); 4004#endif 4005 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4006 if (port) { 4007 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4008 (stcb) && 4009 (stcb->asoc.loopback_scope))) { 4010 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 4011 SCTP_STAT_INCR(sctps_sendswcrc); 4012 } else { 4013 SCTP_STAT_INCR(sctps_sendnocrc); 4014 } 4015 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) { 4016 udp->uh_sum = 0xffff; 4017 } 4018 } else { 4019 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4020 (stcb) && 4021 (stcb->asoc.loopback_scope))) { 4022 m->m_pkthdr.csum_flags = CSUM_SCTP; 4023 m->m_pkthdr.csum_data = 0; 4024 SCTP_STAT_INCR(sctps_sendhwcrc); 4025 } else { 4026 SCTP_STAT_INCR(sctps_sendnocrc); 4027 } 4028 } 4029 /* send it out. table id is taken from stcb */ 4030#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4031 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4032 so = SCTP_INP_SO(inp); 4033 SCTP_SOCKET_UNLOCK(so, 0); 4034 } 4035#endif 4036 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id); 4037#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4038 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4039 atomic_add_int(&stcb->asoc.refcnt, 1); 4040 SCTP_TCB_UNLOCK(stcb); 4041 SCTP_SOCKET_LOCK(so, 0); 4042 SCTP_TCB_LOCK(stcb); 4043 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4044 } 4045#endif 4046 if (net) { 4047 /* for link local this must be done */ 4048 sin6->sin6_scope_id = prev_scope; 4049 sin6->sin6_port = prev_port; 4050 } 4051 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret); 4052 SCTP_STAT_INCR(sctps_sendpackets); 4053 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4054 if (ret) { 4055 SCTP_STAT_INCR(sctps_senderrors); 4056 } 4057 if (net == NULL) { 4058 /* Now if we had a temp route free it */ 4059 if (ro->ro_rt) { 4060 RTFREE(ro->ro_rt); 4061 } 4062 } else { 4063 /* PMTU check versus smallest asoc MTU goes here */ 4064 if (ro->ro_rt == NULL) { 4065 /* Route was freed */ 4066 if (net->ro._s_addr && 4067 net->src_addr_selected) { 4068 sctp_free_ifa(net->ro._s_addr); 4069 net->ro._s_addr = NULL; 4070 } 4071 net->src_addr_selected = 0; 4072 } 4073 if ((ro->ro_rt != NULL) && 4074 (net->ro._s_addr)) { 4075 uint32_t mtu; 4076 4077 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4078 if (mtu && 4079 (stcb->asoc.smallest_mtu > mtu)) { 4080#ifdef SCTP_PRINT_FOR_B_AND_M 4081 SCTP_PRINTF("sctp_mtu_size_reset called after ip6_output mtu-change:%d\n", 4082 mtu); 4083#endif 4084 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4085 net->mtu = mtu; 4086 if (net->port) { 4087 net->mtu -= sizeof(struct udphdr); 4088 } 4089 } 4090 } else if (ifp) { 4091 if (ND_IFINFO(ifp)->linkmtu && 4092 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 4093#ifdef SCTP_PRINT_FOR_B_AND_M 4094 SCTP_PRINTF("sctp_mtu_size_reset called via ifp ND_IFINFO() linkmtu:%d\n", 4095 ND_IFINFO(ifp)->linkmtu); 4096#endif 4097 sctp_mtu_size_reset(inp, 4098 &stcb->asoc, 4099 ND_IFINFO(ifp)->linkmtu); 4100 } 4101 } 4102 } 4103 return (ret); 4104 } 4105#endif 4106 else { 4107 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 4108 ((struct sockaddr *)to)->sa_family); 4109 sctp_m_freem(m); 4110 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 4111 return (EFAULT); 4112 } 4113} 4114 4115 4116void 4117sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked 4118#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4119 SCTP_UNUSED 4120#endif 4121) 4122{ 4123 struct mbuf *m, *m_at, *mp_last; 4124 struct sctp_nets *net; 4125 struct sctp_init_chunk *init; 4126 struct sctp_supported_addr_param *sup_addr; 4127 struct sctp_adaptation_layer_indication *ali; 4128 struct sctp_ecn_supported_param *ecn; 4129 struct sctp_prsctp_supported_param *prsctp; 4130 struct sctp_ecn_nonce_supported_param *ecn_nonce; 4131 struct sctp_supported_chunk_types_param *pr_supported; 4132 int cnt_inits_to = 0; 4133 int padval, ret; 4134 int num_ext; 4135 int p_len; 4136 4137 /* INIT's always go to the primary (and usually ONLY address) */ 4138 mp_last = NULL; 4139 net = stcb->asoc.primary_destination; 4140 if (net == NULL) { 4141 net = TAILQ_FIRST(&stcb->asoc.nets); 4142 if (net == NULL) { 4143 /* TSNH */ 4144 return; 4145 } 4146 /* we confirm any address we send an INIT to */ 4147 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4148 (void)sctp_set_primary_addr(stcb, NULL, net); 4149 } else { 4150 /* we confirm any address we send an INIT to */ 4151 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4152 } 4153 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n"); 4154#ifdef INET6 4155 if (((struct sockaddr *)&(net->ro._l_addr))->sa_family == AF_INET6) { 4156 /* 4157 * special hook, if we are sending to link local it will not 4158 * show up in our private address count. 4159 */ 4160 struct sockaddr_in6 *sin6l; 4161 4162 sin6l = &net->ro._l_addr.sin6; 4163 if (IN6_IS_ADDR_LINKLOCAL(&sin6l->sin6_addr)) 4164 cnt_inits_to = 1; 4165 } 4166#endif 4167 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 4168 /* This case should not happen */ 4169 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n"); 4170 return; 4171 } 4172 /* start the INIT timer */ 4173 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 4174 4175 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA); 4176 if (m == NULL) { 4177 /* No memory, INIT timer will re-attempt. */ 4178 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n"); 4179 return; 4180 } 4181 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); 4182 /* 4183 * assume peer supports asconf in order to be able to queue local 4184 * address changes while an INIT is in flight and before the assoc 4185 * is established. 4186 */ 4187 stcb->asoc.peer_supports_asconf = 1; 4188 /* Now lets put the SCTP header in place */ 4189 init = mtod(m, struct sctp_init_chunk *); 4190 /* now the chunk header */ 4191 init->ch.chunk_type = SCTP_INITIATION; 4192 init->ch.chunk_flags = 0; 4193 /* fill in later from mbuf we build */ 4194 init->ch.chunk_length = 0; 4195 /* place in my tag */ 4196 init->init.initiate_tag = htonl(stcb->asoc.my_vtag); 4197 /* set up some of the credits. */ 4198 init->init.a_rwnd = htonl(max(inp->sctp_socket ? SCTP_SB_LIMIT_RCV(inp->sctp_socket) : 0, 4199 SCTP_MINIMAL_RWND)); 4200 4201 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 4202 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 4203 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number); 4204 /* now the address restriction */ 4205 sup_addr = (struct sctp_supported_addr_param *)((caddr_t)init + 4206 sizeof(*init)); 4207 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 4208#ifdef INET6 4209 /* we support 2 types: IPv6/IPv4 */ 4210 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint16_t)); 4211 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 4212 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS); 4213#else 4214 /* we support 1 type: IPv4 */ 4215 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + sizeof(uint8_t)); 4216 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 4217 sup_addr->addr_type[1] = htons(0); /* this is the padding */ 4218#endif 4219 SCTP_BUF_LEN(m) += sizeof(*sup_addr) + sizeof(uint16_t); 4220 /* adaptation layer indication parameter */ 4221 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t)); 4222 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 4223 ali->ph.param_length = htons(sizeof(*ali)); 4224 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 4225 SCTP_BUF_LEN(m) += sizeof(*ali); 4226 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali)); 4227 4228 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) { 4229 /* Add NAT friendly parameter */ 4230 struct sctp_paramhdr *ph; 4231 4232 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4233 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 4234 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 4235 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr); 4236 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ph + sizeof(*ph)); 4237 } 4238 /* now any cookie time extensions */ 4239 if (stcb->asoc.cookie_preserve_req) { 4240 struct sctp_cookie_perserve_param *cookie_preserve; 4241 4242 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn); 4243 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 4244 cookie_preserve->ph.param_length = htons( 4245 sizeof(*cookie_preserve)); 4246 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 4247 SCTP_BUF_LEN(m) += sizeof(*cookie_preserve); 4248 ecn = (struct sctp_ecn_supported_param *)( 4249 (caddr_t)cookie_preserve + sizeof(*cookie_preserve)); 4250 stcb->asoc.cookie_preserve_req = 0; 4251 } 4252 /* ECN parameter */ 4253 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) { 4254 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 4255 ecn->ph.param_length = htons(sizeof(*ecn)); 4256 SCTP_BUF_LEN(m) += sizeof(*ecn); 4257 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 4258 sizeof(*ecn)); 4259 } else { 4260 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 4261 } 4262 /* And now tell the peer we do pr-sctp */ 4263 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 4264 prsctp->ph.param_length = htons(sizeof(*prsctp)); 4265 SCTP_BUF_LEN(m) += sizeof(*prsctp); 4266 4267 /* And now tell the peer we do all the extensions */ 4268 pr_supported = (struct sctp_supported_chunk_types_param *) 4269 ((caddr_t)prsctp + sizeof(*prsctp)); 4270 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 4271 num_ext = 0; 4272 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 4273 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 4274 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 4275 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 4276 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 4277 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 4278 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 4279 } 4280 /* 4281 * EY if the initiator supports nr_sacks, need to report that to 4282 * responder in INIT chunk 4283 */ 4284 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) { 4285 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 4286 } 4287 p_len = sizeof(*pr_supported) + num_ext; 4288 pr_supported->ph.param_length = htons(p_len); 4289 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 4290 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4291 4292 4293 /* ECN nonce: And now tell the peer we support ECN nonce */ 4294 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) { 4295 ecn_nonce = (struct sctp_ecn_nonce_supported_param *) 4296 ((caddr_t)pr_supported + SCTP_SIZE32(p_len)); 4297 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 4298 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 4299 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce); 4300 } 4301 /* add authentication parameters */ 4302 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 4303 struct sctp_auth_random *randp; 4304 struct sctp_auth_hmac_algo *hmacs; 4305 struct sctp_auth_chunk_list *chunks; 4306 4307 /* attach RANDOM parameter, if available */ 4308 if (stcb->asoc.authinfo.random != NULL) { 4309 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4310 p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len; 4311 /* random key already contains the header */ 4312 bcopy(stcb->asoc.authinfo.random->key, randp, p_len); 4313 /* zero out any padding required */ 4314 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); 4315 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4316 } 4317 /* add HMAC_ALGO parameter */ 4318 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4319 p_len = sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 4320 (uint8_t *) hmacs->hmac_ids); 4321 if (p_len > 0) { 4322 p_len += sizeof(*hmacs); 4323 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 4324 hmacs->ph.param_length = htons(p_len); 4325 /* zero out any padding required */ 4326 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 4327 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4328 } 4329 /* add CHUNKS parameter */ 4330 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4331 p_len = sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, 4332 chunks->chunk_types); 4333 if (p_len > 0) { 4334 p_len += sizeof(*chunks); 4335 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 4336 chunks->ph.param_length = htons(p_len); 4337 /* zero out any padding required */ 4338 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 4339 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4340 } 4341 } 4342 m_at = m; 4343 /* now the addresses */ 4344 { 4345 struct sctp_scoping scp; 4346 4347 /* 4348 * To optimize this we could put the scoping stuff into a 4349 * structure and remove the individual uint8's from the 4350 * assoc structure. Then we could just sifa in the address 4351 * within the stcb.. but for now this is a quick hack to get 4352 * the address stuff teased apart. 4353 */ 4354 scp.ipv4_addr_legal = stcb->asoc.ipv4_addr_legal; 4355 scp.ipv6_addr_legal = stcb->asoc.ipv6_addr_legal; 4356 scp.loopback_scope = stcb->asoc.loopback_scope; 4357 scp.ipv4_local_scope = stcb->asoc.ipv4_local_scope; 4358 scp.local_scope = stcb->asoc.local_scope; 4359 scp.site_scope = stcb->asoc.site_scope; 4360 4361 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 4362 } 4363 4364 /* calulate the size and update pkt header and chunk header */ 4365 p_len = 0; 4366 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 4367 if (SCTP_BUF_NEXT(m_at) == NULL) 4368 mp_last = m_at; 4369 p_len += SCTP_BUF_LEN(m_at); 4370 } 4371 init->ch.chunk_length = htons(p_len); 4372 /* 4373 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 4374 * here since the timer will drive a retranmission. 4375 */ 4376 4377 /* I don't expect this to execute but we will be safe here */ 4378 padval = p_len % 4; 4379 if ((padval) && (mp_last)) { 4380 /* 4381 * The compiler worries that mp_last may not be set even 4382 * though I think it is impossible :-> however we add 4383 * mp_last here just in case. 4384 */ 4385 ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); 4386 if (ret) { 4387 /* Houston we have a problem, no space */ 4388 sctp_m_freem(m); 4389 return; 4390 } 4391 p_len += padval; 4392 } 4393 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n"); 4394 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 4395 (struct sockaddr *)&net->ro._l_addr, 4396 m, 0, NULL, 0, 0, 0, NULL, 0, 4397 inp->sctp_lport, stcb->rport, htonl(0), 4398 net->port, so_locked, NULL); 4399 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret); 4400 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 4401 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 4402} 4403 4404struct mbuf * 4405sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 4406 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly) 4407{ 4408 /* 4409 * Given a mbuf containing an INIT or INIT-ACK with the param_offset 4410 * being equal to the beginning of the params i.e. (iphlen + 4411 * sizeof(struct sctp_init_msg) parse through the parameters to the 4412 * end of the mbuf verifying that all parameters are known. 4413 * 4414 * For unknown parameters build and return a mbuf with 4415 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop 4416 * processing this chunk stop, and set *abort_processing to 1. 4417 * 4418 * By having param_offset be pre-set to where parameters begin it is 4419 * hoped that this routine may be reused in the future by new 4420 * features. 4421 */ 4422 struct sctp_paramhdr *phdr, params; 4423 4424 struct mbuf *mat, *op_err; 4425 char tempbuf[SCTP_PARAM_BUFFER_SIZE]; 4426 int at, limit, pad_needed; 4427 uint16_t ptype, plen, padded_size; 4428 int err_at; 4429 4430 *abort_processing = 0; 4431 mat = in_initpkt; 4432 err_at = 0; 4433 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 4434 at = param_offset; 4435 op_err = NULL; 4436 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n"); 4437 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4438 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 4439 ptype = ntohs(phdr->param_type); 4440 plen = ntohs(phdr->param_length); 4441 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) { 4442 /* wacked parameter */ 4443 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen); 4444 goto invalid_size; 4445 } 4446 limit -= SCTP_SIZE32(plen); 4447 /*- 4448 * All parameters for all chunks that we know/understand are 4449 * listed here. We process them other places and make 4450 * appropriate stop actions per the upper bits. However this 4451 * is the generic routine processor's can call to get back 4452 * an operr.. to either incorporate (init-ack) or send. 4453 */ 4454 padded_size = SCTP_SIZE32(plen); 4455 switch (ptype) { 4456 /* Param's with variable size */ 4457 case SCTP_HEARTBEAT_INFO: 4458 case SCTP_STATE_COOKIE: 4459 case SCTP_UNRECOG_PARAM: 4460 case SCTP_ERROR_CAUSE_IND: 4461 /* ok skip fwd */ 4462 at += padded_size; 4463 break; 4464 /* Param's with variable size within a range */ 4465 case SCTP_CHUNK_LIST: 4466 case SCTP_SUPPORTED_CHUNK_EXT: 4467 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) { 4468 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen); 4469 goto invalid_size; 4470 } 4471 at += padded_size; 4472 break; 4473 case SCTP_SUPPORTED_ADDRTYPE: 4474 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) { 4475 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen); 4476 goto invalid_size; 4477 } 4478 at += padded_size; 4479 break; 4480 case SCTP_RANDOM: 4481 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) { 4482 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen); 4483 goto invalid_size; 4484 } 4485 at += padded_size; 4486 break; 4487 case SCTP_SET_PRIM_ADDR: 4488 case SCTP_DEL_IP_ADDRESS: 4489 case SCTP_ADD_IP_ADDRESS: 4490 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) && 4491 (padded_size != sizeof(struct sctp_asconf_addr_param))) { 4492 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen); 4493 goto invalid_size; 4494 } 4495 at += padded_size; 4496 break; 4497 /* Param's with a fixed size */ 4498 case SCTP_IPV4_ADDRESS: 4499 if (padded_size != sizeof(struct sctp_ipv4addr_param)) { 4500 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen); 4501 goto invalid_size; 4502 } 4503 at += padded_size; 4504 break; 4505 case SCTP_IPV6_ADDRESS: 4506 if (padded_size != sizeof(struct sctp_ipv6addr_param)) { 4507 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen); 4508 goto invalid_size; 4509 } 4510 at += padded_size; 4511 break; 4512 case SCTP_COOKIE_PRESERVE: 4513 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) { 4514 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen); 4515 goto invalid_size; 4516 } 4517 at += padded_size; 4518 break; 4519 case SCTP_HAS_NAT_SUPPORT: 4520 *nat_friendly = 1; 4521 /* fall through */ 4522 case SCTP_ECN_NONCE_SUPPORTED: 4523 case SCTP_PRSCTP_SUPPORTED: 4524 4525 if (padded_size != sizeof(struct sctp_paramhdr)) { 4526 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecnnonce/prsctp/nat support %d\n", plen); 4527 goto invalid_size; 4528 } 4529 at += padded_size; 4530 break; 4531 case SCTP_ECN_CAPABLE: 4532 if (padded_size != sizeof(struct sctp_ecn_supported_param)) { 4533 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen); 4534 goto invalid_size; 4535 } 4536 at += padded_size; 4537 break; 4538 case SCTP_ULP_ADAPTATION: 4539 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) { 4540 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen); 4541 goto invalid_size; 4542 } 4543 at += padded_size; 4544 break; 4545 case SCTP_SUCCESS_REPORT: 4546 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) { 4547 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen); 4548 goto invalid_size; 4549 } 4550 at += padded_size; 4551 break; 4552 case SCTP_HOSTNAME_ADDRESS: 4553 { 4554 /* We can NOT handle HOST NAME addresses!! */ 4555 int l_len; 4556 4557 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n"); 4558 *abort_processing = 1; 4559 if (op_err == NULL) { 4560 /* Ok need to try to get a mbuf */ 4561#ifdef INET6 4562 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4563#else 4564 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4565#endif 4566 l_len += plen; 4567 l_len += sizeof(struct sctp_paramhdr); 4568 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4569 if (op_err) { 4570 SCTP_BUF_LEN(op_err) = 0; 4571 /* 4572 * pre-reserve space for ip 4573 * and sctp header and 4574 * chunk hdr 4575 */ 4576#ifdef INET6 4577 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4578#else 4579 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4580#endif 4581 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4582 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4583 } 4584 } 4585 if (op_err) { 4586 /* If we have space */ 4587 struct sctp_paramhdr s; 4588 4589 if (err_at % 4) { 4590 uint32_t cpthis = 0; 4591 4592 pad_needed = 4 - (err_at % 4); 4593 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4594 err_at += pad_needed; 4595 } 4596 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); 4597 s.param_length = htons(sizeof(s) + plen); 4598 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4599 err_at += sizeof(s); 4600 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 4601 if (phdr == NULL) { 4602 sctp_m_freem(op_err); 4603 /* 4604 * we are out of memory but 4605 * we still need to have a 4606 * look at what to do (the 4607 * system is in trouble 4608 * though). 4609 */ 4610 return (NULL); 4611 } 4612 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4613 err_at += plen; 4614 } 4615 return (op_err); 4616 break; 4617 } 4618 default: 4619 /* 4620 * we do not recognize the parameter figure out what 4621 * we do. 4622 */ 4623 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype); 4624 if ((ptype & 0x4000) == 0x4000) { 4625 /* Report bit is set?? */ 4626 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n"); 4627 if (op_err == NULL) { 4628 int l_len; 4629 4630 /* Ok need to try to get an mbuf */ 4631#ifdef INET6 4632 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4633#else 4634 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4635#endif 4636 l_len += plen; 4637 l_len += sizeof(struct sctp_paramhdr); 4638 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4639 if (op_err) { 4640 SCTP_BUF_LEN(op_err) = 0; 4641#ifdef INET6 4642 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4643#else 4644 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4645#endif 4646 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4647 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4648 } 4649 } 4650 if (op_err) { 4651 /* If we have space */ 4652 struct sctp_paramhdr s; 4653 4654 if (err_at % 4) { 4655 uint32_t cpthis = 0; 4656 4657 pad_needed = 4 - (err_at % 4); 4658 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4659 err_at += pad_needed; 4660 } 4661 s.param_type = htons(SCTP_UNRECOG_PARAM); 4662 s.param_length = htons(sizeof(s) + plen); 4663 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4664 err_at += sizeof(s); 4665 if (plen > sizeof(tempbuf)) { 4666 plen = sizeof(tempbuf); 4667 } 4668 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 4669 if (phdr == NULL) { 4670 sctp_m_freem(op_err); 4671 /* 4672 * we are out of memory but 4673 * we still need to have a 4674 * look at what to do (the 4675 * system is in trouble 4676 * though). 4677 */ 4678 op_err = NULL; 4679 goto more_processing; 4680 } 4681 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4682 err_at += plen; 4683 } 4684 } 4685 more_processing: 4686 if ((ptype & 0x8000) == 0x0000) { 4687 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n"); 4688 return (op_err); 4689 } else { 4690 /* skip this chunk and continue processing */ 4691 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n"); 4692 at += SCTP_SIZE32(plen); 4693 } 4694 break; 4695 4696 } 4697 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4698 } 4699 return (op_err); 4700invalid_size: 4701 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n"); 4702 *abort_processing = 1; 4703 if ((op_err == NULL) && phdr) { 4704 int l_len; 4705 4706#ifdef INET6 4707 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4708#else 4709 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4710#endif 4711 l_len += (2 * sizeof(struct sctp_paramhdr)); 4712 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4713 if (op_err) { 4714 SCTP_BUF_LEN(op_err) = 0; 4715#ifdef INET6 4716 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4717#else 4718 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 4719#endif 4720 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4721 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4722 } 4723 } 4724 if ((op_err) && phdr) { 4725 struct sctp_paramhdr s; 4726 4727 if (err_at % 4) { 4728 uint32_t cpthis = 0; 4729 4730 pad_needed = 4 - (err_at % 4); 4731 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4732 err_at += pad_needed; 4733 } 4734 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION); 4735 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr)); 4736 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4737 err_at += sizeof(s); 4738 /* Only copy back the p-hdr that caused the issue */ 4739 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr); 4740 } 4741 return (op_err); 4742} 4743 4744static int 4745sctp_are_there_new_addresses(struct sctp_association *asoc, 4746 struct mbuf *in_initpkt, int iphlen, int offset) 4747{ 4748 /* 4749 * Given a INIT packet, look through the packet to verify that there 4750 * are NO new addresses. As we go through the parameters add reports 4751 * of any un-understood parameters that require an error. Also we 4752 * must return (1) to drop the packet if we see a un-understood 4753 * parameter that tells us to drop the chunk. 4754 */ 4755 struct sockaddr_in sin4, *sa4; 4756 4757#ifdef INET6 4758 struct sockaddr_in6 sin6, *sa6; 4759 4760#endif 4761 struct sockaddr *sa_touse; 4762 struct sockaddr *sa; 4763 struct sctp_paramhdr *phdr, params; 4764 struct ip *iph; 4765 4766#ifdef INET6 4767 struct ip6_hdr *ip6h; 4768 4769#endif 4770 struct mbuf *mat; 4771 uint16_t ptype, plen; 4772 int err_at; 4773 uint8_t fnd; 4774 struct sctp_nets *net; 4775 4776 memset(&sin4, 0, sizeof(sin4)); 4777#ifdef INET6 4778 memset(&sin6, 0, sizeof(sin6)); 4779#endif 4780 sin4.sin_family = AF_INET; 4781 sin4.sin_len = sizeof(sin4); 4782#ifdef INET6 4783 sin6.sin6_family = AF_INET6; 4784 sin6.sin6_len = sizeof(sin6); 4785#endif 4786 sa_touse = NULL; 4787 /* First what about the src address of the pkt ? */ 4788 iph = mtod(in_initpkt, struct ip *); 4789 switch (iph->ip_v) { 4790 case IPVERSION: 4791 /* source addr is IPv4 */ 4792 sin4.sin_addr = iph->ip_src; 4793 sa_touse = (struct sockaddr *)&sin4; 4794 break; 4795#ifdef INET6 4796 case IPV6_VERSION >> 4: 4797 /* source addr is IPv6 */ 4798 ip6h = mtod(in_initpkt, struct ip6_hdr *); 4799 sin6.sin6_addr = ip6h->ip6_src; 4800 sa_touse = (struct sockaddr *)&sin6; 4801 break; 4802#endif 4803 default: 4804 return (1); 4805 } 4806 4807 fnd = 0; 4808 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4809 sa = (struct sockaddr *)&net->ro._l_addr; 4810 if (sa->sa_family == sa_touse->sa_family) { 4811 if (sa->sa_family == AF_INET) { 4812 sa4 = (struct sockaddr_in *)sa; 4813 if (sa4->sin_addr.s_addr == 4814 sin4.sin_addr.s_addr) { 4815 fnd = 1; 4816 break; 4817 } 4818 } 4819#ifdef INET6 4820 if (sa->sa_family == AF_INET6) { 4821 sa6 = (struct sockaddr_in6 *)sa; 4822 if (SCTP6_ARE_ADDR_EQUAL(sa6, 4823 &sin6)) { 4824 fnd = 1; 4825 break; 4826 } 4827 } 4828#endif 4829 } 4830 } 4831 if (fnd == 0) { 4832 /* New address added! no need to look futher. */ 4833 return (1); 4834 } 4835 /* Ok so far lets munge through the rest of the packet */ 4836 mat = in_initpkt; 4837 err_at = 0; 4838 sa_touse = NULL; 4839 offset += sizeof(struct sctp_init_chunk); 4840 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4841 while (phdr) { 4842 ptype = ntohs(phdr->param_type); 4843 plen = ntohs(phdr->param_length); 4844 if (ptype == SCTP_IPV4_ADDRESS) { 4845 struct sctp_ipv4addr_param *p4, p4_buf; 4846 4847 phdr = sctp_get_next_param(mat, offset, 4848 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 4849 if (plen != sizeof(struct sctp_ipv4addr_param) || 4850 phdr == NULL) { 4851 return (1); 4852 } 4853 p4 = (struct sctp_ipv4addr_param *)phdr; 4854 sin4.sin_addr.s_addr = p4->addr; 4855 sa_touse = (struct sockaddr *)&sin4; 4856 } else if (ptype == SCTP_IPV6_ADDRESS) { 4857 struct sctp_ipv6addr_param *p6, p6_buf; 4858 4859 phdr = sctp_get_next_param(mat, offset, 4860 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 4861 if (plen != sizeof(struct sctp_ipv6addr_param) || 4862 phdr == NULL) { 4863 return (1); 4864 } 4865 p6 = (struct sctp_ipv6addr_param *)phdr; 4866#ifdef INET6 4867 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 4868 sizeof(p6->addr)); 4869#endif 4870 sa_touse = (struct sockaddr *)&sin4; 4871 } 4872 if (sa_touse) { 4873 /* ok, sa_touse points to one to check */ 4874 fnd = 0; 4875 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4876 sa = (struct sockaddr *)&net->ro._l_addr; 4877 if (sa->sa_family != sa_touse->sa_family) { 4878 continue; 4879 } 4880 if (sa->sa_family == AF_INET) { 4881 sa4 = (struct sockaddr_in *)sa; 4882 if (sa4->sin_addr.s_addr == 4883 sin4.sin_addr.s_addr) { 4884 fnd = 1; 4885 break; 4886 } 4887 } 4888#ifdef INET6 4889 if (sa->sa_family == AF_INET6) { 4890 sa6 = (struct sockaddr_in6 *)sa; 4891 if (SCTP6_ARE_ADDR_EQUAL( 4892 sa6, &sin6)) { 4893 fnd = 1; 4894 break; 4895 } 4896 } 4897#endif 4898 } 4899 if (!fnd) { 4900 /* New addr added! no need to look further */ 4901 return (1); 4902 } 4903 } 4904 offset += SCTP_SIZE32(plen); 4905 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4906 } 4907 return (0); 4908} 4909 4910/* 4911 * Given a MBUF chain that was sent into us containing an INIT. Build a 4912 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done 4913 * a pullup to include IPv6/4header, SCTP header and initial part of INIT 4914 * message (i.e. the struct sctp_init_msg). 4915 */ 4916void 4917sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4918 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh, 4919 struct sctp_init_chunk *init_chk, uint32_t vrf_id, uint16_t port, int hold_inp_lock) 4920{ 4921 struct sctp_association *asoc; 4922 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *mp_last; 4923 struct sctp_init_ack_chunk *initack; 4924 struct sctp_adaptation_layer_indication *ali; 4925 struct sctp_ecn_supported_param *ecn; 4926 struct sctp_prsctp_supported_param *prsctp; 4927 struct sctp_ecn_nonce_supported_param *ecn_nonce; 4928 struct sctp_supported_chunk_types_param *pr_supported; 4929 union sctp_sockstore store, store1, *over_addr; 4930 struct sockaddr_in *sin, *to_sin; 4931 4932#ifdef INET6 4933 struct sockaddr_in6 *sin6, *to_sin6; 4934 4935#endif 4936 struct ip *iph; 4937 4938#ifdef INET6 4939 struct ip6_hdr *ip6; 4940 4941#endif 4942 struct sockaddr *to; 4943 struct sctp_state_cookie stc; 4944 struct sctp_nets *net = NULL; 4945 uint8_t *signature = NULL; 4946 int cnt_inits_to = 0; 4947 uint16_t his_limit, i_want; 4948 int abort_flag, padval; 4949 int num_ext; 4950 int p_len; 4951 int nat_friendly = 0; 4952 struct socket *so; 4953 4954 if (stcb) 4955 asoc = &stcb->asoc; 4956 else 4957 asoc = NULL; 4958 mp_last = NULL; 4959 if ((asoc != NULL) && 4960 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 4961 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) { 4962 /* new addresses, out of here in non-cookie-wait states */ 4963 /* 4964 * Send a ABORT, we don't add the new address error clause 4965 * though we even set the T bit and copy in the 0 tag.. this 4966 * looks no different than if no listener was present. 4967 */ 4968 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL, vrf_id, port); 4969 return; 4970 } 4971 abort_flag = 0; 4972 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 4973 (offset + sizeof(struct sctp_init_chunk)), 4974 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly); 4975 if (abort_flag) { 4976do_a_abort: 4977 sctp_send_abort(init_pkt, iphlen, sh, 4978 init_chk->init.initiate_tag, op_err, vrf_id, port); 4979 return; 4980 } 4981 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 4982 if (m == NULL) { 4983 /* No memory, INIT timer will re-attempt. */ 4984 if (op_err) 4985 sctp_m_freem(op_err); 4986 return; 4987 } 4988 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); 4989 4990 /* the time I built cookie */ 4991 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); 4992 4993 /* populate any tie tags */ 4994 if (asoc != NULL) { 4995 /* unlock before tag selections */ 4996 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 4997 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 4998 stc.cookie_life = asoc->cookie_life; 4999 net = asoc->primary_destination; 5000 } else { 5001 stc.tie_tag_my_vtag = 0; 5002 stc.tie_tag_peer_vtag = 0; 5003 /* life I will award this cookie */ 5004 stc.cookie_life = inp->sctp_ep.def_cookie_life; 5005 } 5006 5007 /* copy in the ports for later check */ 5008 stc.myport = sh->dest_port; 5009 stc.peerport = sh->src_port; 5010 5011 /* 5012 * If we wanted to honor cookie life extentions, we would add to 5013 * stc.cookie_life. For now we should NOT honor any extension 5014 */ 5015 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 5016 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5017 struct inpcb *in_inp; 5018 5019 /* Its a V6 socket */ 5020 in_inp = (struct inpcb *)inp; 5021 stc.ipv6_addr_legal = 1; 5022 /* Now look at the binding flag to see if V4 will be legal */ 5023 if (SCTP_IPV6_V6ONLY(in_inp) == 0) { 5024 stc.ipv4_addr_legal = 1; 5025 } else { 5026 /* V4 addresses are NOT legal on the association */ 5027 stc.ipv4_addr_legal = 0; 5028 } 5029 } else { 5030 /* Its a V4 socket, no - V6 */ 5031 stc.ipv4_addr_legal = 1; 5032 stc.ipv6_addr_legal = 0; 5033 } 5034 5035#ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 5036 stc.ipv4_scope = 1; 5037#else 5038 stc.ipv4_scope = 0; 5039#endif 5040 /* now for scope setup */ 5041 memset((caddr_t)&store, 0, sizeof(store)); 5042 memset((caddr_t)&store1, 0, sizeof(store1)); 5043 sin = &store.sin; 5044 to_sin = &store1.sin; 5045#ifdef INET6 5046 sin6 = &store.sin6; 5047 to_sin6 = &store1.sin6; 5048#endif 5049 iph = mtod(init_pkt, struct ip *); 5050 /* establish the to_addr's */ 5051 switch (iph->ip_v) { 5052 case IPVERSION: 5053 to_sin->sin_port = sh->dest_port; 5054 to_sin->sin_family = AF_INET; 5055 to_sin->sin_len = sizeof(struct sockaddr_in); 5056 to_sin->sin_addr = iph->ip_dst; 5057 break; 5058#ifdef INET6 5059 case IPV6_VERSION >> 4: 5060 ip6 = mtod(init_pkt, struct ip6_hdr *); 5061 to_sin6->sin6_addr = ip6->ip6_dst; 5062 to_sin6->sin6_scope_id = 0; 5063 to_sin6->sin6_port = sh->dest_port; 5064 to_sin6->sin6_family = AF_INET6; 5065 to_sin6->sin6_len = sizeof(struct sockaddr_in6); 5066 break; 5067#endif 5068 default: 5069 goto do_a_abort; 5070 break; 5071 }; 5072 5073 if (net == NULL) { 5074 to = (struct sockaddr *)&store; 5075 switch (iph->ip_v) { 5076 case IPVERSION: 5077 { 5078 sin->sin_family = AF_INET; 5079 sin->sin_len = sizeof(struct sockaddr_in); 5080 sin->sin_port = sh->src_port; 5081 sin->sin_addr = iph->ip_src; 5082 /* lookup address */ 5083 stc.address[0] = sin->sin_addr.s_addr; 5084 stc.address[1] = 0; 5085 stc.address[2] = 0; 5086 stc.address[3] = 0; 5087 stc.addr_type = SCTP_IPV4_ADDRESS; 5088 /* local from address */ 5089 stc.laddress[0] = to_sin->sin_addr.s_addr; 5090 stc.laddress[1] = 0; 5091 stc.laddress[2] = 0; 5092 stc.laddress[3] = 0; 5093 stc.laddr_type = SCTP_IPV4_ADDRESS; 5094 /* scope_id is only for v6 */ 5095 stc.scope_id = 0; 5096#ifndef SCTP_DONT_DO_PRIVADDR_SCOPE 5097 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 5098 stc.ipv4_scope = 1; 5099 } 5100#else 5101 stc.ipv4_scope = 1; 5102#endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 5103 /* Must use the address in this case */ 5104 if (sctp_is_address_on_local_host((struct sockaddr *)sin, vrf_id)) { 5105 stc.loopback_scope = 1; 5106 stc.ipv4_scope = 1; 5107 stc.site_scope = 1; 5108 stc.local_scope = 0; 5109 } 5110 break; 5111 } 5112#ifdef INET6 5113 case IPV6_VERSION >> 4: 5114 { 5115 ip6 = mtod(init_pkt, struct ip6_hdr *); 5116 sin6->sin6_family = AF_INET6; 5117 sin6->sin6_len = sizeof(struct sockaddr_in6); 5118 sin6->sin6_port = sh->src_port; 5119 sin6->sin6_addr = ip6->ip6_src; 5120 /* lookup address */ 5121 memcpy(&stc.address, &sin6->sin6_addr, 5122 sizeof(struct in6_addr)); 5123 sin6->sin6_scope_id = 0; 5124 stc.addr_type = SCTP_IPV6_ADDRESS; 5125 stc.scope_id = 0; 5126 if (sctp_is_address_on_local_host((struct sockaddr *)sin6, vrf_id)) { 5127 /* 5128 * FIX ME: does this have scope from 5129 * rcvif? 5130 */ 5131 (void)sa6_recoverscope(sin6); 5132 stc.scope_id = sin6->sin6_scope_id; 5133 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 5134 stc.loopback_scope = 1; 5135 stc.local_scope = 0; 5136 stc.site_scope = 1; 5137 stc.ipv4_scope = 1; 5138 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5139 /* 5140 * If the new destination is a 5141 * LINK_LOCAL we must have common 5142 * both site and local scope. Don't 5143 * set local scope though since we 5144 * must depend on the source to be 5145 * added implicitly. We cannot 5146 * assure just because we share one 5147 * link that all links are common. 5148 */ 5149 stc.local_scope = 0; 5150 stc.site_scope = 1; 5151 stc.ipv4_scope = 1; 5152 /* 5153 * we start counting for the private 5154 * address stuff at 1. since the 5155 * link local we source from won't 5156 * show up in our scoped count. 5157 */ 5158 cnt_inits_to = 1; 5159 /* 5160 * pull out the scope_id from 5161 * incoming pkt 5162 */ 5163 /* 5164 * FIX ME: does this have scope from 5165 * rcvif? 5166 */ 5167 (void)sa6_recoverscope(sin6); 5168 stc.scope_id = sin6->sin6_scope_id; 5169 sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 5170 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 5171 /* 5172 * If the new destination is 5173 * SITE_LOCAL then we must have site 5174 * scope in common. 5175 */ 5176 stc.site_scope = 1; 5177 } 5178 memcpy(&stc.laddress, &to_sin6->sin6_addr, sizeof(struct in6_addr)); 5179 stc.laddr_type = SCTP_IPV6_ADDRESS; 5180 break; 5181 } 5182#endif 5183 default: 5184 /* TSNH */ 5185 goto do_a_abort; 5186 break; 5187 } 5188 } else { 5189 /* set the scope per the existing tcb */ 5190 5191#ifdef INET6 5192 struct sctp_nets *lnet; 5193 5194#endif 5195 5196 stc.loopback_scope = asoc->loopback_scope; 5197 stc.ipv4_scope = asoc->ipv4_local_scope; 5198 stc.site_scope = asoc->site_scope; 5199 stc.local_scope = asoc->local_scope; 5200#ifdef INET6 5201 /* Why do we not consider IPv4 LL addresses? */ 5202 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 5203 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) { 5204 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) { 5205 /* 5206 * if we have a LL address, start 5207 * counting at 1. 5208 */ 5209 cnt_inits_to = 1; 5210 } 5211 } 5212 } 5213#endif 5214 /* use the net pointer */ 5215 to = (struct sockaddr *)&net->ro._l_addr; 5216 switch (to->sa_family) { 5217 case AF_INET: 5218 sin = (struct sockaddr_in *)to; 5219 stc.address[0] = sin->sin_addr.s_addr; 5220 stc.address[1] = 0; 5221 stc.address[2] = 0; 5222 stc.address[3] = 0; 5223 stc.addr_type = SCTP_IPV4_ADDRESS; 5224 if (net->src_addr_selected == 0) { 5225 /* 5226 * strange case here, the INIT should have 5227 * did the selection. 5228 */ 5229 net->ro._s_addr = sctp_source_address_selection(inp, 5230 stcb, (sctp_route_t *) & net->ro, 5231 net, 0, vrf_id); 5232 if (net->ro._s_addr == NULL) 5233 return; 5234 5235 net->src_addr_selected = 1; 5236 5237 } 5238 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr; 5239 stc.laddress[1] = 0; 5240 stc.laddress[2] = 0; 5241 stc.laddress[3] = 0; 5242 stc.laddr_type = SCTP_IPV4_ADDRESS; 5243 break; 5244#ifdef INET6 5245 case AF_INET6: 5246 sin6 = (struct sockaddr_in6 *)to; 5247 memcpy(&stc.address, &sin6->sin6_addr, 5248 sizeof(struct in6_addr)); 5249 stc.addr_type = SCTP_IPV6_ADDRESS; 5250 if (net->src_addr_selected == 0) { 5251 /* 5252 * strange case here, the INIT should have 5253 * did the selection. 5254 */ 5255 net->ro._s_addr = sctp_source_address_selection(inp, 5256 stcb, (sctp_route_t *) & net->ro, 5257 net, 0, vrf_id); 5258 if (net->ro._s_addr == NULL) 5259 return; 5260 5261 net->src_addr_selected = 1; 5262 } 5263 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr, 5264 sizeof(struct in6_addr)); 5265 stc.laddr_type = SCTP_IPV6_ADDRESS; 5266 break; 5267#endif 5268 } 5269 } 5270 /* Now lets put the SCTP header in place */ 5271 initack = mtod(m, struct sctp_init_ack_chunk *); 5272 /* Save it off for quick ref */ 5273 stc.peers_vtag = init_chk->init.initiate_tag; 5274 /* who are we */ 5275 memcpy(stc.identification, SCTP_VERSION_STRING, 5276 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 5277 /* now the chunk header */ 5278 initack->ch.chunk_type = SCTP_INITIATION_ACK; 5279 initack->ch.chunk_flags = 0; 5280 /* fill in later from mbuf we build */ 5281 initack->ch.chunk_length = 0; 5282 /* place in my tag */ 5283 if ((asoc != NULL) && 5284 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 5285 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) || 5286 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 5287 /* re-use the v-tags and init-seq here */ 5288 initack->init.initiate_tag = htonl(asoc->my_vtag); 5289 initack->init.initial_tsn = htonl(asoc->init_seq_number); 5290 } else { 5291 uint32_t vtag, itsn; 5292 5293 if (hold_inp_lock) { 5294 SCTP_INP_INCR_REF(inp); 5295 SCTP_INP_RUNLOCK(inp); 5296 } 5297 if (asoc) { 5298 atomic_add_int(&asoc->refcnt, 1); 5299 SCTP_TCB_UNLOCK(stcb); 5300 new_tag: 5301 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5302 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) { 5303 /* 5304 * Got a duplicate vtag on some guy behind a 5305 * nat make sure we don't use it. 5306 */ 5307 goto new_tag; 5308 } 5309 initack->init.initiate_tag = htonl(vtag); 5310 /* get a TSN to use too */ 5311 itsn = sctp_select_initial_TSN(&inp->sctp_ep); 5312 initack->init.initial_tsn = htonl(itsn); 5313 SCTP_TCB_LOCK(stcb); 5314 atomic_add_int(&asoc->refcnt, -1); 5315 } else { 5316 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5317 initack->init.initiate_tag = htonl(vtag); 5318 /* get a TSN to use too */ 5319 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 5320 } 5321 if (hold_inp_lock) { 5322 SCTP_INP_RLOCK(inp); 5323 SCTP_INP_DECR_REF(inp); 5324 } 5325 } 5326 /* save away my tag to */ 5327 stc.my_vtag = initack->init.initiate_tag; 5328 5329 /* set up some of the credits. */ 5330 so = inp->sctp_socket; 5331 if (so == NULL) { 5332 /* memory problem */ 5333 sctp_m_freem(m); 5334 return; 5335 } else { 5336 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND)); 5337 } 5338 /* set what I want */ 5339 his_limit = ntohs(init_chk->init.num_inbound_streams); 5340 /* choose what I want */ 5341 if (asoc != NULL) { 5342 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) { 5343 i_want = asoc->streamoutcnt; 5344 } else { 5345 i_want = inp->sctp_ep.pre_open_stream_count; 5346 } 5347 } else { 5348 i_want = inp->sctp_ep.pre_open_stream_count; 5349 } 5350 if (his_limit < i_want) { 5351 /* I Want more :< */ 5352 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams; 5353 } else { 5354 /* I can have what I want :> */ 5355 initack->init.num_outbound_streams = htons(i_want); 5356 } 5357 /* tell him his limt. */ 5358 initack->init.num_inbound_streams = 5359 htons(inp->sctp_ep.max_open_streams_intome); 5360 5361 /* adaptation layer indication parameter */ 5362 ali = (struct sctp_adaptation_layer_indication *)((caddr_t)initack + sizeof(*initack)); 5363 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 5364 ali->ph.param_length = htons(sizeof(*ali)); 5365 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 5366 SCTP_BUF_LEN(m) += sizeof(*ali); 5367 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + sizeof(*ali)); 5368 5369 /* ECN parameter */ 5370 if (SCTP_BASE_SYSCTL(sctp_ecn_enable) == 1) { 5371 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 5372 ecn->ph.param_length = htons(sizeof(*ecn)); 5373 SCTP_BUF_LEN(m) += sizeof(*ecn); 5374 5375 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 5376 sizeof(*ecn)); 5377 } else { 5378 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 5379 } 5380 /* And now tell the peer we do pr-sctp */ 5381 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 5382 prsctp->ph.param_length = htons(sizeof(*prsctp)); 5383 SCTP_BUF_LEN(m) += sizeof(*prsctp); 5384 if (nat_friendly) { 5385 /* Add NAT friendly parameter */ 5386 struct sctp_paramhdr *ph; 5387 5388 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5389 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 5390 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 5391 SCTP_BUF_LEN(m) += sizeof(struct sctp_paramhdr); 5392 } 5393 /* And now tell the peer we do all the extensions */ 5394 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5395 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 5396 num_ext = 0; 5397 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 5398 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 5399 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 5400 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 5401 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 5402 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) 5403 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 5404 /* 5405 * EY if the sysctl variable is set, tell the assoc. initiator that 5406 * we do nr_sack 5407 */ 5408 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off)) 5409 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 5410 p_len = sizeof(*pr_supported) + num_ext; 5411 pr_supported->ph.param_length = htons(p_len); 5412 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 5413 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5414 5415 /* ECN nonce: And now tell the peer we support ECN nonce */ 5416 if (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) { 5417 ecn_nonce = (struct sctp_ecn_nonce_supported_param *) 5418 ((caddr_t)pr_supported + SCTP_SIZE32(p_len)); 5419 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 5420 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 5421 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce); 5422 } 5423 /* add authentication parameters */ 5424 if (!SCTP_BASE_SYSCTL(sctp_auth_disable)) { 5425 struct sctp_auth_random *randp; 5426 struct sctp_auth_hmac_algo *hmacs; 5427 struct sctp_auth_chunk_list *chunks; 5428 uint16_t random_len; 5429 5430 /* generate and add RANDOM parameter */ 5431 random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 5432 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5433 randp->ph.param_type = htons(SCTP_RANDOM); 5434 p_len = sizeof(*randp) + random_len; 5435 randp->ph.param_length = htons(p_len); 5436 SCTP_READ_RANDOM(randp->random_data, random_len); 5437 /* zero out any padding required */ 5438 bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); 5439 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5440 5441 /* add HMAC_ALGO parameter */ 5442 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5443 p_len = sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs, 5444 (uint8_t *) hmacs->hmac_ids); 5445 if (p_len > 0) { 5446 p_len += sizeof(*hmacs); 5447 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 5448 hmacs->ph.param_length = htons(p_len); 5449 /* zero out any padding required */ 5450 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 5451 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5452 } 5453 /* add CHUNKS parameter */ 5454 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 5455 p_len = sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks, 5456 chunks->chunk_types); 5457 if (p_len > 0) { 5458 p_len += sizeof(*chunks); 5459 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 5460 chunks->ph.param_length = htons(p_len); 5461 /* zero out any padding required */ 5462 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 5463 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 5464 } 5465 } 5466 m_at = m; 5467 /* now the addresses */ 5468 { 5469 struct sctp_scoping scp; 5470 5471 /* 5472 * To optimize this we could put the scoping stuff into a 5473 * structure and remove the individual uint8's from the stc 5474 * structure. Then we could just sifa in the address within 5475 * the stc.. but for now this is a quick hack to get the 5476 * address stuff teased apart. 5477 */ 5478 scp.ipv4_addr_legal = stc.ipv4_addr_legal; 5479 scp.ipv6_addr_legal = stc.ipv6_addr_legal; 5480 scp.loopback_scope = stc.loopback_scope; 5481 scp.ipv4_local_scope = stc.ipv4_scope; 5482 scp.local_scope = stc.local_scope; 5483 scp.site_scope = stc.site_scope; 5484 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 5485 } 5486 5487 /* tack on the operational error if present */ 5488 if (op_err) { 5489 struct mbuf *ol; 5490 int llen; 5491 5492 llen = 0; 5493 ol = op_err; 5494 while (ol) { 5495 llen += SCTP_BUF_LEN(ol); 5496 ol = SCTP_BUF_NEXT(ol); 5497 } 5498 if (llen % 4) { 5499 /* must add a pad to the param */ 5500 uint32_t cpthis = 0; 5501 int padlen; 5502 5503 padlen = 4 - (llen % 4); 5504 m_copyback(op_err, llen, padlen, (caddr_t)&cpthis); 5505 } 5506 while (SCTP_BUF_NEXT(m_at) != NULL) { 5507 m_at = SCTP_BUF_NEXT(m_at); 5508 } 5509 SCTP_BUF_NEXT(m_at) = op_err; 5510 while (SCTP_BUF_NEXT(m_at) != NULL) { 5511 m_at = SCTP_BUF_NEXT(m_at); 5512 } 5513 } 5514 /* pre-calulate the size and update pkt header and chunk header */ 5515 p_len = 0; 5516 for (m_tmp = m; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5517 p_len += SCTP_BUF_LEN(m_tmp); 5518 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5519 /* m_tmp should now point to last one */ 5520 break; 5521 } 5522 } 5523 5524 /* Now we must build a cookie */ 5525 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 0, &stc, &signature); 5526 if (m_cookie == NULL) { 5527 /* memory problem */ 5528 sctp_m_freem(m); 5529 return; 5530 } 5531 /* Now append the cookie to the end and update the space/size */ 5532 SCTP_BUF_NEXT(m_tmp) = m_cookie; 5533 5534 for (m_tmp = m_cookie; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5535 p_len += SCTP_BUF_LEN(m_tmp); 5536 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5537 /* m_tmp should now point to last one */ 5538 mp_last = m_tmp; 5539 break; 5540 } 5541 } 5542 /* 5543 * Place in the size, but we don't include the last pad (if any) in 5544 * the INIT-ACK. 5545 */ 5546 initack->ch.chunk_length = htons(p_len); 5547 5548 /* 5549 * Time to sign the cookie, we don't sign over the cookie signature 5550 * though thus we set trailer. 5551 */ 5552 (void)sctp_hmac_m(SCTP_HMAC, 5553 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], 5554 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), 5555 (uint8_t *) signature, SCTP_SIGNATURE_SIZE); 5556 /* 5557 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 5558 * here since the timer will drive a retranmission. 5559 */ 5560 padval = p_len % 4; 5561 if ((padval) && (mp_last)) { 5562 /* see my previous comments on mp_last */ 5563 int ret; 5564 5565 ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); 5566 if (ret) { 5567 /* Houston we have a problem, no space */ 5568 sctp_m_freem(m); 5569 return; 5570 } 5571 p_len += padval; 5572 } 5573 if (stc.loopback_scope) { 5574 over_addr = &store1; 5575 } else { 5576 over_addr = NULL; 5577 } 5578 5579 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0, 5580 0, NULL, 0, 5581 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag, 5582 port, SCTP_SO_NOT_LOCKED, over_addr); 5583 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 5584} 5585 5586 5587void 5588sctp_insert_on_wheel(struct sctp_tcb *stcb, 5589 struct sctp_association *asoc, 5590 struct sctp_stream_out *strq, int holds_lock) 5591{ 5592 if (holds_lock == 0) { 5593 SCTP_TCB_SEND_LOCK(stcb); 5594 } 5595 if ((strq->next_spoke.tqe_next == NULL) && 5596 (strq->next_spoke.tqe_prev == NULL)) { 5597 TAILQ_INSERT_TAIL(&asoc->out_wheel, strq, next_spoke); 5598 } 5599 if (holds_lock == 0) { 5600 SCTP_TCB_SEND_UNLOCK(stcb); 5601 } 5602} 5603 5604void 5605sctp_remove_from_wheel(struct sctp_tcb *stcb, 5606 struct sctp_association *asoc, 5607 struct sctp_stream_out *strq, 5608 int holds_lock) 5609{ 5610 /* take off and then setup so we know it is not on the wheel */ 5611 if (holds_lock == 0) { 5612 SCTP_TCB_SEND_LOCK(stcb); 5613 } 5614 if (TAILQ_EMPTY(&strq->outqueue)) { 5615 if (asoc->last_out_stream == strq) { 5616 asoc->last_out_stream = TAILQ_PREV(asoc->last_out_stream, sctpwheel_listhead, next_spoke); 5617 if (asoc->last_out_stream == NULL) { 5618 asoc->last_out_stream = TAILQ_LAST(&asoc->out_wheel, sctpwheel_listhead); 5619 } 5620 if (asoc->last_out_stream == strq) { 5621 asoc->last_out_stream = NULL; 5622 } 5623 } 5624 TAILQ_REMOVE(&asoc->out_wheel, strq, next_spoke); 5625 strq->next_spoke.tqe_next = NULL; 5626 strq->next_spoke.tqe_prev = NULL; 5627 } 5628 if (holds_lock == 0) { 5629 SCTP_TCB_SEND_UNLOCK(stcb); 5630 } 5631} 5632 5633static void 5634sctp_prune_prsctp(struct sctp_tcb *stcb, 5635 struct sctp_association *asoc, 5636 struct sctp_sndrcvinfo *srcv, 5637 int dataout) 5638{ 5639 int freed_spc = 0; 5640 struct sctp_tmit_chunk *chk, *nchk; 5641 5642 SCTP_TCB_LOCK_ASSERT(stcb); 5643 if ((asoc->peer_supports_prsctp) && 5644 (asoc->sent_queue_cnt_removeable > 0)) { 5645 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 5646 /* 5647 * Look for chunks marked with the PR_SCTP flag AND 5648 * the buffer space flag. If the one being sent is 5649 * equal or greater priority then purge the old one 5650 * and free some space. 5651 */ 5652 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 5653 /* 5654 * This one is PR-SCTP AND buffer space 5655 * limited type 5656 */ 5657 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5658 /* 5659 * Lower numbers equates to higher 5660 * priority so if the one we are 5661 * looking at has a larger or equal 5662 * priority we want to drop the data 5663 * and NOT retransmit it. 5664 */ 5665 if (chk->data) { 5666 /* 5667 * We release the book_size 5668 * if the mbuf is here 5669 */ 5670 int ret_spc; 5671 int cause; 5672 5673 if (chk->sent > SCTP_DATAGRAM_UNSENT) 5674 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT; 5675 else 5676 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT; 5677 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5678 cause, 5679 SCTP_SO_LOCKED); 5680 freed_spc += ret_spc; 5681 if (freed_spc >= dataout) { 5682 return; 5683 } 5684 } /* if chunk was present */ 5685 } /* if of sufficent priority */ 5686 } /* if chunk has enabled */ 5687 } /* tailqforeach */ 5688 5689 chk = TAILQ_FIRST(&asoc->send_queue); 5690 while (chk) { 5691 nchk = TAILQ_NEXT(chk, sctp_next); 5692 /* Here we must move to the sent queue and mark */ 5693 if (PR_SCTP_TTL_ENABLED(chk->flags)) { 5694 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5695 if (chk->data) { 5696 /* 5697 * We release the book_size 5698 * if the mbuf is here 5699 */ 5700 int ret_spc; 5701 5702 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5703 SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT, 5704 SCTP_SO_LOCKED); 5705 5706 freed_spc += ret_spc; 5707 if (freed_spc >= dataout) { 5708 return; 5709 } 5710 } /* end if chk->data */ 5711 } /* end if right class */ 5712 } /* end if chk pr-sctp */ 5713 chk = nchk; 5714 } /* end while (chk) */ 5715 } /* if enabled in asoc */ 5716} 5717 5718int 5719sctp_get_frag_point(struct sctp_tcb *stcb, 5720 struct sctp_association *asoc) 5721{ 5722 int siz, ovh; 5723 5724 /* 5725 * For endpoints that have both v6 and v4 addresses we must reserve 5726 * room for the ipv6 header, for those that are only dealing with V4 5727 * we use a larger frag point. 5728 */ 5729 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5730 ovh = SCTP_MED_OVERHEAD; 5731 } else { 5732 ovh = SCTP_MED_V4_OVERHEAD; 5733 } 5734 5735 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu) 5736 siz = asoc->smallest_mtu - ovh; 5737 else 5738 siz = (stcb->asoc.sctp_frag_point - ovh); 5739 /* 5740 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { 5741 */ 5742 /* A data chunk MUST fit in a cluster */ 5743 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */ 5744 /* } */ 5745 5746 /* adjust for an AUTH chunk if DATA requires auth */ 5747 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) 5748 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 5749 5750 if (siz % 4) { 5751 /* make it an even word boundary please */ 5752 siz -= (siz % 4); 5753 } 5754 return (siz); 5755} 5756 5757static void 5758sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp) 5759{ 5760 sp->pr_sctp_on = 0; 5761 /* 5762 * We assume that the user wants PR_SCTP_TTL if the user provides a 5763 * positive lifetime but does not specify any PR_SCTP policy. This 5764 * is a BAD assumption and causes problems at least with the 5765 * U-Vancovers MPI folks. I will change this to be no policy means 5766 * NO PR-SCTP. 5767 */ 5768 if (PR_SCTP_ENABLED(sp->sinfo_flags)) { 5769 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 5770 sp->pr_sctp_on = 1; 5771 } else { 5772 return; 5773 } 5774 switch (PR_SCTP_POLICY(sp->sinfo_flags)) { 5775 case CHUNK_FLAGS_PR_SCTP_BUF: 5776 /* 5777 * Time to live is a priority stored in tv_sec when doing 5778 * the buffer drop thing. 5779 */ 5780 sp->ts.tv_sec = sp->timetolive; 5781 sp->ts.tv_usec = 0; 5782 break; 5783 case CHUNK_FLAGS_PR_SCTP_TTL: 5784 { 5785 struct timeval tv; 5786 5787 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 5788 tv.tv_sec = sp->timetolive / 1000; 5789 tv.tv_usec = (sp->timetolive * 1000) % 1000000; 5790 /* 5791 * TODO sctp_constants.h needs alternative time 5792 * macros when _KERNEL is undefined. 5793 */ 5794 timevaladd(&sp->ts, &tv); 5795 } 5796 break; 5797 case CHUNK_FLAGS_PR_SCTP_RTX: 5798 /* 5799 * Time to live is a the number or retransmissions stored in 5800 * tv_sec. 5801 */ 5802 sp->ts.tv_sec = sp->timetolive; 5803 sp->ts.tv_usec = 0; 5804 break; 5805 default: 5806 SCTPDBG(SCTP_DEBUG_USRREQ1, 5807 "Unknown PR_SCTP policy %u.\n", 5808 PR_SCTP_POLICY(sp->sinfo_flags)); 5809 break; 5810 } 5811} 5812 5813static int 5814sctp_msg_append(struct sctp_tcb *stcb, 5815 struct sctp_nets *net, 5816 struct mbuf *m, 5817 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock) 5818{ 5819 int error = 0, holds_lock; 5820 struct mbuf *at; 5821 struct sctp_stream_queue_pending *sp = NULL; 5822 struct sctp_stream_out *strm; 5823 5824 /* 5825 * Given an mbuf chain, put it into the association send queue and 5826 * place it on the wheel 5827 */ 5828 holds_lock = hold_stcb_lock; 5829 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) { 5830 /* Invalid stream number */ 5831 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 5832 error = EINVAL; 5833 goto out_now; 5834 } 5835 if ((stcb->asoc.stream_locked) && 5836 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { 5837 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 5838 error = EINVAL; 5839 goto out_now; 5840 } 5841 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 5842 /* Now can we send this? */ 5843 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) || 5844 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5845 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 5846 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { 5847 /* got data while shutting down */ 5848 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 5849 error = ECONNRESET; 5850 goto out_now; 5851 } 5852 sctp_alloc_a_strmoq(stcb, sp); 5853 if (sp == NULL) { 5854 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 5855 error = ENOMEM; 5856 goto out_now; 5857 } 5858 sp->sinfo_flags = srcv->sinfo_flags; 5859 sp->timetolive = srcv->sinfo_timetolive; 5860 sp->ppid = srcv->sinfo_ppid; 5861 sp->context = srcv->sinfo_context; 5862 sp->strseq = 0; 5863 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 5864 sp->net = net; 5865 } else { 5866 sp->net = stcb->asoc.primary_destination; 5867 } 5868 atomic_add_int(&sp->net->ref_count, 1); 5869 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 5870 sp->stream = srcv->sinfo_stream; 5871 sp->msg_is_complete = 1; 5872 sp->sender_all_done = 1; 5873 sp->some_taken = 0; 5874 sp->data = m; 5875 sp->tail_mbuf = NULL; 5876 sp->length = 0; 5877 at = m; 5878 sctp_set_prsctp_policy(sp); 5879 /* 5880 * We could in theory (for sendall) sifa the length in, but we would 5881 * still have to hunt through the chain since we need to setup the 5882 * tail_mbuf 5883 */ 5884 while (at) { 5885 if (SCTP_BUF_NEXT(at) == NULL) 5886 sp->tail_mbuf = at; 5887 sp->length += SCTP_BUF_LEN(at); 5888 at = SCTP_BUF_NEXT(at); 5889 } 5890 SCTP_TCB_SEND_LOCK(stcb); 5891 sctp_snd_sb_alloc(stcb, sp->length); 5892 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1); 5893 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 5894 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 5895 sp->strseq = strm->next_sequence_sent; 5896 strm->next_sequence_sent++; 5897 } 5898 if ((strm->next_spoke.tqe_next == NULL) && 5899 (strm->next_spoke.tqe_prev == NULL)) { 5900 /* Not on wheel, insert */ 5901 sctp_insert_on_wheel(stcb, &stcb->asoc, strm, 1); 5902 } 5903 m = NULL; 5904 SCTP_TCB_SEND_UNLOCK(stcb); 5905out_now: 5906 if (m) { 5907 sctp_m_freem(m); 5908 } 5909 return (error); 5910} 5911 5912 5913static struct mbuf * 5914sctp_copy_mbufchain(struct mbuf *clonechain, 5915 struct mbuf *outchain, 5916 struct mbuf **endofchain, 5917 int can_take_mbuf, 5918 int sizeofcpy, 5919 uint8_t copy_by_ref) 5920{ 5921 struct mbuf *m; 5922 struct mbuf *appendchain; 5923 caddr_t cp; 5924 int len; 5925 5926 if (endofchain == NULL) { 5927 /* error */ 5928error_out: 5929 if (outchain) 5930 sctp_m_freem(outchain); 5931 return (NULL); 5932 } 5933 if (can_take_mbuf) { 5934 appendchain = clonechain; 5935 } else { 5936 if (!copy_by_ref && 5937 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN))) 5938 ) { 5939 /* Its not in a cluster */ 5940 if (*endofchain == NULL) { 5941 /* lets get a mbuf cluster */ 5942 if (outchain == NULL) { 5943 /* This is the general case */ 5944 new_mbuf: 5945 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 5946 if (outchain == NULL) { 5947 goto error_out; 5948 } 5949 SCTP_BUF_LEN(outchain) = 0; 5950 *endofchain = outchain; 5951 /* get the prepend space */ 5952 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4)); 5953 } else { 5954 /* 5955 * We really should not get a NULL 5956 * in endofchain 5957 */ 5958 /* find end */ 5959 m = outchain; 5960 while (m) { 5961 if (SCTP_BUF_NEXT(m) == NULL) { 5962 *endofchain = m; 5963 break; 5964 } 5965 m = SCTP_BUF_NEXT(m); 5966 } 5967 /* sanity */ 5968 if (*endofchain == NULL) { 5969 /* 5970 * huh, TSNH XXX maybe we 5971 * should panic 5972 */ 5973 sctp_m_freem(outchain); 5974 goto new_mbuf; 5975 } 5976 } 5977 /* get the new end of length */ 5978 len = M_TRAILINGSPACE(*endofchain); 5979 } else { 5980 /* how much is left at the end? */ 5981 len = M_TRAILINGSPACE(*endofchain); 5982 } 5983 /* Find the end of the data, for appending */ 5984 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain))); 5985 5986 /* Now lets copy it out */ 5987 if (len >= sizeofcpy) { 5988 /* It all fits, copy it in */ 5989 m_copydata(clonechain, 0, sizeofcpy, cp); 5990 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 5991 } else { 5992 /* fill up the end of the chain */ 5993 if (len > 0) { 5994 m_copydata(clonechain, 0, len, cp); 5995 SCTP_BUF_LEN((*endofchain)) += len; 5996 /* now we need another one */ 5997 sizeofcpy -= len; 5998 } 5999 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 6000 if (m == NULL) { 6001 /* We failed */ 6002 goto error_out; 6003 } 6004 SCTP_BUF_NEXT((*endofchain)) = m; 6005 *endofchain = m; 6006 cp = mtod((*endofchain), caddr_t); 6007 m_copydata(clonechain, len, sizeofcpy, cp); 6008 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 6009 } 6010 return (outchain); 6011 } else { 6012 /* copy the old fashion way */ 6013 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_DONTWAIT); 6014#ifdef SCTP_MBUF_LOGGING 6015 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6016 struct mbuf *mat; 6017 6018 mat = appendchain; 6019 while (mat) { 6020 if (SCTP_BUF_IS_EXTENDED(mat)) { 6021 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6022 } 6023 mat = SCTP_BUF_NEXT(mat); 6024 } 6025 } 6026#endif 6027 } 6028 } 6029 if (appendchain == NULL) { 6030 /* error */ 6031 if (outchain) 6032 sctp_m_freem(outchain); 6033 return (NULL); 6034 } 6035 if (outchain) { 6036 /* tack on to the end */ 6037 if (*endofchain != NULL) { 6038 SCTP_BUF_NEXT(((*endofchain))) = appendchain; 6039 } else { 6040 m = outchain; 6041 while (m) { 6042 if (SCTP_BUF_NEXT(m) == NULL) { 6043 SCTP_BUF_NEXT(m) = appendchain; 6044 break; 6045 } 6046 m = SCTP_BUF_NEXT(m); 6047 } 6048 } 6049 /* 6050 * save off the end and update the end-chain postion 6051 */ 6052 m = appendchain; 6053 while (m) { 6054 if (SCTP_BUF_NEXT(m) == NULL) { 6055 *endofchain = m; 6056 break; 6057 } 6058 m = SCTP_BUF_NEXT(m); 6059 } 6060 return (outchain); 6061 } else { 6062 /* save off the end and update the end-chain postion */ 6063 m = appendchain; 6064 while (m) { 6065 if (SCTP_BUF_NEXT(m) == NULL) { 6066 *endofchain = m; 6067 break; 6068 } 6069 m = SCTP_BUF_NEXT(m); 6070 } 6071 return (appendchain); 6072 } 6073} 6074 6075int 6076sctp_med_chunk_output(struct sctp_inpcb *inp, 6077 struct sctp_tcb *stcb, 6078 struct sctp_association *asoc, 6079 int *num_out, 6080 int *reason_code, 6081 int control_only, int from_where, 6082 struct timeval *now, int *now_filled, int frag_point, int so_locked 6083#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 6084 SCTP_UNUSED 6085#endif 6086); 6087 6088static void 6089sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, 6090 uint32_t val) 6091{ 6092 struct sctp_copy_all *ca; 6093 struct mbuf *m; 6094 int ret = 0; 6095 int added_control = 0; 6096 int un_sent, do_chunk_output = 1; 6097 struct sctp_association *asoc; 6098 6099 ca = (struct sctp_copy_all *)ptr; 6100 if (ca->m == NULL) { 6101 return; 6102 } 6103 if (ca->inp != inp) { 6104 /* TSNH */ 6105 return; 6106 } 6107 if ((ca->m) && ca->sndlen) { 6108 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_DONTWAIT); 6109 if (m == NULL) { 6110 /* can't copy so we are done */ 6111 ca->cnt_failed++; 6112 return; 6113 } 6114#ifdef SCTP_MBUF_LOGGING 6115 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6116 struct mbuf *mat; 6117 6118 mat = m; 6119 while (mat) { 6120 if (SCTP_BUF_IS_EXTENDED(mat)) { 6121 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6122 } 6123 mat = SCTP_BUF_NEXT(mat); 6124 } 6125 } 6126#endif 6127 } else { 6128 m = NULL; 6129 } 6130 SCTP_TCB_LOCK_ASSERT(stcb); 6131 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) { 6132 /* Abort this assoc with m as the user defined reason */ 6133 if (m) { 6134 struct sctp_paramhdr *ph; 6135 6136 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT); 6137 if (m) { 6138 ph = mtod(m, struct sctp_paramhdr *); 6139 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 6140 ph->param_length = htons(ca->sndlen); 6141 } 6142 /* 6143 * We add one here to keep the assoc from 6144 * dis-appearing on us. 6145 */ 6146 atomic_add_int(&stcb->asoc.refcnt, 1); 6147 sctp_abort_an_association(inp, stcb, 6148 SCTP_RESPONSE_TO_USER_REQ, 6149 m, SCTP_SO_NOT_LOCKED); 6150 /* 6151 * sctp_abort_an_association calls sctp_free_asoc() 6152 * free association will NOT free it since we 6153 * incremented the refcnt .. we do this to prevent 6154 * it being freed and things getting tricky since we 6155 * could end up (from free_asoc) calling inpcb_free 6156 * which would get a recursive lock call to the 6157 * iterator lock.. But as a consequence of that the 6158 * stcb will return to us un-locked.. since 6159 * free_asoc returns with either no TCB or the TCB 6160 * unlocked, we must relock.. to unlock in the 6161 * iterator timer :-0 6162 */ 6163 SCTP_TCB_LOCK(stcb); 6164 atomic_add_int(&stcb->asoc.refcnt, -1); 6165 goto no_chunk_output; 6166 } 6167 } else { 6168 if (m) { 6169 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m, 6170 &ca->sndrcv, 1); 6171 } 6172 asoc = &stcb->asoc; 6173 if (ca->sndrcv.sinfo_flags & SCTP_EOF) { 6174 /* shutdown this assoc */ 6175 int cnt; 6176 6177 cnt = sctp_is_there_unsent_data(stcb); 6178 6179 if (TAILQ_EMPTY(&asoc->send_queue) && 6180 TAILQ_EMPTY(&asoc->sent_queue) && 6181 (cnt == 0)) { 6182 if (asoc->locked_on_sending) { 6183 goto abort_anyway; 6184 } 6185 /* 6186 * there is nothing queued to send, so I'm 6187 * done... 6188 */ 6189 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6190 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6191 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6192 /* 6193 * only send SHUTDOWN the first time 6194 * through 6195 */ 6196 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 6197 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 6198 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 6199 } 6200 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 6201 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 6202 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 6203 asoc->primary_destination); 6204 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6205 asoc->primary_destination); 6206 added_control = 1; 6207 do_chunk_output = 0; 6208 } 6209 } else { 6210 /* 6211 * we still got (or just got) data to send, 6212 * so set SHUTDOWN_PENDING 6213 */ 6214 /* 6215 * XXX sockets draft says that SCTP_EOF 6216 * should be sent with no data. currently, 6217 * we will allow user data to be sent first 6218 * and move to SHUTDOWN-PENDING 6219 */ 6220 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6221 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6222 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6223 if (asoc->locked_on_sending) { 6224 /* 6225 * Locked to send out the 6226 * data 6227 */ 6228 struct sctp_stream_queue_pending *sp; 6229 6230 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 6231 if (sp) { 6232 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 6233 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 6234 } 6235 } 6236 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 6237 if (TAILQ_EMPTY(&asoc->send_queue) && 6238 TAILQ_EMPTY(&asoc->sent_queue) && 6239 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 6240 abort_anyway: 6241 atomic_add_int(&stcb->asoc.refcnt, 1); 6242 sctp_abort_an_association(stcb->sctp_ep, stcb, 6243 SCTP_RESPONSE_TO_USER_REQ, 6244 NULL, SCTP_SO_NOT_LOCKED); 6245 atomic_add_int(&stcb->asoc.refcnt, -1); 6246 goto no_chunk_output; 6247 } 6248 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6249 asoc->primary_destination); 6250 } 6251 } 6252 6253 } 6254 } 6255 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 6256 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 6257 6258 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 6259 (stcb->asoc.total_flight > 0) && 6260 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) 6261 ) { 6262 do_chunk_output = 0; 6263 } 6264 if (do_chunk_output) 6265 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED); 6266 else if (added_control) { 6267 int num_out = 0, reason = 0, now_filled = 0; 6268 struct timeval now; 6269 int frag_point; 6270 6271 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 6272 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 6273 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED); 6274 } 6275no_chunk_output: 6276 if (ret) { 6277 ca->cnt_failed++; 6278 } else { 6279 ca->cnt_sent++; 6280 } 6281} 6282 6283static void 6284sctp_sendall_completes(void *ptr, uint32_t val) 6285{ 6286 struct sctp_copy_all *ca; 6287 6288 ca = (struct sctp_copy_all *)ptr; 6289 /* 6290 * Do a notify here? Kacheong suggests that the notify be done at 6291 * the send time.. so you would push up a notification if any send 6292 * failed. Don't know if this is feasable since the only failures we 6293 * have is "memory" related and if you cannot get an mbuf to send 6294 * the data you surely can't get an mbuf to send up to notify the 6295 * user you can't send the data :-> 6296 */ 6297 6298 /* now free everything */ 6299 sctp_m_freem(ca->m); 6300 SCTP_FREE(ca, SCTP_M_COPYAL); 6301} 6302 6303 6304#define MC_ALIGN(m, len) do { \ 6305 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \ 6306} while (0) 6307 6308 6309 6310static struct mbuf * 6311sctp_copy_out_all(struct uio *uio, int len) 6312{ 6313 struct mbuf *ret, *at; 6314 int left, willcpy, cancpy, error; 6315 6316 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAIT, 1, MT_DATA); 6317 if (ret == NULL) { 6318 /* TSNH */ 6319 return (NULL); 6320 } 6321 left = len; 6322 SCTP_BUF_LEN(ret) = 0; 6323 /* save space for the data chunk header */ 6324 cancpy = M_TRAILINGSPACE(ret); 6325 willcpy = min(cancpy, left); 6326 at = ret; 6327 while (left > 0) { 6328 /* Align data to the end */ 6329 error = uiomove(mtod(at, caddr_t), willcpy, uio); 6330 if (error) { 6331 err_out_now: 6332 sctp_m_freem(at); 6333 return (NULL); 6334 } 6335 SCTP_BUF_LEN(at) = willcpy; 6336 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0; 6337 left -= willcpy; 6338 if (left > 0) { 6339 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 1, MT_DATA); 6340 if (SCTP_BUF_NEXT(at) == NULL) { 6341 goto err_out_now; 6342 } 6343 at = SCTP_BUF_NEXT(at); 6344 SCTP_BUF_LEN(at) = 0; 6345 cancpy = M_TRAILINGSPACE(at); 6346 willcpy = min(cancpy, left); 6347 } 6348 } 6349 return (ret); 6350} 6351 6352static int 6353sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, 6354 struct sctp_sndrcvinfo *srcv) 6355{ 6356 int ret; 6357 struct sctp_copy_all *ca; 6358 6359 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all), 6360 SCTP_M_COPYAL); 6361 if (ca == NULL) { 6362 sctp_m_freem(m); 6363 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6364 return (ENOMEM); 6365 } 6366 memset(ca, 0, sizeof(struct sctp_copy_all)); 6367 6368 ca->inp = inp; 6369 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo)); 6370 /* 6371 * take off the sendall flag, it would be bad if we failed to do 6372 * this :-0 6373 */ 6374 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; 6375 /* get length and mbuf chain */ 6376 if (uio) { 6377 ca->sndlen = uio->uio_resid; 6378 ca->m = sctp_copy_out_all(uio, ca->sndlen); 6379 if (ca->m == NULL) { 6380 SCTP_FREE(ca, SCTP_M_COPYAL); 6381 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6382 return (ENOMEM); 6383 } 6384 } else { 6385 /* Gather the length of the send */ 6386 struct mbuf *mat; 6387 6388 mat = m; 6389 ca->sndlen = 0; 6390 while (m) { 6391 ca->sndlen += SCTP_BUF_LEN(m); 6392 m = SCTP_BUF_NEXT(m); 6393 } 6394 ca->m = mat; 6395 } 6396 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, 6397 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, 6398 SCTP_ASOC_ANY_STATE, 6399 (void *)ca, 0, 6400 sctp_sendall_completes, inp, 1); 6401 if (ret) { 6402 SCTP_PRINTF("Failed to initiate iterator for sendall\n"); 6403 SCTP_FREE(ca, SCTP_M_COPYAL); 6404 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 6405 return (EFAULT); 6406 } 6407 return (0); 6408} 6409 6410 6411void 6412sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc) 6413{ 6414 struct sctp_tmit_chunk *chk, *nchk; 6415 6416 chk = TAILQ_FIRST(&asoc->control_send_queue); 6417 while (chk) { 6418 nchk = TAILQ_NEXT(chk, sctp_next); 6419 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 6420 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6421 if (chk->data) { 6422 sctp_m_freem(chk->data); 6423 chk->data = NULL; 6424 } 6425 asoc->ctrl_queue_cnt--; 6426 sctp_free_a_chunk(stcb, chk); 6427 } 6428 chk = nchk; 6429 } 6430} 6431 6432void 6433sctp_toss_old_asconf(struct sctp_tcb *stcb) 6434{ 6435 struct sctp_association *asoc; 6436 struct sctp_tmit_chunk *chk, *chk_tmp; 6437 struct sctp_asconf_chunk *acp; 6438 6439 asoc = &stcb->asoc; 6440 for (chk = TAILQ_FIRST(&asoc->asconf_send_queue); chk != NULL; 6441 chk = chk_tmp) { 6442 /* get next chk */ 6443 chk_tmp = TAILQ_NEXT(chk, sctp_next); 6444 /* find SCTP_ASCONF chunk in queue */ 6445 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 6446 if (chk->data) { 6447 acp = mtod(chk->data, struct sctp_asconf_chunk *); 6448 if (compare_with_wrap(ntohl(acp->serial_number), stcb->asoc.asconf_seq_out_acked, MAX_SEQ)) { 6449 /* Not Acked yet */ 6450 break; 6451 } 6452 } 6453 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 6454 if (chk->data) { 6455 sctp_m_freem(chk->data); 6456 chk->data = NULL; 6457 } 6458 asoc->ctrl_queue_cnt--; 6459 sctp_free_a_chunk(stcb, chk); 6460 } 6461 } 6462} 6463 6464 6465static void 6466sctp_clean_up_datalist(struct sctp_tcb *stcb, 6467 6468 struct sctp_association *asoc, 6469 struct sctp_tmit_chunk **data_list, 6470 int bundle_at, 6471 struct sctp_nets *net) 6472{ 6473 int i; 6474 struct sctp_tmit_chunk *tp1; 6475 6476 for (i = 0; i < bundle_at; i++) { 6477 /* off of the send queue */ 6478 if (i) { 6479 /* 6480 * Any chunk NOT 0 you zap the time chunk 0 gets 6481 * zapped or set based on if a RTO measurment is 6482 * needed. 6483 */ 6484 data_list[i]->do_rtt = 0; 6485 } 6486 /* record time */ 6487 data_list[i]->sent_rcv_time = net->last_sent_time; 6488 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq; 6489 TAILQ_REMOVE(&asoc->send_queue, 6490 data_list[i], 6491 sctp_next); 6492 /* on to the sent queue */ 6493 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead); 6494 if ((tp1) && (compare_with_wrap(tp1->rec.data.TSN_seq, 6495 data_list[i]->rec.data.TSN_seq, MAX_TSN))) { 6496 struct sctp_tmit_chunk *tpp; 6497 6498 /* need to move back */ 6499 back_up_more: 6500 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next); 6501 if (tpp == NULL) { 6502 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next); 6503 goto all_done; 6504 } 6505 tp1 = tpp; 6506 if (compare_with_wrap(tp1->rec.data.TSN_seq, 6507 data_list[i]->rec.data.TSN_seq, MAX_TSN)) { 6508 goto back_up_more; 6509 } 6510 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next); 6511 } else { 6512 TAILQ_INSERT_TAIL(&asoc->sent_queue, 6513 data_list[i], 6514 sctp_next); 6515 } 6516all_done: 6517 /* This does not lower until the cum-ack passes it */ 6518 asoc->sent_queue_cnt++; 6519 asoc->send_queue_cnt--; 6520 if ((asoc->peers_rwnd <= 0) && 6521 (asoc->total_flight == 0) && 6522 (bundle_at == 1)) { 6523 /* Mark the chunk as being a window probe */ 6524 SCTP_STAT_INCR(sctps_windowprobed); 6525 } 6526#ifdef SCTP_AUDITING_ENABLED 6527 sctp_audit_log(0xC2, 3); 6528#endif 6529 data_list[i]->sent = SCTP_DATAGRAM_SENT; 6530 data_list[i]->snd_count = 1; 6531 data_list[i]->rec.data.chunk_was_revoked = 0; 6532 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 6533 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 6534 data_list[i]->whoTo->flight_size, 6535 data_list[i]->book_size, 6536 (uintptr_t) data_list[i]->whoTo, 6537 data_list[i]->rec.data.TSN_seq); 6538 } 6539 sctp_flight_size_increase(data_list[i]); 6540 sctp_total_flight_increase(stcb, data_list[i]); 6541 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 6542 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 6543 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 6544 } 6545 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 6546 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 6547 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 6548 /* SWS sender side engages */ 6549 asoc->peers_rwnd = 0; 6550 } 6551 } 6552} 6553 6554static void 6555sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc) 6556{ 6557 struct sctp_tmit_chunk *chk, *nchk; 6558 6559 for (chk = TAILQ_FIRST(&asoc->control_send_queue); 6560 chk; chk = nchk) { 6561 nchk = TAILQ_NEXT(chk, sctp_next); 6562 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 6563 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 6564 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 6565 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 6566 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) || 6567 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 6568 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 6569 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 6570 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 6571 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 6572 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 6573 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 6574 /* Stray chunks must be cleaned up */ 6575 clean_up_anyway: 6576 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6577 if (chk->data) { 6578 sctp_m_freem(chk->data); 6579 chk->data = NULL; 6580 } 6581 asoc->ctrl_queue_cnt--;
|
9740 /* no more to look at */ 9741 break; 9742 } 9743 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 9744 /* We don't report these */ 9745 continue; 9746 } 9747 cnt_of_skipped++; 9748 } 9749 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 9750 (cnt_of_skipped * sizeof(struct sctp_strseq))); 9751 9752 cnt_of_space = M_TRAILINGSPACE(chk->data); 9753 9754 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 9755 ovh = SCTP_MIN_OVERHEAD; 9756 } else { 9757 ovh = SCTP_MIN_V4_OVERHEAD; 9758 } 9759 if (cnt_of_space > (asoc->smallest_mtu - ovh)) { 9760 /* trim to a mtu size */ 9761 cnt_of_space = asoc->smallest_mtu - ovh; 9762 } 9763 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9764 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9765 0xff, 0, cnt_of_skipped, 9766 asoc->advanced_peer_ack_point); 9767 9768 } 9769 advance_peer_ack_point = asoc->advanced_peer_ack_point; 9770 if (cnt_of_space < space_needed) { 9771 /*- 9772 * ok we must trim down the chunk by lowering the 9773 * advance peer ack point. 9774 */ 9775 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9776 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9777 0xff, 0xff, cnt_of_space, 9778 space_needed); 9779 } 9780 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); 9781 cnt_of_skipped /= sizeof(struct sctp_strseq); 9782 /*- 9783 * Go through and find the TSN that will be the one 9784 * we report. 9785 */ 9786 at = TAILQ_FIRST(&asoc->sent_queue); 9787 for (i = 0; i < cnt_of_skipped; i++) { 9788 tp1 = TAILQ_NEXT(at, sctp_next); 9789 at = tp1; 9790 } 9791 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9792 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9793 0xff, cnt_of_skipped, at->rec.data.TSN_seq, 9794 asoc->advanced_peer_ack_point); 9795 } 9796 last = at; 9797 /*- 9798 * last now points to last one I can report, update 9799 * peer ack point 9800 */ 9801 advance_peer_ack_point = last->rec.data.TSN_seq; 9802 space_needed = sizeof(struct sctp_forward_tsn_chunk) + 9803 cnt_of_skipped * sizeof(struct sctp_strseq); 9804 } 9805 chk->send_size = space_needed; 9806 /* Setup the chunk */ 9807 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 9808 fwdtsn->ch.chunk_length = htons(chk->send_size); 9809 fwdtsn->ch.chunk_flags = 0; 9810 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 9811 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point); 9812 SCTP_BUF_LEN(chk->data) = chk->send_size; 9813 fwdtsn++; 9814 /*- 9815 * Move pointer to after the fwdtsn and transfer to the 9816 * strseq pointer. 9817 */ 9818 strseq = (struct sctp_strseq *)fwdtsn; 9819 /*- 9820 * Now populate the strseq list. This is done blindly 9821 * without pulling out duplicate stream info. This is 9822 * inefficent but won't harm the process since the peer will 9823 * look at these in sequence and will thus release anything. 9824 * It could mean we exceed the PMTU and chop off some that 9825 * we could have included.. but this is unlikely (aka 1432/4 9826 * would mean 300+ stream seq's would have to be reported in 9827 * one FWD-TSN. With a bit of work we can later FIX this to 9828 * optimize and pull out duplcates.. but it does add more 9829 * overhead. So for now... not! 9830 */ 9831 at = TAILQ_FIRST(&asoc->sent_queue); 9832 for (i = 0; i < cnt_of_skipped; i++) { 9833 tp1 = TAILQ_NEXT(at, sctp_next); 9834 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 9835 /* We don't report these */ 9836 i--; 9837 at = tp1; 9838 continue; 9839 } 9840 if (at->rec.data.TSN_seq == advance_peer_ack_point) { 9841 at->rec.data.fwd_tsn_cnt = 0; 9842 } 9843 strseq->stream = ntohs(at->rec.data.stream_number); 9844 strseq->sequence = ntohs(at->rec.data.stream_seq); 9845 strseq++; 9846 at = tp1; 9847 } 9848 } 9849 return; 9850 9851} 9852 9853void 9854sctp_send_sack(struct sctp_tcb *stcb) 9855{ 9856 /*- 9857 * Queue up a SACK or NR-SACK in the control queue. 9858 * We must first check to see if a SACK or NR-SACK is 9859 * somehow on the control queue. 9860 * If so, we will take and and remove the old one. 9861 */ 9862 struct sctp_association *asoc; 9863 struct sctp_tmit_chunk *chk, *a_chk; 9864 struct sctp_sack_chunk *sack; 9865 struct sctp_nr_sack_chunk *nr_sack; 9866 struct sctp_gap_ack_block *gap_descriptor; 9867 struct sack_track *selector; 9868 int mergeable = 0; 9869 int offset; 9870 caddr_t limit; 9871 uint32_t *dup; 9872 int limit_reached = 0; 9873 unsigned int i, sel_start, siz, j, starting_index; 9874 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space; 9875 int num_dups = 0; 9876 int space_req; 9877 uint32_t highest_tsn; 9878 uint8_t flags; 9879 uint8_t type; 9880 9881 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) && 9882 stcb->asoc.peer_supports_nr_sack) { 9883 type = SCTP_NR_SELECTIVE_ACK; 9884 } else { 9885 type = SCTP_SELECTIVE_ACK; 9886 } 9887 a_chk = NULL; 9888 asoc = &stcb->asoc; 9889 SCTP_TCB_LOCK_ASSERT(stcb); 9890 if (asoc->last_data_chunk_from == NULL) { 9891 /* Hmm we never received anything */ 9892 return; 9893 } 9894 sctp_slide_mapping_arrays(stcb); 9895 sctp_set_rwnd(stcb, asoc); 9896 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9897 if (chk->rec.chunk_id.id == type) { 9898 /* Hmm, found a sack already on queue, remove it */ 9899 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 9900 asoc->ctrl_queue_cnt++; 9901 a_chk = chk; 9902 if (a_chk->data) { 9903 sctp_m_freem(a_chk->data); 9904 a_chk->data = NULL; 9905 } 9906 sctp_free_remote_addr(a_chk->whoTo); 9907 a_chk->whoTo = NULL; 9908 break; 9909 } 9910 } 9911 if (a_chk == NULL) { 9912 sctp_alloc_a_chunk(stcb, a_chk); 9913 if (a_chk == NULL) { 9914 /* No memory so we drop the idea, and set a timer */ 9915 if (stcb->asoc.delayed_ack) { 9916 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 9917 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); 9918 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 9919 stcb->sctp_ep, stcb, NULL); 9920 } else { 9921 stcb->asoc.send_sack = 1; 9922 } 9923 return; 9924 } 9925 a_chk->copy_by_ref = 0; 9926 a_chk->rec.chunk_id.id = type; 9927 a_chk->rec.chunk_id.can_take_data = 1; 9928 } 9929 /* Clear our pkt counts */ 9930 asoc->data_pkts_seen = 0; 9931 9932 a_chk->asoc = asoc; 9933 a_chk->snd_count = 0; 9934 a_chk->send_size = 0; /* fill in later */ 9935 a_chk->sent = SCTP_DATAGRAM_UNSENT; 9936 a_chk->whoTo = NULL; 9937 9938 if ((asoc->numduptsns) || 9939 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE) 9940 ) { 9941 /*- 9942 * Ok, we have some duplicates or the destination for the 9943 * sack is unreachable, lets see if we can select an 9944 * alternate than asoc->last_data_chunk_from 9945 */ 9946 if ((!(asoc->last_data_chunk_from->dest_state & 9947 SCTP_ADDR_NOT_REACHABLE)) && 9948 (asoc->used_alt_onsack > asoc->numnets)) { 9949 /* We used an alt last time, don't this time */ 9950 a_chk->whoTo = NULL; 9951 } else { 9952 asoc->used_alt_onsack++; 9953 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0); 9954 } 9955 if (a_chk->whoTo == NULL) { 9956 /* Nope, no alternate */ 9957 a_chk->whoTo = asoc->last_data_chunk_from; 9958 asoc->used_alt_onsack = 0; 9959 } 9960 } else { 9961 /* 9962 * No duplicates so we use the last place we received data 9963 * from. 9964 */ 9965 asoc->used_alt_onsack = 0; 9966 a_chk->whoTo = asoc->last_data_chunk_from; 9967 } 9968 if (a_chk->whoTo) { 9969 atomic_add_int(&a_chk->whoTo->ref_count, 1); 9970 } 9971 if (compare_with_wrap(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map, MAX_TSN)) { 9972 highest_tsn = asoc->highest_tsn_inside_map; 9973 } else { 9974 highest_tsn = asoc->highest_tsn_inside_nr_map; 9975 } 9976 if (highest_tsn == asoc->cumulative_tsn) { 9977 /* no gaps */ 9978 if (type == SCTP_SELECTIVE_ACK) { 9979 space_req = sizeof(struct sctp_sack_chunk); 9980 } else { 9981 space_req = sizeof(struct sctp_nr_sack_chunk); 9982 } 9983 } else { 9984 /* gaps get a cluster */ 9985 space_req = MCLBYTES; 9986 } 9987 /* Ok now lets formulate a MBUF with our sack */ 9988 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_DONTWAIT, 1, MT_DATA); 9989 if ((a_chk->data == NULL) || 9990 (a_chk->whoTo == NULL)) { 9991 /* rats, no mbuf memory */ 9992 if (a_chk->data) { 9993 /* was a problem with the destination */ 9994 sctp_m_freem(a_chk->data); 9995 a_chk->data = NULL; 9996 } 9997 sctp_free_a_chunk(stcb, a_chk); 9998 /* sa_ignore NO_NULL_CHK */ 9999 if (stcb->asoc.delayed_ack) { 10000 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 10001 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6); 10002 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 10003 stcb->sctp_ep, stcb, NULL); 10004 } else { 10005 stcb->asoc.send_sack = 1; 10006 } 10007 return; 10008 } 10009 /* ok, lets go through and fill it in */ 10010 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD); 10011 space = M_TRAILINGSPACE(a_chk->data); 10012 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) { 10013 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD); 10014 } 10015 limit = mtod(a_chk->data, caddr_t); 10016 limit += space; 10017 10018 /* 0x01 is used by nonce for ecn */ 10019 if ((SCTP_BASE_SYSCTL(sctp_ecn_enable)) && 10020 (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) && 10021 (asoc->peer_supports_ecn_nonce)) 10022 flags = (asoc->receiver_nonce_sum & SCTP_SACK_NONCE_SUM); 10023 else 10024 flags = 0; 10025 10026 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) { 10027 /*- 10028 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been 10029 * received, then set high bit to 1, else 0. Reset 10030 * pkts_rcvd. 10031 */ 10032 flags |= (asoc->cmt_dac_pkts_rcvd << 6); 10033 asoc->cmt_dac_pkts_rcvd = 0; 10034 } 10035#ifdef SCTP_ASOCLOG_OF_TSNS 10036 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn; 10037 stcb->asoc.cumack_log_atsnt++; 10038 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) { 10039 stcb->asoc.cumack_log_atsnt = 0; 10040 } 10041#endif 10042 /* reset the readers interpretation */ 10043 stcb->freed_by_sorcv_sincelast = 0; 10044 10045 if (type == SCTP_SELECTIVE_ACK) { 10046 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 10047 nr_sack = NULL; 10048 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk)); 10049 if (highest_tsn > asoc->mapping_array_base_tsn) { 10050 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10051 } else { 10052 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8; 10053 } 10054 } else { 10055 sack = NULL; 10056 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *); 10057 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk)); 10058 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) { 10059 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10060 } else { 10061 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8; 10062 } 10063 } 10064 10065 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) { 10066 offset = 1; 10067 /*- 10068 * The base TSN is intialized to be the first TSN the peer 10069 * will send us. If the cum-ack is behind this then when they 10070 * send us the next in sequence it will mark the base_tsn bit. 10071 * Thus we need to use the very first selector and the offset 10072 * is 1. Our table is built for this case. 10073 */ 10074 starting_index = 0; 10075 sel_start = 0; 10076 } else { 10077 /*- 10078 * we skip the first selector when the cum-ack is at or above the 10079 * mapping array base. This is because the bits at the base or above 10080 * are turned on and our first selector in the table assumes they are 10081 * off. We thus will use the second selector (first is 0). We use 10082 * the reverse of our macro to fix the offset, in bits, that our 10083 * table is at. Note that this method assumes that the cum-tsn is 10084 * within the first bit, i.e. its value is 0-7 which means the 10085 * result to our offset will be either a 0 - -7. If the cumack 10086 * is NOT in the first byte (0) (which it should be since we did 10087 * a mapping array slide above) then we need to calculate the starting 10088 * index i.e. which byte of the mapping array we should start at. We 10089 * do this by dividing by 8 and pushing the remainder (mod) into offset. 10090 * then we multiply the offset to be negative, since we need a negative 10091 * offset into the selector table. 10092 */ 10093 SCTP_CALC_TSN_TO_GAP(offset, asoc->cumulative_tsn, asoc->mapping_array_base_tsn); 10094 if (offset > 7) { 10095 starting_index = offset / 8; 10096 offset = offset % 8; 10097 printf("Strange starting index is %d offset:%d (not 0/x)\n", 10098 starting_index, offset); 10099 } else { 10100 starting_index = 0; 10101 } 10102 /* We need a negative offset in our table */ 10103 offset *= -1; 10104 sel_start = 1; 10105 } 10106 if (((type == SCTP_SELECTIVE_ACK) && 10107 compare_with_wrap(highest_tsn, asoc->cumulative_tsn, MAX_TSN)) || 10108 ((type == SCTP_NR_SELECTIVE_ACK) && 10109 compare_with_wrap(asoc->highest_tsn_inside_map, asoc->cumulative_tsn, MAX_TSN))) { 10110 /* we have a gap .. maybe */ 10111 for (i = starting_index; i < siz; i++) { 10112 if (type == SCTP_SELECTIVE_ACK) { 10113 selector = &sack_array[asoc->mapping_array[i] | asoc->nr_mapping_array[i]]; 10114 } else { 10115 selector = &sack_array[asoc->mapping_array[i]]; 10116 } 10117 if (mergeable && selector->right_edge) { 10118 /* 10119 * Backup, left and right edges were ok to 10120 * merge. 10121 */ 10122 num_gap_blocks--; 10123 gap_descriptor--; 10124 } 10125 if (selector->num_entries == 0) 10126 mergeable = 0; 10127 else { 10128 for (j = sel_start; j < selector->num_entries; j++) { 10129 if (mergeable && selector->right_edge) { 10130 /* 10131 * do a merge by NOT setting 10132 * the left side 10133 */ 10134 mergeable = 0; 10135 } else { 10136 /* 10137 * no merge, set the left 10138 * side 10139 */ 10140 mergeable = 0; 10141 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10142 } 10143 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10144 num_gap_blocks++; 10145 gap_descriptor++; 10146 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10147 /* no more room */ 10148 limit_reached = 1; 10149 break; 10150 } 10151 } 10152 if (selector->left_edge) { 10153 mergeable = 1; 10154 } 10155 } 10156 if (limit_reached) { 10157 /* Reached the limit stop */ 10158 break; 10159 } 10160 sel_start = 0; 10161 offset += 8; 10162 } 10163 } 10164 if ((type == SCTP_NR_SELECTIVE_ACK) && 10165 (limit_reached == 0)) { 10166 10167 mergeable = 0; 10168 10169 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn) 10170 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10171 else 10172 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8; 10173 10174 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) { 10175 offset = 1; 10176 /*- 10177 * cum-ack behind the mapping array, so we start and use all 10178 * entries. 10179 */ 10180 sel_start = 0; 10181 } else { 10182 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 10183 /*- 10184 * we skip the first one when the cum-ack is at or above the 10185 * mapping array base. Note this only works if 10186 */ 10187 sel_start = 1; 10188 } 10189 if (compare_with_wrap(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn, MAX_TSN)) { 10190 /* we have a gap .. maybe */ 10191 for (i = 0; i < siz; i++) { 10192 selector = &sack_array[asoc->nr_mapping_array[i]]; 10193 if (mergeable && selector->right_edge) { 10194 /* 10195 * Backup, left and right edges were 10196 * ok to merge. 10197 */ 10198 num_nr_gap_blocks--; 10199 gap_descriptor--; 10200 } 10201 if (selector->num_entries == 0) 10202 mergeable = 0; 10203 else { 10204 for (j = sel_start; j < selector->num_entries; j++) { 10205 if (mergeable && selector->right_edge) { 10206 /* 10207 * do a merge by NOT 10208 * setting the left 10209 * side 10210 */ 10211 mergeable = 0; 10212 } else { 10213 /* 10214 * no merge, set the 10215 * left side 10216 */ 10217 mergeable = 0; 10218 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10219 } 10220 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10221 num_nr_gap_blocks++; 10222 gap_descriptor++; 10223 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10224 /* no more room */ 10225 limit_reached = 1; 10226 break; 10227 } 10228 } 10229 if (selector->left_edge) { 10230 mergeable = 1; 10231 } 10232 } 10233 if (limit_reached) { 10234 /* Reached the limit stop */ 10235 break; 10236 } 10237 sel_start = 0; 10238 offset += 8; 10239 } 10240 } 10241 } 10242 /* now we must add any dups we are going to report. */ 10243 if ((limit_reached == 0) && (asoc->numduptsns)) { 10244 dup = (uint32_t *) gap_descriptor; 10245 for (i = 0; i < asoc->numduptsns; i++) { 10246 *dup = htonl(asoc->dup_tsns[i]); 10247 dup++; 10248 num_dups++; 10249 if (((caddr_t)dup + sizeof(uint32_t)) > limit) { 10250 /* no more room */ 10251 break; 10252 } 10253 } 10254 asoc->numduptsns = 0; 10255 } 10256 /* 10257 * now that the chunk is prepared queue it to the control chunk 10258 * queue. 10259 */ 10260 if (type == SCTP_SELECTIVE_ACK) { 10261 a_chk->send_size = sizeof(struct sctp_sack_chunk) + 10262 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10263 num_dups * sizeof(int32_t); 10264 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10265 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10266 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 10267 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 10268 sack->sack.num_dup_tsns = htons(num_dups); 10269 sack->ch.chunk_type = type; 10270 sack->ch.chunk_flags = flags; 10271 sack->ch.chunk_length = htons(a_chk->send_size); 10272 } else { 10273 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) + 10274 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10275 num_dups * sizeof(int32_t); 10276 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10277 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10278 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd); 10279 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks); 10280 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks); 10281 nr_sack->nr_sack.num_dup_tsns = htons(num_dups); 10282 nr_sack->nr_sack.reserved = 0; 10283 nr_sack->ch.chunk_type = type; 10284 nr_sack->ch.chunk_flags = flags; 10285 nr_sack->ch.chunk_length = htons(a_chk->send_size); 10286 } 10287 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 10288 asoc->my_last_reported_rwnd = asoc->my_rwnd; 10289 asoc->ctrl_queue_cnt++; 10290 asoc->send_sack = 0; 10291 SCTP_STAT_INCR(sctps_sendsacks); 10292 return; 10293} 10294 10295void 10296sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked 10297#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10298 SCTP_UNUSED 10299#endif 10300) 10301{ 10302 struct mbuf *m_abort; 10303 struct mbuf *m_out = NULL, *m_end = NULL; 10304 struct sctp_abort_chunk *abort = NULL; 10305 int sz; 10306 uint32_t auth_offset = 0; 10307 struct sctp_auth_chunk *auth = NULL; 10308 10309 /*- 10310 * Add an AUTH chunk, if chunk requires it and save the offset into 10311 * the chain for AUTH 10312 */ 10313 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION, 10314 stcb->asoc.peer_auth_chunks)) { 10315 m_out = sctp_add_auth_chunk(m_out, &m_end, &auth, &auth_offset, 10316 stcb, SCTP_ABORT_ASSOCIATION); 10317 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10318 } 10319 SCTP_TCB_LOCK_ASSERT(stcb); 10320 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 10321 if (m_abort == NULL) { 10322 /* no mbuf's */ 10323 if (m_out) 10324 sctp_m_freem(m_out); 10325 return; 10326 } 10327 /* link in any error */ 10328 SCTP_BUF_NEXT(m_abort) = operr; 10329 sz = 0; 10330 if (operr) { 10331 struct mbuf *n; 10332 10333 n = operr; 10334 while (n) { 10335 sz += SCTP_BUF_LEN(n); 10336 n = SCTP_BUF_NEXT(n); 10337 } 10338 } 10339 SCTP_BUF_LEN(m_abort) = sizeof(*abort); 10340 if (m_out == NULL) { 10341 /* NO Auth chunk prepended, so reserve space in front */ 10342 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD); 10343 m_out = m_abort; 10344 } else { 10345 /* Put AUTH chunk at the front of the chain */ 10346 SCTP_BUF_NEXT(m_end) = m_abort; 10347 } 10348 10349 /* fill in the ABORT chunk */ 10350 abort = mtod(m_abort, struct sctp_abort_chunk *); 10351 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION; 10352 abort->ch.chunk_flags = 0; 10353 abort->ch.chunk_length = htons(sizeof(*abort) + sz); 10354 10355 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, 10356 stcb->asoc.primary_destination, 10357 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr, 10358 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, NULL, 0, 10359 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 10360 stcb->asoc.primary_destination->port, so_locked, NULL); 10361 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10362} 10363 10364void 10365sctp_send_shutdown_complete(struct sctp_tcb *stcb, 10366 struct sctp_nets *net, 10367 int reflect_vtag) 10368{ 10369 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10370 struct mbuf *m_shutdown_comp; 10371 struct sctp_shutdown_complete_chunk *shutdown_complete; 10372 uint32_t vtag; 10373 uint8_t flags; 10374 10375 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER); 10376 if (m_shutdown_comp == NULL) { 10377 /* no mbuf's */ 10378 return; 10379 } 10380 if (reflect_vtag) { 10381 flags = SCTP_HAD_NO_TCB; 10382 vtag = stcb->asoc.my_vtag; 10383 } else { 10384 flags = 0; 10385 vtag = stcb->asoc.peer_vtag; 10386 } 10387 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *); 10388 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10389 shutdown_complete->ch.chunk_flags = flags; 10390 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10391 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk); 10392 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 10393 (struct sockaddr *)&net->ro._l_addr, 10394 m_shutdown_comp, 0, NULL, 0, 1, 0, NULL, 0, 10395 stcb->sctp_ep->sctp_lport, stcb->rport, 10396 htonl(vtag), 10397 net->port, SCTP_SO_NOT_LOCKED, NULL); 10398 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10399 return; 10400} 10401 10402void 10403sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh, 10404 uint32_t vrf_id, uint16_t port) 10405{ 10406 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10407 struct mbuf *o_pak; 10408 struct mbuf *mout; 10409 struct ip *iph, *iph_out; 10410 struct udphdr *udp = NULL; 10411 10412#ifdef INET6 10413 struct ip6_hdr *ip6, *ip6_out; 10414 10415#endif 10416 int offset_out, len, mlen; 10417 struct sctp_shutdown_complete_msg *comp_cp; 10418 10419 iph = mtod(m, struct ip *); 10420 switch (iph->ip_v) { 10421 case IPVERSION: 10422 len = (sizeof(struct ip) + sizeof(struct sctp_shutdown_complete_msg)); 10423 break; 10424#ifdef INET6 10425 case IPV6_VERSION >> 4: 10426 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_shutdown_complete_msg)); 10427 break; 10428#endif 10429 default: 10430 return; 10431 } 10432 if (port) { 10433 len += sizeof(struct udphdr); 10434 } 10435 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 10436 if (mout == NULL) { 10437 return; 10438 } 10439 SCTP_BUF_RESV_UF(mout, max_linkhdr); 10440 SCTP_BUF_LEN(mout) = len; 10441 SCTP_BUF_NEXT(mout) = NULL; 10442 iph_out = NULL; 10443#ifdef INET6 10444 ip6_out = NULL; 10445#endif 10446 offset_out = 0; 10447 10448 switch (iph->ip_v) { 10449 case IPVERSION: 10450 iph_out = mtod(mout, struct ip *); 10451 10452 /* Fill in the IP header for the ABORT */ 10453 iph_out->ip_v = IPVERSION; 10454 iph_out->ip_hl = (sizeof(struct ip) / 4); 10455 iph_out->ip_tos = (u_char)0; 10456 iph_out->ip_id = 0; 10457 iph_out->ip_off = 0; 10458 iph_out->ip_ttl = MAXTTL; 10459 if (port) { 10460 iph_out->ip_p = IPPROTO_UDP; 10461 } else { 10462 iph_out->ip_p = IPPROTO_SCTP; 10463 } 10464 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 10465 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 10466 10467 /* let IP layer calculate this */ 10468 iph_out->ip_sum = 0; 10469 offset_out += sizeof(*iph_out); 10470 comp_cp = (struct sctp_shutdown_complete_msg *)( 10471 (caddr_t)iph_out + offset_out); 10472 break; 10473#ifdef INET6 10474 case IPV6_VERSION >> 4: 10475 ip6 = (struct ip6_hdr *)iph; 10476 ip6_out = mtod(mout, struct ip6_hdr *); 10477 10478 /* Fill in the IPv6 header for the ABORT */ 10479 ip6_out->ip6_flow = ip6->ip6_flow; 10480 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 10481 if (port) { 10482 ip6_out->ip6_nxt = IPPROTO_UDP; 10483 } else { 10484 ip6_out->ip6_nxt = IPPROTO_SCTP; 10485 } 10486 ip6_out->ip6_src = ip6->ip6_dst; 10487 ip6_out->ip6_dst = ip6->ip6_src; 10488 /* 10489 * ?? The old code had both the iph len + payload, I think 10490 * this is wrong and would never have worked 10491 */ 10492 ip6_out->ip6_plen = sizeof(struct sctp_shutdown_complete_msg); 10493 offset_out += sizeof(*ip6_out); 10494 comp_cp = (struct sctp_shutdown_complete_msg *)( 10495 (caddr_t)ip6_out + offset_out); 10496 break; 10497#endif /* INET6 */ 10498 default: 10499 /* Currently not supported. */ 10500 sctp_m_freem(mout); 10501 return; 10502 } 10503 if (port) { 10504 udp = (struct udphdr *)comp_cp; 10505 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 10506 udp->uh_dport = port; 10507 udp->uh_ulen = htons(sizeof(struct sctp_shutdown_complete_msg) + sizeof(struct udphdr)); 10508 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 10509 offset_out += sizeof(struct udphdr); 10510 comp_cp = (struct sctp_shutdown_complete_msg *)((caddr_t)comp_cp + sizeof(struct udphdr)); 10511 } 10512 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 10513 /* no mbuf's */ 10514 sctp_m_freem(mout); 10515 return; 10516 } 10517 /* Now copy in and fill in the ABORT tags etc. */ 10518 comp_cp->sh.src_port = sh->dest_port; 10519 comp_cp->sh.dest_port = sh->src_port; 10520 comp_cp->sh.checksum = 0; 10521 comp_cp->sh.v_tag = sh->v_tag; 10522 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB; 10523 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10524 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10525 10526 if (iph_out != NULL) { 10527 sctp_route_t ro; 10528 int ret; 10529 struct sctp_tcb *stcb = NULL; 10530 10531 mlen = SCTP_BUF_LEN(mout); 10532 bzero(&ro, sizeof ro); 10533 /* set IPv4 length */ 10534 iph_out->ip_len = mlen; 10535#ifdef SCTP_PACKET_LOGGING 10536 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 10537 sctp_packet_log(mout, mlen); 10538#endif 10539 if (port) { 10540 comp_cp->sh.checksum = sctp_calculate_cksum(mout, offset_out); 10541 SCTP_STAT_INCR(sctps_sendswcrc); 10542 SCTP_ENABLE_UDP_CSUM(mout); 10543 } else { 10544 mout->m_pkthdr.csum_flags = CSUM_SCTP; 10545 mout->m_pkthdr.csum_data = 0; 10546 SCTP_STAT_INCR(sctps_sendhwcrc); 10547 } 10548 SCTP_ATTACH_CHAIN(o_pak, mout, mlen); 10549 /* out it goes */ 10550 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id); 10551 10552 /* Free the route if we got one back */ 10553 if (ro.ro_rt) 10554 RTFREE(ro.ro_rt); 10555 } 10556#ifdef INET6 10557 if (ip6_out != NULL) { 10558 struct route_in6 ro; 10559 int ret; 10560 struct sctp_tcb *stcb = NULL; 10561 struct ifnet *ifp = NULL; 10562 10563 bzero(&ro, sizeof(ro)); 10564 mlen = SCTP_BUF_LEN(mout); 10565#ifdef SCTP_PACKET_LOGGING 10566 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 10567 sctp_packet_log(mout, mlen); 10568#endif 10569 SCTP_ATTACH_CHAIN(o_pak, mout, mlen); 10570 if (port) { 10571 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 10572 (stcb) && 10573 (stcb->asoc.loopback_scope))) { 10574 comp_cp->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 10575 SCTP_STAT_INCR(sctps_sendswcrc); 10576 } else { 10577 SCTP_STAT_INCR(sctps_sendnocrc); 10578 } 10579 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), mlen - sizeof(struct ip6_hdr))) == 0) { 10580 udp->uh_sum = 0xffff; 10581 } 10582 } else { 10583 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 10584 (stcb) && 10585 (stcb->asoc.loopback_scope))) { 10586 mout->m_pkthdr.csum_flags = CSUM_SCTP; 10587 mout->m_pkthdr.csum_data = 0; 10588 SCTP_STAT_INCR(sctps_sendhwcrc); 10589 } else { 10590 SCTP_STAT_INCR(sctps_sendnocrc); 10591 } 10592 } 10593 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id); 10594 10595 /* Free the route if we got one back */ 10596 if (ro.ro_rt) 10597 RTFREE(ro.ro_rt); 10598 } 10599#endif 10600 SCTP_STAT_INCR(sctps_sendpackets); 10601 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 10602 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10603 return; 10604 10605} 10606 10607static struct sctp_nets * 10608sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now) 10609{ 10610 struct sctp_nets *net, *hnet; 10611 int ms_goneby, highest_ms, state_overide = 0; 10612 10613 (void)SCTP_GETTIME_TIMEVAL(now); 10614 highest_ms = 0; 10615 hnet = NULL; 10616 SCTP_TCB_LOCK_ASSERT(stcb); 10617 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 10618 if ( 10619 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) || 10620 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE) 10621 ) { 10622 /* 10623 * Skip this guy from consideration if HB is off AND 10624 * its confirmed 10625 */ 10626 continue; 10627 } 10628 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro._l_addr) == 0) { 10629 /* skip this dest net from consideration */ 10630 continue; 10631 } 10632 if (net->last_sent_time.tv_sec) { 10633 /* Sent to so we subtract */ 10634 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000; 10635 } else 10636 /* Never been sent to */ 10637 ms_goneby = 0x7fffffff; 10638 /*- 10639 * When the address state is unconfirmed but still 10640 * considered reachable, we HB at a higher rate. Once it 10641 * goes confirmed OR reaches the "unreachable" state, thenw 10642 * we cut it back to HB at a more normal pace. 10643 */ 10644 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) { 10645 state_overide = 1; 10646 } else { 10647 state_overide = 0; 10648 } 10649 10650 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) && 10651 (ms_goneby > highest_ms)) { 10652 highest_ms = ms_goneby; 10653 hnet = net; 10654 } 10655 } 10656 if (hnet && 10657 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) { 10658 state_overide = 1; 10659 } else { 10660 state_overide = 0; 10661 } 10662 10663 if (hnet && highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) { 10664 /*- 10665 * Found the one with longest delay bounds OR it is 10666 * unconfirmed and still not marked unreachable. 10667 */ 10668 SCTPDBG(SCTP_DEBUG_OUTPUT4, "net:%p is the hb winner -", hnet); 10669#ifdef SCTP_DEBUG 10670 if (hnet) { 10671 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT4, 10672 (struct sockaddr *)&hnet->ro._l_addr); 10673 } else { 10674 SCTPDBG(SCTP_DEBUG_OUTPUT4, " none\n"); 10675 } 10676#endif 10677 /* update the timer now */ 10678 hnet->last_sent_time = *now; 10679 return (hnet); 10680 } 10681 /* Nothing to HB */ 10682 return (NULL); 10683} 10684 10685int 10686sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net) 10687{ 10688 struct sctp_tmit_chunk *chk; 10689 struct sctp_nets *net; 10690 struct sctp_heartbeat_chunk *hb; 10691 struct timeval now; 10692 struct sockaddr_in *sin; 10693 struct sockaddr_in6 *sin6; 10694 10695 SCTP_TCB_LOCK_ASSERT(stcb); 10696 if (user_req == 0) { 10697 net = sctp_select_hb_destination(stcb, &now); 10698 if (net == NULL) { 10699 /*- 10700 * All our busy none to send to, just start the 10701 * timer again. 10702 */ 10703 if (stcb->asoc.state == 0) { 10704 return (0); 10705 } 10706 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, 10707 stcb->sctp_ep, 10708 stcb, 10709 net); 10710 return (0); 10711 } 10712 } else { 10713 net = u_net; 10714 if (net == NULL) { 10715 return (0); 10716 } 10717 (void)SCTP_GETTIME_TIMEVAL(&now); 10718 } 10719 sin = (struct sockaddr_in *)&net->ro._l_addr; 10720 if (sin->sin_family != AF_INET) { 10721 if (sin->sin_family != AF_INET6) { 10722 /* huh */ 10723 return (0); 10724 } 10725 } 10726 sctp_alloc_a_chunk(stcb, chk); 10727 if (chk == NULL) { 10728 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n"); 10729 return (0); 10730 } 10731 chk->copy_by_ref = 0; 10732 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST; 10733 chk->rec.chunk_id.can_take_data = 1; 10734 chk->asoc = &stcb->asoc; 10735 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 10736 10737 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 10738 if (chk->data == NULL) { 10739 sctp_free_a_chunk(stcb, chk); 10740 return (0); 10741 } 10742 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10743 SCTP_BUF_LEN(chk->data) = chk->send_size; 10744 chk->sent = SCTP_DATAGRAM_UNSENT; 10745 chk->snd_count = 0; 10746 chk->whoTo = net; 10747 atomic_add_int(&chk->whoTo->ref_count, 1); 10748 /* Now we have a mbuf that we can fill in with the details */ 10749 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 10750 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk)); 10751 /* fill out chunk header */ 10752 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 10753 hb->ch.chunk_flags = 0; 10754 hb->ch.chunk_length = htons(chk->send_size); 10755 /* Fill out hb parameter */ 10756 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 10757 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 10758 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 10759 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 10760 /* Did our user request this one, put it in */ 10761 hb->heartbeat.hb_info.user_req = user_req; 10762 hb->heartbeat.hb_info.addr_family = sin->sin_family; 10763 hb->heartbeat.hb_info.addr_len = sin->sin_len; 10764 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 10765 /* 10766 * we only take from the entropy pool if the address is not 10767 * confirmed. 10768 */ 10769 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 10770 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 10771 } else { 10772 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 10773 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 10774 } 10775 if (sin->sin_family == AF_INET) { 10776 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr)); 10777 } else if (sin->sin_family == AF_INET6) { 10778 /* We leave the scope the way it is in our lookup table. */ 10779 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 10780 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr)); 10781 } else { 10782 /* huh compiler bug */ 10783 return (0); 10784 } 10785 10786 /* 10787 * JRS 5/14/07 - In CMT PF, the T3 timer is used to track 10788 * PF-heartbeats. Because of this, threshold management is done by 10789 * the t3 timer handler, and does not need to be done upon the send 10790 * of a PF-heartbeat. If CMT PF is on and the destination to which a 10791 * heartbeat is being sent is in PF state, do NOT do threshold 10792 * management. 10793 */ 10794 if ((SCTP_BASE_SYSCTL(sctp_cmt_pf) == 0) || ((net->dest_state & SCTP_ADDR_PF) != SCTP_ADDR_PF)) { 10795 /* ok we have a destination that needs a beat */ 10796 /* lets do the theshold management Qiaobing style */ 10797 if (sctp_threshold_management(stcb->sctp_ep, stcb, net, 10798 stcb->asoc.max_send_times)) { 10799 /*- 10800 * we have lost the association, in a way this is 10801 * quite bad since we really are one less time since 10802 * we really did not send yet. This is the down side 10803 * to the Q's style as defined in the RFC and not my 10804 * alternate style defined in the RFC. 10805 */ 10806 if (chk->data != NULL) { 10807 sctp_m_freem(chk->data); 10808 chk->data = NULL; 10809 } 10810 /* 10811 * Here we do NOT use the macro since the 10812 * association is now gone. 10813 */ 10814 if (chk->whoTo) { 10815 sctp_free_remote_addr(chk->whoTo); 10816 chk->whoTo = NULL; 10817 } 10818 sctp_free_a_chunk((struct sctp_tcb *)NULL, chk); 10819 return (-1); 10820 } 10821 } 10822 net->hb_responded = 0; 10823 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 10824 stcb->asoc.ctrl_queue_cnt++; 10825 SCTP_STAT_INCR(sctps_sendheartbeat); 10826 /*- 10827 * Call directly med level routine to put out the chunk. It will 10828 * always tumble out control chunks aka HB but it may even tumble 10829 * out data too. 10830 */ 10831 return (1); 10832} 10833 10834void 10835sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 10836 uint32_t high_tsn) 10837{ 10838 struct sctp_association *asoc; 10839 struct sctp_ecne_chunk *ecne; 10840 struct sctp_tmit_chunk *chk; 10841 10842 asoc = &stcb->asoc; 10843 SCTP_TCB_LOCK_ASSERT(stcb); 10844 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10845 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 10846 /* found a previous ECN_ECHO update it if needed */ 10847 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 10848 ecne->tsn = htonl(high_tsn); 10849 return; 10850 } 10851 } 10852 /* nope could not find one to update so we must build one */ 10853 sctp_alloc_a_chunk(stcb, chk); 10854 if (chk == NULL) { 10855 return; 10856 } 10857 chk->copy_by_ref = 0; 10858 SCTP_STAT_INCR(sctps_sendecne); 10859 chk->rec.chunk_id.id = SCTP_ECN_ECHO; 10860 chk->rec.chunk_id.can_take_data = 0; 10861 chk->asoc = &stcb->asoc; 10862 chk->send_size = sizeof(struct sctp_ecne_chunk); 10863 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 10864 if (chk->data == NULL) { 10865 sctp_free_a_chunk(stcb, chk); 10866 return; 10867 } 10868 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10869 SCTP_BUF_LEN(chk->data) = chk->send_size; 10870 chk->sent = SCTP_DATAGRAM_UNSENT; 10871 chk->snd_count = 0; 10872 chk->whoTo = net; 10873 atomic_add_int(&chk->whoTo->ref_count, 1); 10874 stcb->asoc.ecn_echo_cnt_onq++; 10875 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 10876 ecne->ch.chunk_type = SCTP_ECN_ECHO; 10877 ecne->ch.chunk_flags = 0; 10878 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 10879 ecne->tsn = htonl(high_tsn); 10880 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 10881 asoc->ctrl_queue_cnt++; 10882} 10883 10884void 10885sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 10886 struct mbuf *m, int iphlen, int bad_crc) 10887{ 10888 struct sctp_association *asoc; 10889 struct sctp_pktdrop_chunk *drp; 10890 struct sctp_tmit_chunk *chk; 10891 uint8_t *datap; 10892 int len; 10893 int was_trunc = 0; 10894 struct ip *iph; 10895 10896#ifdef INET6 10897 struct ip6_hdr *ip6h; 10898 10899#endif 10900 int fullsz = 0, extra = 0; 10901 long spc; 10902 int offset; 10903 struct sctp_chunkhdr *ch, chunk_buf; 10904 unsigned int chk_length; 10905 10906 if (!stcb) { 10907 return; 10908 } 10909 asoc = &stcb->asoc; 10910 SCTP_TCB_LOCK_ASSERT(stcb); 10911 if (asoc->peer_supports_pktdrop == 0) { 10912 /*- 10913 * peer must declare support before I send one. 10914 */ 10915 return; 10916 } 10917 if (stcb->sctp_socket == NULL) { 10918 return; 10919 } 10920 sctp_alloc_a_chunk(stcb, chk); 10921 if (chk == NULL) { 10922 return; 10923 } 10924 chk->copy_by_ref = 0; 10925 iph = mtod(m, struct ip *); 10926 if (iph == NULL) { 10927 sctp_free_a_chunk(stcb, chk); 10928 return; 10929 } 10930 switch (iph->ip_v) { 10931 case IPVERSION: 10932 /* IPv4 */ 10933 len = chk->send_size = iph->ip_len; 10934 break; 10935#ifdef INET6 10936 case IPV6_VERSION >> 4: 10937 /* IPv6 */ 10938 ip6h = mtod(m, struct ip6_hdr *); 10939 len = chk->send_size = htons(ip6h->ip6_plen); 10940 break; 10941#endif 10942 default: 10943 return; 10944 } 10945 /* Validate that we do not have an ABORT in here. */ 10946 offset = iphlen + sizeof(struct sctphdr); 10947 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 10948 sizeof(*ch), (uint8_t *) & chunk_buf); 10949 while (ch != NULL) { 10950 chk_length = ntohs(ch->chunk_length); 10951 if (chk_length < sizeof(*ch)) { 10952 /* break to abort land */ 10953 break; 10954 } 10955 switch (ch->chunk_type) { 10956 case SCTP_PACKET_DROPPED: 10957 case SCTP_ABORT_ASSOCIATION: 10958 /*- 10959 * we don't respond with an PKT-DROP to an ABORT 10960 * or PKT-DROP 10961 */ 10962 sctp_free_a_chunk(stcb, chk); 10963 return; 10964 default: 10965 break; 10966 } 10967 offset += SCTP_SIZE32(chk_length); 10968 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 10969 sizeof(*ch), (uint8_t *) & chunk_buf); 10970 } 10971 10972 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) > 10973 min(stcb->asoc.smallest_mtu, MCLBYTES)) { 10974 /* 10975 * only send 1 mtu worth, trim off the excess on the end. 10976 */ 10977 fullsz = len - extra; 10978 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD; 10979 was_trunc = 1; 10980 } 10981 chk->asoc = &stcb->asoc; 10982 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 10983 if (chk->data == NULL) { 10984jump_out: 10985 sctp_free_a_chunk(stcb, chk); 10986 return; 10987 } 10988 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10989 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 10990 if (drp == NULL) { 10991 sctp_m_freem(chk->data); 10992 chk->data = NULL; 10993 goto jump_out; 10994 } 10995 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 10996 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD)); 10997 chk->book_size_scale = 0; 10998 if (was_trunc) { 10999 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 11000 drp->trunc_len = htons(fullsz); 11001 /* 11002 * Len is already adjusted to size minus overhead above take 11003 * out the pkt_drop chunk itself from it. 11004 */ 11005 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk); 11006 len = chk->send_size; 11007 } else { 11008 /* no truncation needed */ 11009 drp->ch.chunk_flags = 0; 11010 drp->trunc_len = htons(0); 11011 } 11012 if (bad_crc) { 11013 drp->ch.chunk_flags |= SCTP_BADCRC; 11014 } 11015 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 11016 SCTP_BUF_LEN(chk->data) = chk->send_size; 11017 chk->sent = SCTP_DATAGRAM_UNSENT; 11018 chk->snd_count = 0; 11019 if (net) { 11020 /* we should hit here */ 11021 chk->whoTo = net; 11022 } else { 11023 chk->whoTo = asoc->primary_destination; 11024 } 11025 atomic_add_int(&chk->whoTo->ref_count, 1); 11026 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED; 11027 chk->rec.chunk_id.can_take_data = 1; 11028 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 11029 drp->ch.chunk_length = htons(chk->send_size); 11030 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket); 11031 if (spc < 0) { 11032 spc = 0; 11033 } 11034 drp->bottle_bw = htonl(spc); 11035 if (asoc->my_rwnd) { 11036 drp->current_onq = htonl(asoc->size_on_reasm_queue + 11037 asoc->size_on_all_streams + 11038 asoc->my_rwnd_control_len + 11039 stcb->sctp_socket->so_rcv.sb_cc); 11040 } else { 11041 /*- 11042 * If my rwnd is 0, possibly from mbuf depletion as well as 11043 * space used, tell the peer there is NO space aka onq == bw 11044 */ 11045 drp->current_onq = htonl(spc); 11046 } 11047 drp->reserved = 0; 11048 datap = drp->data; 11049 m_copydata(m, iphlen, len, (caddr_t)datap); 11050 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11051 asoc->ctrl_queue_cnt++; 11052} 11053 11054void 11055sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn) 11056{ 11057 struct sctp_association *asoc; 11058 struct sctp_cwr_chunk *cwr; 11059 struct sctp_tmit_chunk *chk; 11060 11061 asoc = &stcb->asoc; 11062 SCTP_TCB_LOCK_ASSERT(stcb); 11063 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 11064 if (chk->rec.chunk_id.id == SCTP_ECN_CWR) { 11065 /* found a previous ECN_CWR update it if needed */ 11066 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11067 if (compare_with_wrap(high_tsn, ntohl(cwr->tsn), 11068 MAX_TSN)) { 11069 cwr->tsn = htonl(high_tsn); 11070 } 11071 return; 11072 } 11073 } 11074 /* nope could not find one to update so we must build one */ 11075 sctp_alloc_a_chunk(stcb, chk); 11076 if (chk == NULL) { 11077 return; 11078 } 11079 chk->copy_by_ref = 0; 11080 chk->rec.chunk_id.id = SCTP_ECN_CWR; 11081 chk->rec.chunk_id.can_take_data = 1; 11082 chk->asoc = &stcb->asoc; 11083 chk->send_size = sizeof(struct sctp_cwr_chunk); 11084 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 11085 if (chk->data == NULL) { 11086 sctp_free_a_chunk(stcb, chk); 11087 return; 11088 } 11089 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11090 SCTP_BUF_LEN(chk->data) = chk->send_size; 11091 chk->sent = SCTP_DATAGRAM_UNSENT; 11092 chk->snd_count = 0; 11093 chk->whoTo = net; 11094 atomic_add_int(&chk->whoTo->ref_count, 1); 11095 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11096 cwr->ch.chunk_type = SCTP_ECN_CWR; 11097 cwr->ch.chunk_flags = 0; 11098 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 11099 cwr->tsn = htonl(high_tsn); 11100 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11101 asoc->ctrl_queue_cnt++; 11102} 11103 11104void 11105sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk, 11106 int number_entries, uint16_t * list, 11107 uint32_t seq, uint32_t resp_seq, uint32_t last_sent) 11108{ 11109 int len, old_len, i; 11110 struct sctp_stream_reset_out_request *req_out; 11111 struct sctp_chunkhdr *ch; 11112 11113 ch = mtod(chk->data, struct sctp_chunkhdr *); 11114 11115 11116 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11117 11118 /* get to new offset for the param. */ 11119 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len); 11120 /* now how long will this param be? */ 11121 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries)); 11122 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST); 11123 req_out->ph.param_length = htons(len); 11124 req_out->request_seq = htonl(seq); 11125 req_out->response_seq = htonl(resp_seq); 11126 req_out->send_reset_at_tsn = htonl(last_sent); 11127 if (number_entries) { 11128 for (i = 0; i < number_entries; i++) { 11129 req_out->list_of_streams[i] = htons(list[i]); 11130 } 11131 } 11132 if (SCTP_SIZE32(len) > len) { 11133 /*- 11134 * Need to worry about the pad we may end up adding to the 11135 * end. This is easy since the struct is either aligned to 4 11136 * bytes or 2 bytes off. 11137 */ 11138 req_out->list_of_streams[number_entries] = 0; 11139 } 11140 /* now fix the chunk length */ 11141 ch->chunk_length = htons(len + old_len); 11142 chk->book_size = len + old_len; 11143 chk->book_size_scale = 0; 11144 chk->send_size = SCTP_SIZE32(chk->book_size); 11145 SCTP_BUF_LEN(chk->data) = chk->send_size; 11146 return; 11147} 11148 11149 11150void 11151sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk, 11152 int number_entries, uint16_t * list, 11153 uint32_t seq) 11154{ 11155 int len, old_len, i; 11156 struct sctp_stream_reset_in_request *req_in; 11157 struct sctp_chunkhdr *ch; 11158 11159 ch = mtod(chk->data, struct sctp_chunkhdr *); 11160 11161 11162 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11163 11164 /* get to new offset for the param. */ 11165 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len); 11166 /* now how long will this param be? */ 11167 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries)); 11168 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST); 11169 req_in->ph.param_length = htons(len); 11170 req_in->request_seq = htonl(seq); 11171 if (number_entries) { 11172 for (i = 0; i < number_entries; i++) { 11173 req_in->list_of_streams[i] = htons(list[i]); 11174 } 11175 } 11176 if (SCTP_SIZE32(len) > len) { 11177 /*- 11178 * Need to worry about the pad we may end up adding to the 11179 * end. This is easy since the struct is either aligned to 4 11180 * bytes or 2 bytes off. 11181 */ 11182 req_in->list_of_streams[number_entries] = 0; 11183 } 11184 /* now fix the chunk length */ 11185 ch->chunk_length = htons(len + old_len); 11186 chk->book_size = len + old_len; 11187 chk->book_size_scale = 0; 11188 chk->send_size = SCTP_SIZE32(chk->book_size); 11189 SCTP_BUF_LEN(chk->data) = chk->send_size; 11190 return; 11191} 11192 11193 11194void 11195sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk, 11196 uint32_t seq) 11197{ 11198 int len, old_len; 11199 struct sctp_stream_reset_tsn_request *req_tsn; 11200 struct sctp_chunkhdr *ch; 11201 11202 ch = mtod(chk->data, struct sctp_chunkhdr *); 11203 11204 11205 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11206 11207 /* get to new offset for the param. */ 11208 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len); 11209 /* now how long will this param be? */ 11210 len = sizeof(struct sctp_stream_reset_tsn_request); 11211 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST); 11212 req_tsn->ph.param_length = htons(len); 11213 req_tsn->request_seq = htonl(seq); 11214 11215 /* now fix the chunk length */ 11216 ch->chunk_length = htons(len + old_len); 11217 chk->send_size = len + old_len; 11218 chk->book_size = SCTP_SIZE32(chk->send_size); 11219 chk->book_size_scale = 0; 11220 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11221 return; 11222} 11223 11224void 11225sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk, 11226 uint32_t resp_seq, uint32_t result) 11227{ 11228 int len, old_len; 11229 struct sctp_stream_reset_response *resp; 11230 struct sctp_chunkhdr *ch; 11231 11232 ch = mtod(chk->data, struct sctp_chunkhdr *); 11233 11234 11235 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11236 11237 /* get to new offset for the param. */ 11238 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len); 11239 /* now how long will this param be? */ 11240 len = sizeof(struct sctp_stream_reset_response); 11241 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11242 resp->ph.param_length = htons(len); 11243 resp->response_seq = htonl(resp_seq); 11244 resp->result = ntohl(result); 11245 11246 /* now fix the chunk length */ 11247 ch->chunk_length = htons(len + old_len); 11248 chk->book_size = len + old_len; 11249 chk->book_size_scale = 0; 11250 chk->send_size = SCTP_SIZE32(chk->book_size); 11251 SCTP_BUF_LEN(chk->data) = chk->send_size; 11252 return; 11253 11254} 11255 11256 11257void 11258sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk, 11259 uint32_t resp_seq, uint32_t result, 11260 uint32_t send_una, uint32_t recv_next) 11261{ 11262 int len, old_len; 11263 struct sctp_stream_reset_response_tsn *resp; 11264 struct sctp_chunkhdr *ch; 11265 11266 ch = mtod(chk->data, struct sctp_chunkhdr *); 11267 11268 11269 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11270 11271 /* get to new offset for the param. */ 11272 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len); 11273 /* now how long will this param be? */ 11274 len = sizeof(struct sctp_stream_reset_response_tsn); 11275 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11276 resp->ph.param_length = htons(len); 11277 resp->response_seq = htonl(resp_seq); 11278 resp->result = htonl(result); 11279 resp->senders_next_tsn = htonl(send_una); 11280 resp->receivers_next_tsn = htonl(recv_next); 11281 11282 /* now fix the chunk length */ 11283 ch->chunk_length = htons(len + old_len); 11284 chk->book_size = len + old_len; 11285 chk->send_size = SCTP_SIZE32(chk->book_size); 11286 chk->book_size_scale = 0; 11287 SCTP_BUF_LEN(chk->data) = chk->send_size; 11288 return; 11289} 11290 11291static void 11292sctp_add_a_stream(struct sctp_tmit_chunk *chk, 11293 uint32_t seq, 11294 uint16_t adding) 11295{ 11296 int len, old_len; 11297 struct sctp_chunkhdr *ch; 11298 struct sctp_stream_reset_add_strm *addstr; 11299 11300 ch = mtod(chk->data, struct sctp_chunkhdr *); 11301 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11302 11303 /* get to new offset for the param. */ 11304 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 11305 /* now how long will this param be? */ 11306 len = sizeof(struct sctp_stream_reset_add_strm); 11307 11308 /* Fill it out. */ 11309 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_STREAMS); 11310 addstr->ph.param_length = htons(len); 11311 addstr->request_seq = htonl(seq); 11312 addstr->number_of_streams = htons(adding); 11313 addstr->reserved = 0; 11314 11315 /* now fix the chunk length */ 11316 ch->chunk_length = htons(len + old_len); 11317 chk->send_size = len + old_len; 11318 chk->book_size = SCTP_SIZE32(chk->send_size); 11319 chk->book_size_scale = 0; 11320 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11321 return; 11322} 11323 11324int 11325sctp_send_str_reset_req(struct sctp_tcb *stcb, 11326 int number_entries, uint16_t * list, 11327 uint8_t send_out_req, 11328 uint32_t resp_seq, 11329 uint8_t send_in_req, 11330 uint8_t send_tsn_req, 11331 uint8_t add_stream, 11332 uint16_t adding 11333) 11334{ 11335 11336 struct sctp_association *asoc; 11337 struct sctp_tmit_chunk *chk; 11338 struct sctp_chunkhdr *ch; 11339 uint32_t seq; 11340 11341 asoc = &stcb->asoc; 11342 if (asoc->stream_reset_outstanding) { 11343 /*- 11344 * Already one pending, must get ACK back to clear the flag. 11345 */ 11346 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY); 11347 return (EBUSY); 11348 } 11349 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0) && 11350 (add_stream == 0)) { 11351 /* nothing to do */ 11352 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11353 return (EINVAL); 11354 } 11355 if (send_tsn_req && (send_out_req || send_in_req)) { 11356 /* error, can't do that */ 11357 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11358 return (EINVAL); 11359 } 11360 sctp_alloc_a_chunk(stcb, chk); 11361 if (chk == NULL) { 11362 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11363 return (ENOMEM); 11364 } 11365 chk->copy_by_ref = 0; 11366 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 11367 chk->rec.chunk_id.can_take_data = 0; 11368 chk->asoc = &stcb->asoc; 11369 chk->book_size = sizeof(struct sctp_chunkhdr); 11370 chk->send_size = SCTP_SIZE32(chk->book_size); 11371 chk->book_size_scale = 0; 11372 11373 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 11374 if (chk->data == NULL) { 11375 sctp_free_a_chunk(stcb, chk); 11376 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11377 return (ENOMEM); 11378 } 11379 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11380 11381 /* setup chunk parameters */ 11382 chk->sent = SCTP_DATAGRAM_UNSENT; 11383 chk->snd_count = 0; 11384 chk->whoTo = asoc->primary_destination; 11385 atomic_add_int(&chk->whoTo->ref_count, 1); 11386 11387 ch = mtod(chk->data, struct sctp_chunkhdr *); 11388 ch->chunk_type = SCTP_STREAM_RESET; 11389 ch->chunk_flags = 0; 11390 ch->chunk_length = htons(chk->book_size); 11391 SCTP_BUF_LEN(chk->data) = chk->send_size; 11392 11393 seq = stcb->asoc.str_reset_seq_out; 11394 if (send_out_req) { 11395 sctp_add_stream_reset_out(chk, number_entries, list, 11396 seq, resp_seq, (stcb->asoc.sending_seq - 1)); 11397 asoc->stream_reset_out_is_outstanding = 1; 11398 seq++; 11399 asoc->stream_reset_outstanding++; 11400 } 11401 if (add_stream) { 11402 sctp_add_a_stream(chk, seq, adding); 11403 seq++; 11404 asoc->stream_reset_outstanding++; 11405 } 11406 if (send_in_req) { 11407 sctp_add_stream_reset_in(chk, number_entries, list, seq); 11408 asoc->stream_reset_outstanding++; 11409 } 11410 if (send_tsn_req) { 11411 sctp_add_stream_reset_tsn(chk, seq); 11412 asoc->stream_reset_outstanding++; 11413 } 11414 asoc->str_reset = chk; 11415 11416 /* insert the chunk for sending */ 11417 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 11418 chk, 11419 sctp_next); 11420 asoc->ctrl_queue_cnt++; 11421 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 11422 return (0); 11423} 11424 11425void 11426sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag, 11427 struct mbuf *err_cause, uint32_t vrf_id, uint16_t port) 11428{ 11429 /*- 11430 * Formulate the abort message, and send it back down. 11431 */ 11432 struct mbuf *o_pak; 11433 struct mbuf *mout; 11434 struct sctp_abort_msg *abm; 11435 struct ip *iph, *iph_out; 11436 struct udphdr *udp; 11437 11438#ifdef INET6 11439 struct ip6_hdr *ip6, *ip6_out; 11440 11441#endif 11442 int iphlen_out, len; 11443 11444 /* don't respond to ABORT with ABORT */ 11445 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 11446 if (err_cause) 11447 sctp_m_freem(err_cause); 11448 return; 11449 } 11450 iph = mtod(m, struct ip *); 11451 switch (iph->ip_v) { 11452 case IPVERSION: 11453 len = (sizeof(struct ip) + sizeof(struct sctp_abort_msg)); 11454 break; 11455#ifdef INET6 11456 case IPV6_VERSION >> 4: 11457 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_abort_msg)); 11458 break; 11459#endif 11460 default: 11461 if (err_cause) { 11462 sctp_m_freem(err_cause); 11463 } 11464 return; 11465 } 11466 if (port) { 11467 len += sizeof(struct udphdr); 11468 } 11469 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 11470 if (mout == NULL) { 11471 if (err_cause) { 11472 sctp_m_freem(err_cause); 11473 } 11474 return; 11475 } 11476 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11477 SCTP_BUF_LEN(mout) = len; 11478 SCTP_BUF_NEXT(mout) = err_cause; 11479 iph_out = NULL; 11480#ifdef INET6 11481 ip6_out = NULL; 11482#endif 11483 switch (iph->ip_v) { 11484 case IPVERSION: 11485 iph_out = mtod(mout, struct ip *); 11486 11487 /* Fill in the IP header for the ABORT */ 11488 iph_out->ip_v = IPVERSION; 11489 iph_out->ip_hl = (sizeof(struct ip) / 4); 11490 iph_out->ip_tos = (u_char)0; 11491 iph_out->ip_id = 0; 11492 iph_out->ip_off = 0; 11493 iph_out->ip_ttl = MAXTTL; 11494 if (port) { 11495 iph_out->ip_p = IPPROTO_UDP; 11496 } else { 11497 iph_out->ip_p = IPPROTO_SCTP; 11498 } 11499 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 11500 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 11501 /* let IP layer calculate this */ 11502 iph_out->ip_sum = 0; 11503 11504 iphlen_out = sizeof(*iph_out); 11505 abm = (struct sctp_abort_msg *)((caddr_t)iph_out + iphlen_out); 11506 break; 11507#ifdef INET6 11508 case IPV6_VERSION >> 4: 11509 ip6 = (struct ip6_hdr *)iph; 11510 ip6_out = mtod(mout, struct ip6_hdr *); 11511 11512 /* Fill in the IP6 header for the ABORT */ 11513 ip6_out->ip6_flow = ip6->ip6_flow; 11514 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11515 if (port) { 11516 ip6_out->ip6_nxt = IPPROTO_UDP; 11517 } else { 11518 ip6_out->ip6_nxt = IPPROTO_SCTP; 11519 } 11520 ip6_out->ip6_src = ip6->ip6_dst; 11521 ip6_out->ip6_dst = ip6->ip6_src; 11522 11523 iphlen_out = sizeof(*ip6_out); 11524 abm = (struct sctp_abort_msg *)((caddr_t)ip6_out + iphlen_out); 11525 break; 11526#endif /* INET6 */ 11527 default: 11528 /* Currently not supported */ 11529 sctp_m_freem(mout); 11530 return; 11531 } 11532 11533 udp = (struct udphdr *)abm; 11534 if (port) { 11535 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11536 udp->uh_dport = port; 11537 /* set udp->uh_ulen later */ 11538 udp->uh_sum = 0; 11539 iphlen_out += sizeof(struct udphdr); 11540 abm = (struct sctp_abort_msg *)((caddr_t)abm + sizeof(struct udphdr)); 11541 } 11542 abm->sh.src_port = sh->dest_port; 11543 abm->sh.dest_port = sh->src_port; 11544 abm->sh.checksum = 0; 11545 if (vtag == 0) { 11546 abm->sh.v_tag = sh->v_tag; 11547 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB; 11548 } else { 11549 abm->sh.v_tag = htonl(vtag); 11550 abm->msg.ch.chunk_flags = 0; 11551 } 11552 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION; 11553 11554 if (err_cause) { 11555 struct mbuf *m_tmp = err_cause; 11556 int err_len = 0; 11557 11558 /* get length of the err_cause chain */ 11559 while (m_tmp != NULL) { 11560 err_len += SCTP_BUF_LEN(m_tmp); 11561 m_tmp = SCTP_BUF_NEXT(m_tmp); 11562 } 11563 len = SCTP_BUF_LEN(mout) + err_len; 11564 if (err_len % 4) { 11565 /* need pad at end of chunk */ 11566 uint32_t cpthis = 0; 11567 int padlen; 11568 11569 padlen = 4 - (len % 4); 11570 m_copyback(mout, len, padlen, (caddr_t)&cpthis); 11571 len += padlen; 11572 } 11573 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len); 11574 } else { 11575 len = SCTP_BUF_LEN(mout); 11576 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch)); 11577 } 11578 11579 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11580 /* no mbuf's */ 11581 sctp_m_freem(mout); 11582 return; 11583 } 11584 if (iph_out != NULL) { 11585 sctp_route_t ro; 11586 struct sctp_tcb *stcb = NULL; 11587 int ret; 11588 11589 /* zap the stack pointer to the route */ 11590 bzero(&ro, sizeof ro); 11591 if (port) { 11592 udp->uh_ulen = htons(len - sizeof(struct ip)); 11593 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11594 } 11595 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip_output:\n"); 11596 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, iph_out, &abm->sh); 11597 /* set IPv4 length */ 11598 iph_out->ip_len = len; 11599 /* out it goes */ 11600#ifdef SCTP_PACKET_LOGGING 11601 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11602 sctp_packet_log(mout, len); 11603#endif 11604 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11605 if (port) { 11606 abm->sh.checksum = sctp_calculate_cksum(mout, iphlen_out); 11607 SCTP_STAT_INCR(sctps_sendswcrc); 11608 SCTP_ENABLE_UDP_CSUM(o_pak); 11609 } else { 11610 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11611 mout->m_pkthdr.csum_data = 0; 11612 SCTP_STAT_INCR(sctps_sendhwcrc); 11613 } 11614 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id); 11615 11616 /* Free the route if we got one back */ 11617 if (ro.ro_rt) 11618 RTFREE(ro.ro_rt); 11619 } 11620#ifdef INET6 11621 if (ip6_out != NULL) { 11622 struct route_in6 ro; 11623 int ret; 11624 struct sctp_tcb *stcb = NULL; 11625 struct ifnet *ifp = NULL; 11626 11627 /* zap the stack pointer to the route */ 11628 bzero(&ro, sizeof(ro)); 11629 if (port) { 11630 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr)); 11631 } 11632 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip6_output:\n"); 11633 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, (struct ip *)ip6_out, &abm->sh); 11634 ip6_out->ip6_plen = len - sizeof(*ip6_out); 11635#ifdef SCTP_PACKET_LOGGING 11636 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11637 sctp_packet_log(mout, len); 11638#endif 11639 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11640 if (port) { 11641 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11642 (stcb) && 11643 (stcb->asoc.loopback_scope))) { 11644 abm->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11645 SCTP_STAT_INCR(sctps_sendswcrc); 11646 } else { 11647 SCTP_STAT_INCR(sctps_sendnocrc); 11648 } 11649 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11650 udp->uh_sum = 0xffff; 11651 } 11652 } else { 11653 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11654 (stcb) && 11655 (stcb->asoc.loopback_scope))) { 11656 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11657 mout->m_pkthdr.csum_data = 0; 11658 SCTP_STAT_INCR(sctps_sendhwcrc); 11659 } else { 11660 SCTP_STAT_INCR(sctps_sendnocrc); 11661 } 11662 } 11663 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id); 11664 11665 /* Free the route if we got one back */ 11666 if (ro.ro_rt) 11667 RTFREE(ro.ro_rt); 11668 } 11669#endif 11670 SCTP_STAT_INCR(sctps_sendpackets); 11671 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11672 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11673} 11674 11675void 11676sctp_send_operr_to(struct mbuf *m, int iphlen, struct mbuf *scm, uint32_t vtag, 11677 uint32_t vrf_id, uint16_t port) 11678{ 11679 struct mbuf *o_pak; 11680 struct sctphdr *sh, *sh_out; 11681 struct sctp_chunkhdr *ch; 11682 struct ip *iph, *iph_out; 11683 struct udphdr *udp = NULL; 11684 struct mbuf *mout; 11685 11686#ifdef INET6 11687 struct ip6_hdr *ip6, *ip6_out; 11688 11689#endif 11690 int iphlen_out, len; 11691 11692 iph = mtod(m, struct ip *); 11693 sh = (struct sctphdr *)((caddr_t)iph + iphlen); 11694 switch (iph->ip_v) { 11695 case IPVERSION: 11696 len = (sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)); 11697 break; 11698#ifdef INET6 11699 case IPV6_VERSION >> 4: 11700 len = (sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)); 11701 break; 11702#endif 11703 default: 11704 if (scm) { 11705 sctp_m_freem(scm); 11706 } 11707 return; 11708 } 11709 if (port) { 11710 len += sizeof(struct udphdr); 11711 } 11712 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 11713 if (mout == NULL) { 11714 if (scm) { 11715 sctp_m_freem(scm); 11716 } 11717 return; 11718 } 11719 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11720 SCTP_BUF_LEN(mout) = len; 11721 SCTP_BUF_NEXT(mout) = scm; 11722 iph_out = NULL; 11723#ifdef INET6 11724 ip6_out = NULL; 11725#endif 11726 switch (iph->ip_v) { 11727 case IPVERSION: 11728 iph_out = mtod(mout, struct ip *); 11729 11730 /* Fill in the IP header for the ABORT */ 11731 iph_out->ip_v = IPVERSION; 11732 iph_out->ip_hl = (sizeof(struct ip) / 4); 11733 iph_out->ip_tos = (u_char)0; 11734 iph_out->ip_id = 0; 11735 iph_out->ip_off = 0; 11736 iph_out->ip_ttl = MAXTTL; 11737 if (port) { 11738 iph_out->ip_p = IPPROTO_UDP; 11739 } else { 11740 iph_out->ip_p = IPPROTO_SCTP; 11741 } 11742 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 11743 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 11744 /* let IP layer calculate this */ 11745 iph_out->ip_sum = 0; 11746 11747 iphlen_out = sizeof(struct ip); 11748 sh_out = (struct sctphdr *)((caddr_t)iph_out + iphlen_out); 11749 break; 11750#ifdef INET6 11751 case IPV6_VERSION >> 4: 11752 ip6 = (struct ip6_hdr *)iph; 11753 ip6_out = mtod(mout, struct ip6_hdr *); 11754 11755 /* Fill in the IP6 header for the ABORT */ 11756 ip6_out->ip6_flow = ip6->ip6_flow; 11757 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11758 if (port) { 11759 ip6_out->ip6_nxt = IPPROTO_UDP; 11760 } else { 11761 ip6_out->ip6_nxt = IPPROTO_SCTP; 11762 } 11763 ip6_out->ip6_src = ip6->ip6_dst; 11764 ip6_out->ip6_dst = ip6->ip6_src; 11765 11766 iphlen_out = sizeof(struct ip6_hdr); 11767 sh_out = (struct sctphdr *)((caddr_t)ip6_out + iphlen_out); 11768 break; 11769#endif /* INET6 */ 11770 default: 11771 /* Currently not supported */ 11772 sctp_m_freem(mout); 11773 return; 11774 } 11775 11776 udp = (struct udphdr *)sh_out; 11777 if (port) { 11778 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11779 udp->uh_dport = port; 11780 /* set udp->uh_ulen later */ 11781 udp->uh_sum = 0; 11782 iphlen_out += sizeof(struct udphdr); 11783 sh_out = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 11784 } 11785 sh_out->src_port = sh->dest_port; 11786 sh_out->dest_port = sh->src_port; 11787 sh_out->v_tag = vtag; 11788 sh_out->checksum = 0; 11789 11790 ch = (struct sctp_chunkhdr *)((caddr_t)sh_out + sizeof(struct sctphdr)); 11791 ch->chunk_type = SCTP_OPERATION_ERROR; 11792 ch->chunk_flags = 0; 11793 11794 if (scm) { 11795 struct mbuf *m_tmp = scm; 11796 int cause_len = 0; 11797 11798 /* get length of the err_cause chain */ 11799 while (m_tmp != NULL) { 11800 cause_len += SCTP_BUF_LEN(m_tmp); 11801 m_tmp = SCTP_BUF_NEXT(m_tmp); 11802 } 11803 len = SCTP_BUF_LEN(mout) + cause_len; 11804 if (cause_len % 4) { 11805 /* need pad at end of chunk */ 11806 uint32_t cpthis = 0; 11807 int padlen; 11808 11809 padlen = 4 - (len % 4); 11810 m_copyback(mout, len, padlen, (caddr_t)&cpthis); 11811 len += padlen; 11812 } 11813 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len); 11814 } else { 11815 len = SCTP_BUF_LEN(mout); 11816 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr)); 11817 } 11818 11819 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11820 /* no mbuf's */ 11821 sctp_m_freem(mout); 11822 return; 11823 } 11824 if (iph_out != NULL) { 11825 sctp_route_t ro; 11826 struct sctp_tcb *stcb = NULL; 11827 int ret; 11828 11829 /* zap the stack pointer to the route */ 11830 bzero(&ro, sizeof ro); 11831 if (port) { 11832 udp->uh_ulen = htons(len - sizeof(struct ip)); 11833 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11834 } 11835 /* set IPv4 length */ 11836 iph_out->ip_len = len; 11837 /* out it goes */ 11838#ifdef SCTP_PACKET_LOGGING 11839 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11840 sctp_packet_log(mout, len); 11841#endif 11842 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11843 if (port) { 11844 sh_out->checksum = sctp_calculate_cksum(mout, iphlen_out); 11845 SCTP_STAT_INCR(sctps_sendswcrc); 11846 SCTP_ENABLE_UDP_CSUM(o_pak); 11847 } else { 11848 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11849 mout->m_pkthdr.csum_data = 0; 11850 SCTP_STAT_INCR(sctps_sendhwcrc); 11851 } 11852 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id); 11853 11854 /* Free the route if we got one back */ 11855 if (ro.ro_rt) 11856 RTFREE(ro.ro_rt); 11857 } 11858#ifdef INET6 11859 if (ip6_out != NULL) { 11860 struct route_in6 ro; 11861 int ret; 11862 struct sctp_tcb *stcb = NULL; 11863 struct ifnet *ifp = NULL; 11864 11865 /* zap the stack pointer to the route */ 11866 bzero(&ro, sizeof(ro)); 11867 if (port) { 11868 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr)); 11869 } 11870 ip6_out->ip6_plen = len - sizeof(*ip6_out); 11871#ifdef SCTP_PACKET_LOGGING 11872 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11873 sctp_packet_log(mout, len); 11874#endif 11875 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11876 if (port) { 11877 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11878 (stcb) && 11879 (stcb->asoc.loopback_scope))) { 11880 sh_out->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11881 SCTP_STAT_INCR(sctps_sendswcrc); 11882 } else { 11883 SCTP_STAT_INCR(sctps_sendnocrc); 11884 } 11885 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11886 udp->uh_sum = 0xffff; 11887 } 11888 } else { 11889 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11890 (stcb) && 11891 (stcb->asoc.loopback_scope))) { 11892 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11893 mout->m_pkthdr.csum_data = 0; 11894 SCTP_STAT_INCR(sctps_sendhwcrc); 11895 } else { 11896 SCTP_STAT_INCR(sctps_sendnocrc); 11897 } 11898 } 11899 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id); 11900 11901 /* Free the route if we got one back */ 11902 if (ro.ro_rt) 11903 RTFREE(ro.ro_rt); 11904 } 11905#endif 11906 SCTP_STAT_INCR(sctps_sendpackets); 11907 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11908 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11909} 11910 11911static struct mbuf * 11912sctp_copy_resume(struct sctp_stream_queue_pending *sp, 11913 struct uio *uio, 11914 struct sctp_sndrcvinfo *srcv, 11915 int max_send_len, 11916 int user_marks_eor, 11917 int *error, 11918 uint32_t * sndout, 11919 struct mbuf **new_tail) 11920{ 11921 struct mbuf *m; 11922 11923 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0, 11924 (M_PKTHDR | (user_marks_eor ? M_EOR : 0))); 11925 if (m == NULL) { 11926 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11927 *error = ENOMEM; 11928 } else { 11929 *sndout = m_length(m, NULL); 11930 *new_tail = m_last(m); 11931 } 11932 return (m); 11933} 11934 11935static int 11936sctp_copy_one(struct sctp_stream_queue_pending *sp, 11937 struct uio *uio, 11938 int resv_upfront) 11939{ 11940 int left; 11941 11942 left = sp->length; 11943 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, 11944 resv_upfront, 0); 11945 if (sp->data == NULL) { 11946 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11947 return (ENOMEM); 11948 } 11949 sp->tail_mbuf = m_last(sp->data); 11950 return (0); 11951} 11952 11953 11954 11955static struct sctp_stream_queue_pending * 11956sctp_copy_it_in(struct sctp_tcb *stcb, 11957 struct sctp_association *asoc, 11958 struct sctp_sndrcvinfo *srcv, 11959 struct uio *uio, 11960 struct sctp_nets *net, 11961 int max_send_len, 11962 int user_marks_eor, 11963 int *error, 11964 int non_blocking) 11965{ 11966 /*- 11967 * This routine must be very careful in its work. Protocol 11968 * processing is up and running so care must be taken to spl...() 11969 * when you need to do something that may effect the stcb/asoc. The 11970 * sb is locked however. When data is copied the protocol processing 11971 * should be enabled since this is a slower operation... 11972 */ 11973 struct sctp_stream_queue_pending *sp = NULL; 11974 int resv_in_first; 11975 11976 *error = 0; 11977 /* Now can we send this? */ 11978 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 11979 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 11980 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 11981 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 11982 /* got data while shutting down */ 11983 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 11984 *error = ECONNRESET; 11985 goto out_now; 11986 } 11987 sctp_alloc_a_strmoq(stcb, sp); 11988 if (sp == NULL) { 11989 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11990 *error = ENOMEM; 11991 goto out_now; 11992 } 11993 sp->act_flags = 0; 11994 sp->sender_all_done = 0; 11995 sp->sinfo_flags = srcv->sinfo_flags; 11996 sp->timetolive = srcv->sinfo_timetolive; 11997 sp->ppid = srcv->sinfo_ppid; 11998 sp->context = srcv->sinfo_context; 11999 sp->strseq = 0; 12000 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 12001 12002 sp->stream = srcv->sinfo_stream; 12003 sp->length = min(uio->uio_resid, max_send_len); 12004 if ((sp->length == (uint32_t) uio->uio_resid) && 12005 ((user_marks_eor == 0) || 12006 (srcv->sinfo_flags & SCTP_EOF) || 12007 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12008 sp->msg_is_complete = 1; 12009 } else { 12010 sp->msg_is_complete = 0; 12011 } 12012 sp->sender_all_done = 0; 12013 sp->some_taken = 0; 12014 sp->put_last_out = 0; 12015 resv_in_first = sizeof(struct sctp_data_chunk); 12016 sp->data = sp->tail_mbuf = NULL; 12017 if (sp->length == 0) { 12018 *error = 0; 12019 goto skip_copy; 12020 } 12021 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 12022 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 12023 sctp_auth_key_acquire(stcb, stcb->asoc.authinfo.active_keyid); 12024 sp->holds_key_ref = 1; 12025 } 12026 *error = sctp_copy_one(sp, uio, resv_in_first); 12027skip_copy: 12028 if (*error) { 12029 sctp_free_a_strmoq(stcb, sp); 12030 sp = NULL; 12031 } else { 12032 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 12033 sp->net = net; 12034 } else { 12035 sp->net = asoc->primary_destination; 12036 } 12037 atomic_add_int(&sp->net->ref_count, 1); 12038 sctp_set_prsctp_policy(sp); 12039 } 12040out_now: 12041 return (sp); 12042} 12043 12044 12045int 12046sctp_sosend(struct socket *so, 12047 struct sockaddr *addr, 12048 struct uio *uio, 12049 struct mbuf *top, 12050 struct mbuf *control, 12051 int flags, 12052 struct thread *p 12053) 12054{ 12055 struct sctp_inpcb *inp; 12056 int error, use_rcvinfo = 0; 12057 struct sctp_sndrcvinfo srcv; 12058 struct sockaddr *addr_to_use; 12059 12060#ifdef INET6 12061 struct sockaddr_in sin; 12062 12063#endif 12064 12065 inp = (struct sctp_inpcb *)so->so_pcb; 12066 if (control) { 12067 /* process cmsg snd/rcv info (maybe a assoc-id) */ 12068 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control, 12069 sizeof(srcv))) { 12070 /* got one */ 12071 use_rcvinfo = 1; 12072 } 12073 } 12074 addr_to_use = addr; 12075#if defined(INET6) && !defined(__Userspace__) /* TODO port in6_sin6_2_sin */ 12076 if ((addr) && (addr->sa_family == AF_INET6)) { 12077 struct sockaddr_in6 *sin6; 12078 12079 sin6 = (struct sockaddr_in6 *)addr; 12080 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 12081 in6_sin6_2_sin(&sin, sin6); 12082 addr_to_use = (struct sockaddr *)&sin; 12083 } 12084 } 12085#endif 12086 error = sctp_lower_sosend(so, addr_to_use, uio, top, 12087 control, 12088 flags, 12089 use_rcvinfo, &srcv 12090 ,p 12091 ); 12092 return (error); 12093} 12094 12095 12096int 12097sctp_lower_sosend(struct socket *so, 12098 struct sockaddr *addr, 12099 struct uio *uio, 12100 struct mbuf *i_pak, 12101 struct mbuf *control, 12102 int flags, 12103 int use_rcvinfo, 12104 struct sctp_sndrcvinfo *srcv 12105 , 12106 struct thread *p 12107) 12108{ 12109 unsigned int sndlen = 0, max_len; 12110 int error, len; 12111 struct mbuf *top = NULL; 12112 int queue_only = 0, queue_only_for_init = 0; 12113 int free_cnt_applied = 0; 12114 int un_sent = 0; 12115 int now_filled = 0; 12116 unsigned int inqueue_bytes = 0; 12117 struct sctp_block_entry be; 12118 struct sctp_inpcb *inp; 12119 struct sctp_tcb *stcb = NULL; 12120 struct timeval now; 12121 struct sctp_nets *net; 12122 struct sctp_association *asoc; 12123 struct sctp_inpcb *t_inp; 12124 int user_marks_eor; 12125 int create_lock_applied = 0; 12126 int nagle_applies = 0; 12127 int some_on_control = 0; 12128 int got_all_of_the_send = 0; 12129 int hold_tcblock = 0; 12130 int non_blocking = 0; 12131 int temp_flags = 0; 12132 uint32_t local_add_more, local_soresv = 0; 12133 12134 error = 0; 12135 net = NULL; 12136 stcb = NULL; 12137 asoc = NULL; 12138 12139 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 12140 if (inp == NULL) { 12141 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12142 error = EINVAL; 12143 if (i_pak) { 12144 SCTP_RELEASE_PKT(i_pak); 12145 } 12146 return (error); 12147 } 12148 if ((uio == NULL) && (i_pak == NULL)) { 12149 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12150 return (EINVAL); 12151 } 12152 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 12153 atomic_add_int(&inp->total_sends, 1); 12154 if (uio) { 12155 if (uio->uio_resid < 0) { 12156 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12157 return (EINVAL); 12158 } 12159 sndlen = uio->uio_resid; 12160 } else { 12161 top = SCTP_HEADER_TO_CHAIN(i_pak); 12162 sndlen = SCTP_HEADER_LEN(i_pak); 12163 } 12164 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n", 12165 addr, 12166 sndlen); 12167 /*- 12168 * Pre-screen address, if one is given the sin-len 12169 * must be set correctly! 12170 */ 12171 if (addr) { 12172 if ((addr->sa_family == AF_INET) && 12173 (addr->sa_len != sizeof(struct sockaddr_in))) { 12174 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12175 error = EINVAL; 12176 goto out_unlocked; 12177 } else if ((addr->sa_family == AF_INET6) && 12178 (addr->sa_len != sizeof(struct sockaddr_in6))) { 12179 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12180 error = EINVAL; 12181 goto out_unlocked; 12182 } 12183 } 12184 hold_tcblock = 0; 12185 12186 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 12187 (inp->sctp_socket->so_qlimit)) { 12188 /* The listener can NOT send */ 12189 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12190 error = ENOTCONN; 12191 goto out_unlocked; 12192 } 12193 if ((use_rcvinfo) && srcv) { 12194 if (INVALID_SINFO_FLAG(srcv->sinfo_flags) || 12195 PR_SCTP_INVALID_POLICY(srcv->sinfo_flags)) { 12196 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12197 error = EINVAL; 12198 goto out_unlocked; 12199 } 12200 if (srcv->sinfo_flags) 12201 SCTP_STAT_INCR(sctps_sends_with_flags); 12202 12203 if (srcv->sinfo_flags & SCTP_SENDALL) { 12204 /* its a sendall */ 12205 error = sctp_sendall(inp, uio, top, srcv); 12206 top = NULL; 12207 goto out_unlocked; 12208 } 12209 } 12210 /* now we must find the assoc */ 12211 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) || 12212 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12213 SCTP_INP_RLOCK(inp); 12214 stcb = LIST_FIRST(&inp->sctp_asoc_list); 12215 if (stcb == NULL) { 12216 SCTP_INP_RUNLOCK(inp); 12217 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12218 error = ENOTCONN; 12219 goto out_unlocked; 12220 } 12221 SCTP_TCB_LOCK(stcb); 12222 hold_tcblock = 1; 12223 SCTP_INP_RUNLOCK(inp); 12224 if (addr) { 12225 /* Must locate the net structure if addr given */ 12226 net = sctp_findnet(stcb, addr); 12227 if (net) { 12228 /* validate port was 0 or correct */ 12229 struct sockaddr_in *sin; 12230 12231 sin = (struct sockaddr_in *)addr; 12232 if ((sin->sin_port != 0) && 12233 (sin->sin_port != stcb->rport)) { 12234 net = NULL; 12235 } 12236 } 12237 temp_flags |= SCTP_ADDR_OVER; 12238 } else 12239 net = stcb->asoc.primary_destination; 12240 if (addr && (net == NULL)) { 12241 /* Could not find address, was it legal */ 12242 if (addr->sa_family == AF_INET) { 12243 struct sockaddr_in *sin; 12244 12245 sin = (struct sockaddr_in *)addr; 12246 if (sin->sin_addr.s_addr == 0) { 12247 if ((sin->sin_port == 0) || 12248 (sin->sin_port == stcb->rport)) { 12249 net = stcb->asoc.primary_destination; 12250 } 12251 } 12252 } else { 12253 struct sockaddr_in6 *sin6; 12254 12255 sin6 = (struct sockaddr_in6 *)addr; 12256 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 12257 if ((sin6->sin6_port == 0) || 12258 (sin6->sin6_port == stcb->rport)) { 12259 net = stcb->asoc.primary_destination; 12260 } 12261 } 12262 } 12263 } 12264 if (net == NULL) { 12265 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12266 error = EINVAL; 12267 goto out_unlocked; 12268 } 12269 } else if (use_rcvinfo && srcv && srcv->sinfo_assoc_id) { 12270 stcb = sctp_findassociation_ep_asocid(inp, srcv->sinfo_assoc_id, 0); 12271 if (stcb) { 12272 if (addr) 12273 /* 12274 * Must locate the net structure if addr 12275 * given 12276 */ 12277 net = sctp_findnet(stcb, addr); 12278 else 12279 net = stcb->asoc.primary_destination; 12280 if ((srcv->sinfo_flags & SCTP_ADDR_OVER) && 12281 ((net == NULL) || (addr == NULL))) { 12282 struct sockaddr_in *sin; 12283 12284 if (addr == NULL) { 12285 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12286 error = EINVAL; 12287 goto out_unlocked; 12288 } 12289 sin = (struct sockaddr_in *)addr; 12290 /* Validate port is 0 or correct */ 12291 if ((sin->sin_port != 0) && 12292 (sin->sin_port != stcb->rport)) { 12293 net = NULL; 12294 } 12295 } 12296 } 12297 hold_tcblock = 0; 12298 } else if (addr) { 12299 /*- 12300 * Since we did not use findep we must 12301 * increment it, and if we don't find a tcb 12302 * decrement it. 12303 */ 12304 SCTP_INP_WLOCK(inp); 12305 SCTP_INP_INCR_REF(inp); 12306 SCTP_INP_WUNLOCK(inp); 12307 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12308 if (stcb == NULL) { 12309 SCTP_INP_WLOCK(inp); 12310 SCTP_INP_DECR_REF(inp); 12311 SCTP_INP_WUNLOCK(inp); 12312 } else { 12313 hold_tcblock = 1; 12314 } 12315 } 12316 if ((stcb == NULL) && (addr)) { 12317 /* Possible implicit send? */ 12318 SCTP_ASOC_CREATE_LOCK(inp); 12319 create_lock_applied = 1; 12320 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 12321 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 12322 /* Should I really unlock ? */ 12323 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12324 error = EINVAL; 12325 goto out_unlocked; 12326 12327 } 12328 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 12329 (addr->sa_family == AF_INET6)) { 12330 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12331 error = EINVAL; 12332 goto out_unlocked; 12333 } 12334 SCTP_INP_WLOCK(inp); 12335 SCTP_INP_INCR_REF(inp); 12336 SCTP_INP_WUNLOCK(inp); 12337 /* With the lock applied look again */ 12338 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12339 if (stcb == NULL) { 12340 SCTP_INP_WLOCK(inp); 12341 SCTP_INP_DECR_REF(inp); 12342 SCTP_INP_WUNLOCK(inp); 12343 } else { 12344 hold_tcblock = 1; 12345 } 12346 if (t_inp != inp) { 12347 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12348 error = ENOTCONN; 12349 goto out_unlocked; 12350 } 12351 } 12352 if (stcb == NULL) { 12353 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 12354 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12355 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12356 error = ENOTCONN; 12357 goto out_unlocked; 12358 } 12359 if (addr == NULL) { 12360 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12361 error = ENOENT; 12362 goto out_unlocked; 12363 } else { 12364 /* 12365 * UDP style, we must go ahead and start the INIT 12366 * process 12367 */ 12368 uint32_t vrf_id; 12369 12370 if ((use_rcvinfo) && (srcv) && 12371 ((srcv->sinfo_flags & SCTP_ABORT) || 12372 ((srcv->sinfo_flags & SCTP_EOF) && 12373 (sndlen == 0)))) { 12374 /*- 12375 * User asks to abort a non-existant assoc, 12376 * or EOF a non-existant assoc with no data 12377 */ 12378 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12379 error = ENOENT; 12380 goto out_unlocked; 12381 } 12382 /* get an asoc/stcb struct */ 12383 vrf_id = inp->def_vrf_id; 12384#ifdef INVARIANTS 12385 if (create_lock_applied == 0) { 12386 panic("Error, should hold create lock and I don't?"); 12387 } 12388#endif 12389 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id, 12390 p 12391 ); 12392 if (stcb == NULL) { 12393 /* Error is setup for us in the call */ 12394 goto out_unlocked; 12395 } 12396 if (create_lock_applied) { 12397 SCTP_ASOC_CREATE_UNLOCK(inp); 12398 create_lock_applied = 0; 12399 } else { 12400 SCTP_PRINTF("Huh-3? create lock should have been on??\n"); 12401 } 12402 /* 12403 * Turn on queue only flag to prevent data from 12404 * being sent 12405 */ 12406 queue_only = 1; 12407 asoc = &stcb->asoc; 12408 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 12409 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 12410 12411 /* initialize authentication params for the assoc */ 12412 sctp_initialize_auth_params(inp, stcb); 12413 12414 if (control) { 12415 /* 12416 * see if a init structure exists in cmsg 12417 * headers 12418 */ 12419 struct sctp_initmsg initm; 12420 int i; 12421 12422 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control, 12423 sizeof(initm))) { 12424 /* 12425 * we have an INIT override of the 12426 * default 12427 */ 12428 if (initm.sinit_max_attempts) 12429 asoc->max_init_times = initm.sinit_max_attempts; 12430 if (initm.sinit_num_ostreams) 12431 asoc->pre_open_streams = initm.sinit_num_ostreams; 12432 if (initm.sinit_max_instreams) 12433 asoc->max_inbound_streams = initm.sinit_max_instreams; 12434 if (initm.sinit_max_init_timeo) 12435 asoc->initial_init_rto_max = initm.sinit_max_init_timeo; 12436 if (asoc->streamoutcnt < asoc->pre_open_streams) { 12437 struct sctp_stream_out *tmp_str; 12438 int had_lock = 0; 12439 12440 /* Default is NOT correct */ 12441 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, defout:%d pre_open:%d\n", 12442 asoc->streamoutcnt, asoc->pre_open_streams); 12443 /* 12444 * What happens if this 12445 * fails? we panic ... 12446 */ 12447 12448 if (hold_tcblock) { 12449 had_lock = 1; 12450 SCTP_TCB_UNLOCK(stcb); 12451 } 12452 SCTP_MALLOC(tmp_str, 12453 struct sctp_stream_out *, 12454 (asoc->pre_open_streams * 12455 sizeof(struct sctp_stream_out)), 12456 SCTP_M_STRMO); 12457 if (had_lock) { 12458 SCTP_TCB_LOCK(stcb); 12459 } 12460 if (tmp_str != NULL) { 12461 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 12462 asoc->strmout = tmp_str; 12463 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams; 12464 } else { 12465 asoc->pre_open_streams = asoc->streamoutcnt; 12466 } 12467 for (i = 0; i < asoc->streamoutcnt; i++) { 12468 /*- 12469 * inbound side must be set 12470 * to 0xffff, also NOTE when 12471 * we get the INIT-ACK back 12472 * (for INIT sender) we MUST 12473 * reduce the count 12474 * (streamoutcnt) but first 12475 * check if we sent to any 12476 * of the upper streams that 12477 * were dropped (if some 12478 * were). Those that were 12479 * dropped must be notified 12480 * to the upper layer as 12481 * failed to send. 12482 */ 12483 asoc->strmout[i].next_sequence_sent = 0x0; 12484 TAILQ_INIT(&asoc->strmout[i].outqueue); 12485 asoc->strmout[i].stream_no = i; 12486 asoc->strmout[i].last_msg_incomplete = 0; 12487 asoc->strmout[i].next_spoke.tqe_next = 0; 12488 asoc->strmout[i].next_spoke.tqe_prev = 0; 12489 } 12490 } 12491 } 12492 } 12493 hold_tcblock = 1; 12494 /* out with the INIT */ 12495 queue_only_for_init = 1; 12496 /*- 12497 * we may want to dig in after this call and adjust the MTU 12498 * value. It defaulted to 1500 (constant) but the ro 12499 * structure may now have an update and thus we may need to 12500 * change it BEFORE we append the message. 12501 */ 12502 net = stcb->asoc.primary_destination; 12503 asoc = &stcb->asoc; 12504 } 12505 } 12506 if ((SCTP_SO_IS_NBIO(so) 12507 || (flags & MSG_NBIO) 12508 )) { 12509 non_blocking = 1; 12510 } 12511 asoc = &stcb->asoc; 12512 atomic_add_int(&stcb->total_sends, 1); 12513 12514 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { 12515 if (sndlen > asoc->smallest_mtu) { 12516 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12517 error = EMSGSIZE; 12518 goto out_unlocked; 12519 } 12520 } 12521 /* would we block? */ 12522 if (non_blocking) { 12523 if (hold_tcblock == 0) { 12524 SCTP_TCB_LOCK(stcb); 12525 hold_tcblock = 1; 12526 } 12527 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12528 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) || 12529 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12530 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); 12531 if (sndlen > SCTP_SB_LIMIT_SND(so)) 12532 error = EMSGSIZE; 12533 else 12534 error = EWOULDBLOCK; 12535 goto out_unlocked; 12536 } 12537 stcb->asoc.sb_send_resv += sndlen; 12538 SCTP_TCB_UNLOCK(stcb); 12539 hold_tcblock = 0; 12540 } else { 12541 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen); 12542 } 12543 local_soresv = sndlen; 12544 /* Keep the stcb from being freed under our feet */ 12545 if (free_cnt_applied) { 12546#ifdef INVARIANTS 12547 panic("refcnt already incremented"); 12548#else 12549 printf("refcnt:1 already incremented?\n"); 12550#endif 12551 } else { 12552 atomic_add_int(&stcb->asoc.refcnt, 1); 12553 free_cnt_applied = 1; 12554 } 12555 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12556 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12557 error = ECONNRESET; 12558 goto out_unlocked; 12559 } 12560 if (create_lock_applied) { 12561 SCTP_ASOC_CREATE_UNLOCK(inp); 12562 create_lock_applied = 0; 12563 } 12564 if (asoc->stream_reset_outstanding) { 12565 /* 12566 * Can't queue any data while stream reset is underway. 12567 */ 12568 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN); 12569 error = EAGAIN; 12570 goto out_unlocked; 12571 } 12572 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12573 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12574 queue_only = 1; 12575 } 12576 if ((use_rcvinfo == 0) || (srcv == NULL)) { 12577 /* Grab the default stuff from the asoc */ 12578 srcv = (struct sctp_sndrcvinfo *)&stcb->asoc.def_send; 12579 } 12580 /* we are now done with all control */ 12581 if (control) { 12582 sctp_m_freem(control); 12583 control = NULL; 12584 } 12585 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 12586 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 12587 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 12588 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 12589 if ((use_rcvinfo) && 12590 (srcv->sinfo_flags & SCTP_ABORT)) { 12591 ; 12592 } else { 12593 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12594 error = ECONNRESET; 12595 goto out_unlocked; 12596 } 12597 } 12598 /* Ok, we will attempt a msgsnd :> */ 12599 if (p) { 12600 p->td_ru.ru_msgsnd++; 12601 } 12602 if (stcb) { 12603 if (((srcv->sinfo_flags | temp_flags) & SCTP_ADDR_OVER) == 0) { 12604 net = stcb->asoc.primary_destination; 12605 } 12606 } 12607 if (net == NULL) { 12608 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12609 error = EINVAL; 12610 goto out_unlocked; 12611 } 12612 if ((net->flight_size > net->cwnd) && (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) { 12613 /*- 12614 * CMT: Added check for CMT above. net above is the primary 12615 * dest. If CMT is ON, sender should always attempt to send 12616 * with the output routine sctp_fill_outqueue() that loops 12617 * through all destination addresses. Therefore, if CMT is 12618 * ON, queue_only is NOT set to 1 here, so that 12619 * sctp_chunk_output() can be called below. 12620 */ 12621 queue_only = 1; 12622 } else if (asoc->ifp_had_enobuf) { 12623 SCTP_STAT_INCR(sctps_ifnomemqueued); 12624 if (net->flight_size > (net->mtu * 2)) 12625 queue_only = 1; 12626 asoc->ifp_had_enobuf = 0; 12627 } else { 12628 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 12629 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 12630 } 12631 /* Are we aborting? */ 12632 if (srcv->sinfo_flags & SCTP_ABORT) { 12633 struct mbuf *mm; 12634 int tot_demand, tot_out = 0, max_out; 12635 12636 SCTP_STAT_INCR(sctps_sends_with_abort); 12637 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12638 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12639 /* It has to be up before we abort */ 12640 /* how big is the user initiated abort? */ 12641 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12642 error = EINVAL; 12643 goto out; 12644 } 12645 if (hold_tcblock) { 12646 SCTP_TCB_UNLOCK(stcb); 12647 hold_tcblock = 0; 12648 } 12649 if (top) { 12650 struct mbuf *cntm = NULL; 12651 12652 mm = sctp_get_mbuf_for_msg(1, 0, M_WAIT, 1, MT_DATA); 12653 if (sndlen != 0) { 12654 cntm = top; 12655 while (cntm) { 12656 tot_out += SCTP_BUF_LEN(cntm); 12657 cntm = SCTP_BUF_NEXT(cntm); 12658 } 12659 } 12660 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12661 } else { 12662 /* Must fit in a MTU */ 12663 tot_out = sndlen; 12664 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12665 if (tot_demand > SCTP_DEFAULT_ADD_MORE) { 12666 /* To big */ 12667 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12668 error = EMSGSIZE; 12669 goto out; 12670 } 12671 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAIT, 1, MT_DATA); 12672 } 12673 if (mm == NULL) { 12674 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12675 error = ENOMEM; 12676 goto out; 12677 } 12678 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); 12679 max_out -= sizeof(struct sctp_abort_msg); 12680 if (tot_out > max_out) { 12681 tot_out = max_out; 12682 } 12683 if (mm) { 12684 struct sctp_paramhdr *ph; 12685 12686 /* now move forward the data pointer */ 12687 ph = mtod(mm, struct sctp_paramhdr *); 12688 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 12689 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out)); 12690 ph++; 12691 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr); 12692 if (top == NULL) { 12693 error = uiomove((caddr_t)ph, (int)tot_out, uio); 12694 if (error) { 12695 /*- 12696 * Here if we can't get his data we 12697 * still abort we just don't get to 12698 * send the users note :-0 12699 */ 12700 sctp_m_freem(mm); 12701 mm = NULL; 12702 } 12703 } else { 12704 if (sndlen != 0) { 12705 SCTP_BUF_NEXT(mm) = top; 12706 } 12707 } 12708 } 12709 if (hold_tcblock == 0) { 12710 SCTP_TCB_LOCK(stcb); 12711 hold_tcblock = 1; 12712 } 12713 atomic_add_int(&stcb->asoc.refcnt, -1); 12714 free_cnt_applied = 0; 12715 /* release this lock, otherwise we hang on ourselves */ 12716 sctp_abort_an_association(stcb->sctp_ep, stcb, 12717 SCTP_RESPONSE_TO_USER_REQ, 12718 mm, SCTP_SO_LOCKED); 12719 /* now relock the stcb so everything is sane */ 12720 hold_tcblock = 0; 12721 stcb = NULL; 12722 /* 12723 * In this case top is already chained to mm avoid double 12724 * free, since we free it below if top != NULL and driver 12725 * would free it after sending the packet out 12726 */ 12727 if (sndlen != 0) { 12728 top = NULL; 12729 } 12730 goto out_unlocked; 12731 } 12732 /* Calculate the maximum we can send */ 12733 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12734 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12735 if (non_blocking) { 12736 /* we already checked for non-blocking above. */ 12737 max_len = sndlen; 12738 } else { 12739 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12740 } 12741 } else { 12742 max_len = 0; 12743 } 12744 if (hold_tcblock) { 12745 SCTP_TCB_UNLOCK(stcb); 12746 hold_tcblock = 0; 12747 } 12748 /* Is the stream no. valid? */ 12749 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 12750 /* Invalid stream number */ 12751 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12752 error = EINVAL; 12753 goto out_unlocked; 12754 } 12755 if (asoc->strmout == NULL) { 12756 /* huh? software error */ 12757 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 12758 error = EFAULT; 12759 goto out_unlocked; 12760 } 12761 /* Unless E_EOR mode is on, we must make a send FIT in one call. */ 12762 if ((user_marks_eor == 0) && 12763 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { 12764 /* It will NEVER fit */ 12765 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12766 error = EMSGSIZE; 12767 goto out_unlocked; 12768 } 12769 if ((uio == NULL) && user_marks_eor) { 12770 /*- 12771 * We do not support eeor mode for 12772 * sending with mbuf chains (like sendfile). 12773 */ 12774 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12775 error = EINVAL; 12776 goto out_unlocked; 12777 } 12778 if (user_marks_eor) { 12779 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); 12780 } else { 12781 /*- 12782 * For non-eeor the whole message must fit in 12783 * the socket send buffer. 12784 */ 12785 local_add_more = sndlen; 12786 } 12787 len = 0; 12788 if (non_blocking) { 12789 goto skip_preblock; 12790 } 12791 if (((max_len <= local_add_more) && 12792 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || 12793 (max_len == 0) || 12794 ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12795 /* No room right now ! */ 12796 SOCKBUF_LOCK(&so->so_snd); 12797 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12798 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || 12799 ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12800 SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", 12801 (unsigned int)SCTP_SB_LIMIT_SND(so), 12802 inqueue_bytes, 12803 local_add_more, 12804 stcb->asoc.stream_queue_cnt, 12805 stcb->asoc.chunks_on_out_queue, 12806 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)); 12807 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12808 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, so, asoc, sndlen); 12809 } 12810 be.error = 0; 12811 stcb->block_entry = &be; 12812 error = sbwait(&so->so_snd); 12813 stcb->block_entry = NULL; 12814 if (error || so->so_error || be.error) { 12815 if (error == 0) { 12816 if (so->so_error) 12817 error = so->so_error; 12818 if (be.error) { 12819 error = be.error; 12820 } 12821 } 12822 SOCKBUF_UNLOCK(&so->so_snd); 12823 goto out_unlocked; 12824 } 12825 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12826 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 12827 so, asoc, stcb->asoc.total_output_queue_size); 12828 } 12829 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12830 goto out_unlocked; 12831 } 12832 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12833 } 12834 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12835 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12836 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12837 } else { 12838 max_len = 0; 12839 } 12840 SOCKBUF_UNLOCK(&so->so_snd); 12841 } 12842skip_preblock: 12843 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12844 goto out_unlocked; 12845 } 12846 /* 12847 * sndlen covers for mbuf case uio_resid covers for the non-mbuf 12848 * case NOTE: uio will be null when top/mbuf is passed 12849 */ 12850 if (sndlen == 0) { 12851 if (srcv->sinfo_flags & SCTP_EOF) { 12852 got_all_of_the_send = 1; 12853 goto dataless_eof; 12854 } else { 12855 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12856 error = EINVAL; 12857 goto out; 12858 } 12859 } 12860 if (top == NULL) { 12861 struct sctp_stream_queue_pending *sp; 12862 struct sctp_stream_out *strm; 12863 uint32_t sndout, initial_out; 12864 12865 initial_out = uio->uio_resid; 12866 12867 SCTP_TCB_SEND_LOCK(stcb); 12868 if ((asoc->stream_locked) && 12869 (asoc->stream_locked_on != srcv->sinfo_stream)) { 12870 SCTP_TCB_SEND_UNLOCK(stcb); 12871 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12872 error = EINVAL; 12873 goto out; 12874 } 12875 SCTP_TCB_SEND_UNLOCK(stcb); 12876 12877 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 12878 if (strm->last_msg_incomplete == 0) { 12879 do_a_copy_in: 12880 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error, non_blocking); 12881 if ((sp == NULL) || (error)) { 12882 goto out; 12883 } 12884 SCTP_TCB_SEND_LOCK(stcb); 12885 if (sp->msg_is_complete) { 12886 strm->last_msg_incomplete = 0; 12887 asoc->stream_locked = 0; 12888 } else { 12889 /* 12890 * Just got locked to this guy in case of an 12891 * interrupt. 12892 */ 12893 strm->last_msg_incomplete = 1; 12894 asoc->stream_locked = 1; 12895 asoc->stream_locked_on = srcv->sinfo_stream; 12896 sp->sender_all_done = 0; 12897 } 12898 sctp_snd_sb_alloc(stcb, sp->length); 12899 atomic_add_int(&asoc->stream_queue_cnt, 1); 12900 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 12901 sp->strseq = strm->next_sequence_sent; 12902 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_SCTP) { 12903 sctp_misc_ints(SCTP_STRMOUT_LOG_ASSIGN, 12904 (uintptr_t) stcb, sp->length, 12905 (uint32_t) ((srcv->sinfo_stream << 16) | sp->strseq), 0); 12906 } 12907 strm->next_sequence_sent++; 12908 } else { 12909 SCTP_STAT_INCR(sctps_sends_with_unord); 12910 } 12911 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 12912 if ((strm->next_spoke.tqe_next == NULL) && 12913 (strm->next_spoke.tqe_prev == NULL)) { 12914 /* Not on wheel, insert */ 12915 sctp_insert_on_wheel(stcb, asoc, strm, 1); 12916 } 12917 SCTP_TCB_SEND_UNLOCK(stcb); 12918 } else { 12919 SCTP_TCB_SEND_LOCK(stcb); 12920 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead); 12921 SCTP_TCB_SEND_UNLOCK(stcb); 12922 if (sp == NULL) { 12923 /* ???? Huh ??? last msg is gone */ 12924#ifdef INVARIANTS 12925 panic("Warning: Last msg marked incomplete, yet nothing left?"); 12926#else 12927 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n"); 12928 strm->last_msg_incomplete = 0; 12929#endif 12930 goto do_a_copy_in; 12931 12932 } 12933 } 12934 while (uio->uio_resid > 0) { 12935 /* How much room do we have? */ 12936 struct mbuf *new_tail, *mm; 12937 12938 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 12939 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 12940 else 12941 max_len = 0; 12942 12943 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || 12944 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) || 12945 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) { 12946 sndout = 0; 12947 new_tail = NULL; 12948 if (hold_tcblock) { 12949 SCTP_TCB_UNLOCK(stcb); 12950 hold_tcblock = 0; 12951 } 12952 mm = sctp_copy_resume(sp, uio, srcv, max_len, user_marks_eor, &error, &sndout, &new_tail); 12953 if ((mm == NULL) || error) { 12954 if (mm) { 12955 sctp_m_freem(mm); 12956 } 12957 goto out; 12958 } 12959 /* Update the mbuf and count */ 12960 SCTP_TCB_SEND_LOCK(stcb); 12961 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12962 /* 12963 * we need to get out. Peer probably 12964 * aborted. 12965 */ 12966 sctp_m_freem(mm); 12967 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) { 12968 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12969 error = ECONNRESET; 12970 } 12971 SCTP_TCB_SEND_UNLOCK(stcb); 12972 goto out; 12973 } 12974 if (sp->tail_mbuf) { 12975 /* tack it to the end */ 12976 SCTP_BUF_NEXT(sp->tail_mbuf) = mm; 12977 sp->tail_mbuf = new_tail; 12978 } else { 12979 /* A stolen mbuf */ 12980 sp->data = mm; 12981 sp->tail_mbuf = new_tail; 12982 } 12983 sctp_snd_sb_alloc(stcb, sndout); 12984 atomic_add_int(&sp->length, sndout); 12985 len += sndout; 12986 12987 /* Did we reach EOR? */ 12988 if ((uio->uio_resid == 0) && 12989 ((user_marks_eor == 0) || 12990 (srcv->sinfo_flags & SCTP_EOF) || 12991 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12992 sp->msg_is_complete = 1; 12993 } else { 12994 sp->msg_is_complete = 0; 12995 } 12996 SCTP_TCB_SEND_UNLOCK(stcb); 12997 } 12998 if (uio->uio_resid == 0) { 12999 /* got it all? */ 13000 continue; 13001 } 13002 /* PR-SCTP? */ 13003 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) { 13004 /* 13005 * This is ugly but we must assure locking 13006 * order 13007 */ 13008 if (hold_tcblock == 0) { 13009 SCTP_TCB_LOCK(stcb); 13010 hold_tcblock = 1; 13011 } 13012 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 13013 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13014 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 13015 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 13016 else 13017 max_len = 0; 13018 if (max_len > 0) { 13019 continue; 13020 } 13021 SCTP_TCB_UNLOCK(stcb); 13022 hold_tcblock = 0; 13023 } 13024 /* wait for space now */ 13025 if (non_blocking) { 13026 /* Non-blocking io in place out */ 13027 goto skip_out_eof; 13028 } 13029 if ((net->flight_size > net->cwnd) && 13030 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) { 13031 queue_only = 1; 13032 } else if (asoc->ifp_had_enobuf) { 13033 SCTP_STAT_INCR(sctps_ifnomemqueued); 13034 if (net->flight_size > (net->mtu * 2)) { 13035 queue_only = 1; 13036 } else { 13037 queue_only = 0; 13038 } 13039 asoc->ifp_had_enobuf = 0; 13040 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13041 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13042 } else { 13043 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13044 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13045 if (net->flight_size > net->cwnd) { 13046 queue_only = 1; 13047 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13048 } else { 13049 queue_only = 0; 13050 } 13051 } 13052 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13053 (stcb->asoc.total_flight > 0) && 13054 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13055 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13056 13057 /*- 13058 * Ok, Nagle is set on and we have data outstanding. 13059 * Don't send anything and let SACKs drive out the 13060 * data unless wen have a "full" segment to send. 13061 */ 13062 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13063 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13064 } 13065 SCTP_STAT_INCR(sctps_naglequeued); 13066 nagle_applies = 1; 13067 } else { 13068 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13069 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13070 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13071 } 13072 SCTP_STAT_INCR(sctps_naglesent); 13073 nagle_applies = 0; 13074 } 13075 /* What about the INIT, send it maybe */ 13076 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13077 13078 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 13079 nagle_applies, un_sent); 13080 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 13081 stcb->asoc.total_flight, 13082 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 13083 } 13084 if (queue_only_for_init) { 13085 if (hold_tcblock == 0) { 13086 SCTP_TCB_LOCK(stcb); 13087 hold_tcblock = 1; 13088 } 13089 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13090 /* a collision took us forward? */ 13091 queue_only_for_init = 0; 13092 queue_only = 0; 13093 } else { 13094 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13095 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 13096 queue_only_for_init = 0; 13097 queue_only = 1; 13098 } 13099 } 13100 if ((queue_only == 0) && (nagle_applies == 0)) { 13101 /*- 13102 * need to start chunk output 13103 * before blocking.. note that if 13104 * a lock is already applied, then 13105 * the input via the net is happening 13106 * and I don't need to start output :-D 13107 */ 13108 if (hold_tcblock == 0) { 13109 if (SCTP_TCB_TRYLOCK(stcb)) { 13110 hold_tcblock = 1; 13111 sctp_chunk_output(inp, 13112 stcb, 13113 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13114 } 13115 } else { 13116 sctp_chunk_output(inp, 13117 stcb, 13118 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13119 } 13120 if (hold_tcblock == 1) { 13121 SCTP_TCB_UNLOCK(stcb); 13122 hold_tcblock = 0; 13123 } 13124 } 13125 SOCKBUF_LOCK(&so->so_snd); 13126 /*- 13127 * This is a bit strange, but I think it will 13128 * work. The total_output_queue_size is locked and 13129 * protected by the TCB_LOCK, which we just released. 13130 * There is a race that can occur between releasing it 13131 * above, and me getting the socket lock, where sacks 13132 * come in but we have not put the SB_WAIT on the 13133 * so_snd buffer to get the wakeup. After the LOCK 13134 * is applied the sack_processing will also need to 13135 * LOCK the so->so_snd to do the actual sowwakeup(). So 13136 * once we have the socket buffer lock if we recheck the 13137 * size we KNOW we will get to sleep safely with the 13138 * wakeup flag in place. 13139 */ 13140 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size + 13141 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) { 13142 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13143 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 13144 so, asoc, uio->uio_resid); 13145 } 13146 be.error = 0; 13147 stcb->block_entry = &be; 13148 error = sbwait(&so->so_snd); 13149 stcb->block_entry = NULL; 13150 13151 if (error || so->so_error || be.error) { 13152 if (error == 0) { 13153 if (so->so_error) 13154 error = so->so_error; 13155 if (be.error) { 13156 error = be.error; 13157 } 13158 } 13159 SOCKBUF_UNLOCK(&so->so_snd); 13160 goto out_unlocked; 13161 } 13162 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13163 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 13164 so, asoc, stcb->asoc.total_output_queue_size); 13165 } 13166 } 13167 SOCKBUF_UNLOCK(&so->so_snd); 13168 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13169 goto out_unlocked; 13170 } 13171 } 13172 SCTP_TCB_SEND_LOCK(stcb); 13173 if (sp) { 13174 if (sp->msg_is_complete == 0) { 13175 strm->last_msg_incomplete = 1; 13176 asoc->stream_locked = 1; 13177 asoc->stream_locked_on = srcv->sinfo_stream; 13178 } else { 13179 sp->sender_all_done = 1; 13180 strm->last_msg_incomplete = 0; 13181 asoc->stream_locked = 0; 13182 } 13183 } else { 13184 SCTP_PRINTF("Huh no sp TSNH?\n"); 13185 strm->last_msg_incomplete = 0; 13186 asoc->stream_locked = 0; 13187 } 13188 SCTP_TCB_SEND_UNLOCK(stcb); 13189 if (uio->uio_resid == 0) { 13190 got_all_of_the_send = 1; 13191 } 13192 } else if (top) { 13193 /* We send in a 0, since we do NOT have any locks */ 13194 error = sctp_msg_append(stcb, net, top, srcv, 0); 13195 top = NULL; 13196 if (srcv->sinfo_flags & SCTP_EOF) { 13197 /* 13198 * This should only happen for Panda for the mbuf 13199 * send case, which does NOT yet support EEOR mode. 13200 * Thus, we can just set this flag to do the proper 13201 * EOF handling. 13202 */ 13203 got_all_of_the_send = 1; 13204 } 13205 } 13206 if (error) { 13207 goto out; 13208 } 13209dataless_eof: 13210 /* EOF thing ? */ 13211 if ((srcv->sinfo_flags & SCTP_EOF) && 13212 (got_all_of_the_send == 1) && 13213 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) { 13214 int cnt; 13215 13216 SCTP_STAT_INCR(sctps_sends_with_eof); 13217 error = 0; 13218 if (hold_tcblock == 0) { 13219 SCTP_TCB_LOCK(stcb); 13220 hold_tcblock = 1; 13221 } 13222 cnt = sctp_is_there_unsent_data(stcb); 13223 if (TAILQ_EMPTY(&asoc->send_queue) && 13224 TAILQ_EMPTY(&asoc->sent_queue) && 13225 (cnt == 0)) { 13226 if (asoc->locked_on_sending) { 13227 goto abort_anyway; 13228 } 13229 /* there is nothing queued to send, so I'm done... */ 13230 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13231 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13232 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13233 /* only send SHUTDOWN the first time through */ 13234 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 13235 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 13236 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 13237 } 13238 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 13239 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 13240 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 13241 asoc->primary_destination); 13242 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13243 asoc->primary_destination); 13244 } 13245 } else { 13246 /*- 13247 * we still got (or just got) data to send, so set 13248 * SHUTDOWN_PENDING 13249 */ 13250 /*- 13251 * XXX sockets draft says that SCTP_EOF should be 13252 * sent with no data. currently, we will allow user 13253 * data to be sent first and move to 13254 * SHUTDOWN-PENDING 13255 */ 13256 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13257 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13258 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13259 if (hold_tcblock == 0) { 13260 SCTP_TCB_LOCK(stcb); 13261 hold_tcblock = 1; 13262 } 13263 if (asoc->locked_on_sending) { 13264 /* Locked to send out the data */ 13265 struct sctp_stream_queue_pending *sp; 13266 13267 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 13268 if (sp) { 13269 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 13270 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 13271 } 13272 } 13273 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 13274 if (TAILQ_EMPTY(&asoc->send_queue) && 13275 TAILQ_EMPTY(&asoc->sent_queue) && 13276 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 13277 abort_anyway: 13278 if (free_cnt_applied) { 13279 atomic_add_int(&stcb->asoc.refcnt, -1); 13280 free_cnt_applied = 0; 13281 } 13282 sctp_abort_an_association(stcb->sctp_ep, stcb, 13283 SCTP_RESPONSE_TO_USER_REQ, 13284 NULL, SCTP_SO_LOCKED); 13285 /* 13286 * now relock the stcb so everything 13287 * is sane 13288 */ 13289 hold_tcblock = 0; 13290 stcb = NULL; 13291 goto out; 13292 } 13293 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13294 asoc->primary_destination); 13295 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY); 13296 } 13297 } 13298 } 13299skip_out_eof: 13300 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 13301 some_on_control = 1; 13302 } 13303 if ((net->flight_size > net->cwnd) && 13304 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) { 13305 queue_only = 1; 13306 } else if (asoc->ifp_had_enobuf) { 13307 SCTP_STAT_INCR(sctps_ifnomemqueued); 13308 if (net->flight_size > (net->mtu * 2)) { 13309 queue_only = 1; 13310 } else { 13311 queue_only = 0; 13312 } 13313 asoc->ifp_had_enobuf = 0; 13314 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13315 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13316 } else { 13317 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13318 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13319 if (net->flight_size > net->cwnd) { 13320 queue_only = 1; 13321 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13322 } else { 13323 queue_only = 0; 13324 } 13325 } 13326 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13327 (stcb->asoc.total_flight > 0) && 13328 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13329 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13330 /*- 13331 * Ok, Nagle is set on and we have data outstanding. 13332 * Don't send anything and let SACKs drive out the 13333 * data unless wen have a "full" segment to send. 13334 */ 13335 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13336 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13337 } 13338 SCTP_STAT_INCR(sctps_naglequeued); 13339 nagle_applies = 1; 13340 } else { 13341 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13342 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13343 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13344 } 13345 SCTP_STAT_INCR(sctps_naglesent); 13346 nagle_applies = 0; 13347 } 13348 if (queue_only_for_init) { 13349 if (hold_tcblock == 0) { 13350 SCTP_TCB_LOCK(stcb); 13351 hold_tcblock = 1; 13352 } 13353 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13354 /* a collision took us forward? */ 13355 queue_only_for_init = 0; 13356 queue_only = 0; 13357 } else { 13358 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13359 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT); 13360 queue_only_for_init = 0; 13361 queue_only = 1; 13362 } 13363 } 13364 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 13365 /* we can attempt to send too. */ 13366 if (hold_tcblock == 0) { 13367 /* 13368 * If there is activity recv'ing sacks no need to 13369 * send 13370 */ 13371 if (SCTP_TCB_TRYLOCK(stcb)) { 13372 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13373 hold_tcblock = 1; 13374 } 13375 } else { 13376 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13377 } 13378 } else if ((queue_only == 0) && 13379 (stcb->asoc.peers_rwnd == 0) && 13380 (stcb->asoc.total_flight == 0)) { 13381 /* We get to have a probe outstanding */ 13382 if (hold_tcblock == 0) { 13383 hold_tcblock = 1; 13384 SCTP_TCB_LOCK(stcb); 13385 } 13386 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13387 } else if (some_on_control) { 13388 int num_out, reason, frag_point; 13389 13390 /* Here we do control only */ 13391 if (hold_tcblock == 0) { 13392 hold_tcblock = 1; 13393 SCTP_TCB_LOCK(stcb); 13394 } 13395 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 13396 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 13397 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED); 13398 } 13399 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n", 13400 queue_only, stcb->asoc.peers_rwnd, un_sent, 13401 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 13402 stcb->asoc.total_output_queue_size, error); 13403 13404out: 13405out_unlocked: 13406 13407 if (local_soresv && stcb) { 13408 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen); 13409 local_soresv = 0; 13410 } 13411 if (create_lock_applied) { 13412 SCTP_ASOC_CREATE_UNLOCK(inp); 13413 create_lock_applied = 0; 13414 } 13415 if ((stcb) && hold_tcblock) { 13416 SCTP_TCB_UNLOCK(stcb); 13417 } 13418 if (stcb && free_cnt_applied) { 13419 atomic_add_int(&stcb->asoc.refcnt, -1); 13420 } 13421#ifdef INVARIANTS 13422 if (stcb) { 13423 if (mtx_owned(&stcb->tcb_mtx)) { 13424 panic("Leaving with tcb mtx owned?"); 13425 } 13426 if (mtx_owned(&stcb->tcb_send_mtx)) { 13427 panic("Leaving with tcb send mtx owned?"); 13428 } 13429 } 13430#endif 13431#ifdef INVARIANTS 13432 if (inp) { 13433 sctp_validate_no_locks(inp); 13434 } else { 13435 printf("Warning - inp is NULL so cant validate locks\n"); 13436 } 13437#endif 13438 if (top) { 13439 sctp_m_freem(top); 13440 } 13441 if (control) { 13442 sctp_m_freem(control); 13443 } 13444 return (error); 13445} 13446 13447 13448/* 13449 * generate an AUTHentication chunk, if required 13450 */ 13451struct mbuf * 13452sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 13453 struct sctp_auth_chunk **auth_ret, uint32_t * offset, 13454 struct sctp_tcb *stcb, uint8_t chunk) 13455{ 13456 struct mbuf *m_auth; 13457 struct sctp_auth_chunk *auth; 13458 int chunk_len; 13459 13460 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) || 13461 (stcb == NULL)) 13462 return (m); 13463 13464 /* sysctl disabled auth? */ 13465 if (SCTP_BASE_SYSCTL(sctp_auth_disable)) 13466 return (m); 13467 13468 /* peer doesn't do auth... */ 13469 if (!stcb->asoc.peer_supports_auth) { 13470 return (m); 13471 } 13472 /* does the requested chunk require auth? */ 13473 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) { 13474 return (m); 13475 } 13476 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_DONTWAIT, 1, MT_HEADER); 13477 if (m_auth == NULL) { 13478 /* no mbuf's */ 13479 return (m); 13480 } 13481 /* reserve some space if this will be the first mbuf */ 13482 if (m == NULL) 13483 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD); 13484 /* fill in the AUTH chunk details */ 13485 auth = mtod(m_auth, struct sctp_auth_chunk *); 13486 bzero(auth, sizeof(*auth)); 13487 auth->ch.chunk_type = SCTP_AUTHENTICATION; 13488 auth->ch.chunk_flags = 0; 13489 chunk_len = sizeof(*auth) + 13490 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 13491 auth->ch.chunk_length = htons(chunk_len); 13492 auth->hmac_id = htons(stcb->asoc.peer_hmac_id); 13493 /* key id and hmac digest will be computed and filled in upon send */ 13494 13495 /* save the offset where the auth was inserted into the chain */ 13496 if (m != NULL) { 13497 struct mbuf *cn; 13498 13499 *offset = 0; 13500 cn = m; 13501 while (cn) { 13502 *offset += SCTP_BUF_LEN(cn); 13503 cn = SCTP_BUF_NEXT(cn); 13504 } 13505 } else 13506 *offset = 0; 13507 13508 /* update length and return pointer to the auth chunk */ 13509 SCTP_BUF_LEN(m_auth) = chunk_len; 13510 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0); 13511 if (auth_ret != NULL) 13512 *auth_ret = auth; 13513 13514 return (m); 13515} 13516 13517#ifdef INET6 13518int 13519sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro) 13520{ 13521 struct nd_prefix *pfx = NULL; 13522 struct nd_pfxrouter *pfxrtr = NULL; 13523 struct sockaddr_in6 gw6; 13524 13525 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6) 13526 return (0); 13527 13528 /* get prefix entry of address */ 13529 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) { 13530 if (pfx->ndpr_stateflags & NDPRF_DETACHED) 13531 continue; 13532 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr, 13533 &src6->sin6_addr, &pfx->ndpr_mask)) 13534 break; 13535 } 13536 /* no prefix entry in the prefix list */ 13537 if (pfx == NULL) { 13538 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for "); 13539 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13540 return (0); 13541 } 13542 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is "); 13543 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13544 13545 /* search installed gateway from prefix entry */ 13546 for (pfxrtr = pfx->ndpr_advrtrs.lh_first; pfxrtr; pfxrtr = 13547 pfxrtr->pfr_next) { 13548 memset(&gw6, 0, sizeof(struct sockaddr_in6)); 13549 gw6.sin6_family = AF_INET6; 13550 gw6.sin6_len = sizeof(struct sockaddr_in6); 13551 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr, 13552 sizeof(struct in6_addr)); 13553 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is "); 13554 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6); 13555 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is "); 13556 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13557 if (sctp_cmpaddr((struct sockaddr *)&gw6, 13558 ro->ro_rt->rt_gateway)) { 13559 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n"); 13560 return (1); 13561 } 13562 } 13563 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n"); 13564 return (0); 13565} 13566 13567#endif 13568 13569int 13570sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t * ro) 13571{ 13572 struct sockaddr_in *sin, *mask; 13573 struct ifaddr *ifa; 13574 struct in_addr srcnetaddr, gwnetaddr; 13575 13576 if (ro == NULL || ro->ro_rt == NULL || 13577 sifa->address.sa.sa_family != AF_INET) { 13578 return (0); 13579 } 13580 ifa = (struct ifaddr *)sifa->ifa; 13581 mask = (struct sockaddr_in *)(ifa->ifa_netmask); 13582 sin = (struct sockaddr_in *)&sifa->address.sin; 13583 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13584 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is "); 13585 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 13586 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr); 13587 13588 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway; 13589 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13590 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is "); 13591 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13592 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr); 13593 if (srcnetaddr.s_addr == gwnetaddr.s_addr) { 13594 return (1); 13595 } 13596 return (0); 13597}
| 9743 /* no more to look at */ 9744 break; 9745 } 9746 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 9747 /* We don't report these */ 9748 continue; 9749 } 9750 cnt_of_skipped++; 9751 } 9752 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 9753 (cnt_of_skipped * sizeof(struct sctp_strseq))); 9754 9755 cnt_of_space = M_TRAILINGSPACE(chk->data); 9756 9757 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 9758 ovh = SCTP_MIN_OVERHEAD; 9759 } else { 9760 ovh = SCTP_MIN_V4_OVERHEAD; 9761 } 9762 if (cnt_of_space > (asoc->smallest_mtu - ovh)) { 9763 /* trim to a mtu size */ 9764 cnt_of_space = asoc->smallest_mtu - ovh; 9765 } 9766 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9767 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9768 0xff, 0, cnt_of_skipped, 9769 asoc->advanced_peer_ack_point); 9770 9771 } 9772 advance_peer_ack_point = asoc->advanced_peer_ack_point; 9773 if (cnt_of_space < space_needed) { 9774 /*- 9775 * ok we must trim down the chunk by lowering the 9776 * advance peer ack point. 9777 */ 9778 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9779 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9780 0xff, 0xff, cnt_of_space, 9781 space_needed); 9782 } 9783 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); 9784 cnt_of_skipped /= sizeof(struct sctp_strseq); 9785 /*- 9786 * Go through and find the TSN that will be the one 9787 * we report. 9788 */ 9789 at = TAILQ_FIRST(&asoc->sent_queue); 9790 for (i = 0; i < cnt_of_skipped; i++) { 9791 tp1 = TAILQ_NEXT(at, sctp_next); 9792 at = tp1; 9793 } 9794 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 9795 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 9796 0xff, cnt_of_skipped, at->rec.data.TSN_seq, 9797 asoc->advanced_peer_ack_point); 9798 } 9799 last = at; 9800 /*- 9801 * last now points to last one I can report, update 9802 * peer ack point 9803 */ 9804 advance_peer_ack_point = last->rec.data.TSN_seq; 9805 space_needed = sizeof(struct sctp_forward_tsn_chunk) + 9806 cnt_of_skipped * sizeof(struct sctp_strseq); 9807 } 9808 chk->send_size = space_needed; 9809 /* Setup the chunk */ 9810 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 9811 fwdtsn->ch.chunk_length = htons(chk->send_size); 9812 fwdtsn->ch.chunk_flags = 0; 9813 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 9814 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point); 9815 SCTP_BUF_LEN(chk->data) = chk->send_size; 9816 fwdtsn++; 9817 /*- 9818 * Move pointer to after the fwdtsn and transfer to the 9819 * strseq pointer. 9820 */ 9821 strseq = (struct sctp_strseq *)fwdtsn; 9822 /*- 9823 * Now populate the strseq list. This is done blindly 9824 * without pulling out duplicate stream info. This is 9825 * inefficent but won't harm the process since the peer will 9826 * look at these in sequence and will thus release anything. 9827 * It could mean we exceed the PMTU and chop off some that 9828 * we could have included.. but this is unlikely (aka 1432/4 9829 * would mean 300+ stream seq's would have to be reported in 9830 * one FWD-TSN. With a bit of work we can later FIX this to 9831 * optimize and pull out duplcates.. but it does add more 9832 * overhead. So for now... not! 9833 */ 9834 at = TAILQ_FIRST(&asoc->sent_queue); 9835 for (i = 0; i < cnt_of_skipped; i++) { 9836 tp1 = TAILQ_NEXT(at, sctp_next); 9837 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 9838 /* We don't report these */ 9839 i--; 9840 at = tp1; 9841 continue; 9842 } 9843 if (at->rec.data.TSN_seq == advance_peer_ack_point) { 9844 at->rec.data.fwd_tsn_cnt = 0; 9845 } 9846 strseq->stream = ntohs(at->rec.data.stream_number); 9847 strseq->sequence = ntohs(at->rec.data.stream_seq); 9848 strseq++; 9849 at = tp1; 9850 } 9851 } 9852 return; 9853 9854} 9855 9856void 9857sctp_send_sack(struct sctp_tcb *stcb) 9858{ 9859 /*- 9860 * Queue up a SACK or NR-SACK in the control queue. 9861 * We must first check to see if a SACK or NR-SACK is 9862 * somehow on the control queue. 9863 * If so, we will take and and remove the old one. 9864 */ 9865 struct sctp_association *asoc; 9866 struct sctp_tmit_chunk *chk, *a_chk; 9867 struct sctp_sack_chunk *sack; 9868 struct sctp_nr_sack_chunk *nr_sack; 9869 struct sctp_gap_ack_block *gap_descriptor; 9870 struct sack_track *selector; 9871 int mergeable = 0; 9872 int offset; 9873 caddr_t limit; 9874 uint32_t *dup; 9875 int limit_reached = 0; 9876 unsigned int i, sel_start, siz, j, starting_index; 9877 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space; 9878 int num_dups = 0; 9879 int space_req; 9880 uint32_t highest_tsn; 9881 uint8_t flags; 9882 uint8_t type; 9883 9884 if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) && 9885 stcb->asoc.peer_supports_nr_sack) { 9886 type = SCTP_NR_SELECTIVE_ACK; 9887 } else { 9888 type = SCTP_SELECTIVE_ACK; 9889 } 9890 a_chk = NULL; 9891 asoc = &stcb->asoc; 9892 SCTP_TCB_LOCK_ASSERT(stcb); 9893 if (asoc->last_data_chunk_from == NULL) { 9894 /* Hmm we never received anything */ 9895 return; 9896 } 9897 sctp_slide_mapping_arrays(stcb); 9898 sctp_set_rwnd(stcb, asoc); 9899 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9900 if (chk->rec.chunk_id.id == type) { 9901 /* Hmm, found a sack already on queue, remove it */ 9902 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 9903 asoc->ctrl_queue_cnt++; 9904 a_chk = chk; 9905 if (a_chk->data) { 9906 sctp_m_freem(a_chk->data); 9907 a_chk->data = NULL; 9908 } 9909 sctp_free_remote_addr(a_chk->whoTo); 9910 a_chk->whoTo = NULL; 9911 break; 9912 } 9913 } 9914 if (a_chk == NULL) { 9915 sctp_alloc_a_chunk(stcb, a_chk); 9916 if (a_chk == NULL) { 9917 /* No memory so we drop the idea, and set a timer */ 9918 if (stcb->asoc.delayed_ack) { 9919 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 9920 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); 9921 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 9922 stcb->sctp_ep, stcb, NULL); 9923 } else { 9924 stcb->asoc.send_sack = 1; 9925 } 9926 return; 9927 } 9928 a_chk->copy_by_ref = 0; 9929 a_chk->rec.chunk_id.id = type; 9930 a_chk->rec.chunk_id.can_take_data = 1; 9931 } 9932 /* Clear our pkt counts */ 9933 asoc->data_pkts_seen = 0; 9934 9935 a_chk->asoc = asoc; 9936 a_chk->snd_count = 0; 9937 a_chk->send_size = 0; /* fill in later */ 9938 a_chk->sent = SCTP_DATAGRAM_UNSENT; 9939 a_chk->whoTo = NULL; 9940 9941 if ((asoc->numduptsns) || 9942 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE) 9943 ) { 9944 /*- 9945 * Ok, we have some duplicates or the destination for the 9946 * sack is unreachable, lets see if we can select an 9947 * alternate than asoc->last_data_chunk_from 9948 */ 9949 if ((!(asoc->last_data_chunk_from->dest_state & 9950 SCTP_ADDR_NOT_REACHABLE)) && 9951 (asoc->used_alt_onsack > asoc->numnets)) { 9952 /* We used an alt last time, don't this time */ 9953 a_chk->whoTo = NULL; 9954 } else { 9955 asoc->used_alt_onsack++; 9956 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0); 9957 } 9958 if (a_chk->whoTo == NULL) { 9959 /* Nope, no alternate */ 9960 a_chk->whoTo = asoc->last_data_chunk_from; 9961 asoc->used_alt_onsack = 0; 9962 } 9963 } else { 9964 /* 9965 * No duplicates so we use the last place we received data 9966 * from. 9967 */ 9968 asoc->used_alt_onsack = 0; 9969 a_chk->whoTo = asoc->last_data_chunk_from; 9970 } 9971 if (a_chk->whoTo) { 9972 atomic_add_int(&a_chk->whoTo->ref_count, 1); 9973 } 9974 if (compare_with_wrap(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map, MAX_TSN)) { 9975 highest_tsn = asoc->highest_tsn_inside_map; 9976 } else { 9977 highest_tsn = asoc->highest_tsn_inside_nr_map; 9978 } 9979 if (highest_tsn == asoc->cumulative_tsn) { 9980 /* no gaps */ 9981 if (type == SCTP_SELECTIVE_ACK) { 9982 space_req = sizeof(struct sctp_sack_chunk); 9983 } else { 9984 space_req = sizeof(struct sctp_nr_sack_chunk); 9985 } 9986 } else { 9987 /* gaps get a cluster */ 9988 space_req = MCLBYTES; 9989 } 9990 /* Ok now lets formulate a MBUF with our sack */ 9991 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_DONTWAIT, 1, MT_DATA); 9992 if ((a_chk->data == NULL) || 9993 (a_chk->whoTo == NULL)) { 9994 /* rats, no mbuf memory */ 9995 if (a_chk->data) { 9996 /* was a problem with the destination */ 9997 sctp_m_freem(a_chk->data); 9998 a_chk->data = NULL; 9999 } 10000 sctp_free_a_chunk(stcb, a_chk); 10001 /* sa_ignore NO_NULL_CHK */ 10002 if (stcb->asoc.delayed_ack) { 10003 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 10004 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6); 10005 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 10006 stcb->sctp_ep, stcb, NULL); 10007 } else { 10008 stcb->asoc.send_sack = 1; 10009 } 10010 return; 10011 } 10012 /* ok, lets go through and fill it in */ 10013 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD); 10014 space = M_TRAILINGSPACE(a_chk->data); 10015 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) { 10016 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD); 10017 } 10018 limit = mtod(a_chk->data, caddr_t); 10019 limit += space; 10020 10021 /* 0x01 is used by nonce for ecn */ 10022 if ((SCTP_BASE_SYSCTL(sctp_ecn_enable)) && 10023 (SCTP_BASE_SYSCTL(sctp_ecn_nonce)) && 10024 (asoc->peer_supports_ecn_nonce)) 10025 flags = (asoc->receiver_nonce_sum & SCTP_SACK_NONCE_SUM); 10026 else 10027 flags = 0; 10028 10029 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) && SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) { 10030 /*- 10031 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been 10032 * received, then set high bit to 1, else 0. Reset 10033 * pkts_rcvd. 10034 */ 10035 flags |= (asoc->cmt_dac_pkts_rcvd << 6); 10036 asoc->cmt_dac_pkts_rcvd = 0; 10037 } 10038#ifdef SCTP_ASOCLOG_OF_TSNS 10039 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn; 10040 stcb->asoc.cumack_log_atsnt++; 10041 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) { 10042 stcb->asoc.cumack_log_atsnt = 0; 10043 } 10044#endif 10045 /* reset the readers interpretation */ 10046 stcb->freed_by_sorcv_sincelast = 0; 10047 10048 if (type == SCTP_SELECTIVE_ACK) { 10049 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 10050 nr_sack = NULL; 10051 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk)); 10052 if (highest_tsn > asoc->mapping_array_base_tsn) { 10053 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10054 } else { 10055 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8; 10056 } 10057 } else { 10058 sack = NULL; 10059 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *); 10060 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk)); 10061 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) { 10062 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10063 } else { 10064 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8; 10065 } 10066 } 10067 10068 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) { 10069 offset = 1; 10070 /*- 10071 * The base TSN is intialized to be the first TSN the peer 10072 * will send us. If the cum-ack is behind this then when they 10073 * send us the next in sequence it will mark the base_tsn bit. 10074 * Thus we need to use the very first selector and the offset 10075 * is 1. Our table is built for this case. 10076 */ 10077 starting_index = 0; 10078 sel_start = 0; 10079 } else { 10080 /*- 10081 * we skip the first selector when the cum-ack is at or above the 10082 * mapping array base. This is because the bits at the base or above 10083 * are turned on and our first selector in the table assumes they are 10084 * off. We thus will use the second selector (first is 0). We use 10085 * the reverse of our macro to fix the offset, in bits, that our 10086 * table is at. Note that this method assumes that the cum-tsn is 10087 * within the first bit, i.e. its value is 0-7 which means the 10088 * result to our offset will be either a 0 - -7. If the cumack 10089 * is NOT in the first byte (0) (which it should be since we did 10090 * a mapping array slide above) then we need to calculate the starting 10091 * index i.e. which byte of the mapping array we should start at. We 10092 * do this by dividing by 8 and pushing the remainder (mod) into offset. 10093 * then we multiply the offset to be negative, since we need a negative 10094 * offset into the selector table. 10095 */ 10096 SCTP_CALC_TSN_TO_GAP(offset, asoc->cumulative_tsn, asoc->mapping_array_base_tsn); 10097 if (offset > 7) { 10098 starting_index = offset / 8; 10099 offset = offset % 8; 10100 printf("Strange starting index is %d offset:%d (not 0/x)\n", 10101 starting_index, offset); 10102 } else { 10103 starting_index = 0; 10104 } 10105 /* We need a negative offset in our table */ 10106 offset *= -1; 10107 sel_start = 1; 10108 } 10109 if (((type == SCTP_SELECTIVE_ACK) && 10110 compare_with_wrap(highest_tsn, asoc->cumulative_tsn, MAX_TSN)) || 10111 ((type == SCTP_NR_SELECTIVE_ACK) && 10112 compare_with_wrap(asoc->highest_tsn_inside_map, asoc->cumulative_tsn, MAX_TSN))) { 10113 /* we have a gap .. maybe */ 10114 for (i = starting_index; i < siz; i++) { 10115 if (type == SCTP_SELECTIVE_ACK) { 10116 selector = &sack_array[asoc->mapping_array[i] | asoc->nr_mapping_array[i]]; 10117 } else { 10118 selector = &sack_array[asoc->mapping_array[i]]; 10119 } 10120 if (mergeable && selector->right_edge) { 10121 /* 10122 * Backup, left and right edges were ok to 10123 * merge. 10124 */ 10125 num_gap_blocks--; 10126 gap_descriptor--; 10127 } 10128 if (selector->num_entries == 0) 10129 mergeable = 0; 10130 else { 10131 for (j = sel_start; j < selector->num_entries; j++) { 10132 if (mergeable && selector->right_edge) { 10133 /* 10134 * do a merge by NOT setting 10135 * the left side 10136 */ 10137 mergeable = 0; 10138 } else { 10139 /* 10140 * no merge, set the left 10141 * side 10142 */ 10143 mergeable = 0; 10144 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10145 } 10146 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10147 num_gap_blocks++; 10148 gap_descriptor++; 10149 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10150 /* no more room */ 10151 limit_reached = 1; 10152 break; 10153 } 10154 } 10155 if (selector->left_edge) { 10156 mergeable = 1; 10157 } 10158 } 10159 if (limit_reached) { 10160 /* Reached the limit stop */ 10161 break; 10162 } 10163 sel_start = 0; 10164 offset += 8; 10165 } 10166 } 10167 if ((type == SCTP_NR_SELECTIVE_ACK) && 10168 (limit_reached == 0)) { 10169 10170 mergeable = 0; 10171 10172 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn) 10173 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10174 else 10175 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8; 10176 10177 if (compare_with_wrap(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, MAX_TSN)) { 10178 offset = 1; 10179 /*- 10180 * cum-ack behind the mapping array, so we start and use all 10181 * entries. 10182 */ 10183 sel_start = 0; 10184 } else { 10185 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 10186 /*- 10187 * we skip the first one when the cum-ack is at or above the 10188 * mapping array base. Note this only works if 10189 */ 10190 sel_start = 1; 10191 } 10192 if (compare_with_wrap(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn, MAX_TSN)) { 10193 /* we have a gap .. maybe */ 10194 for (i = 0; i < siz; i++) { 10195 selector = &sack_array[asoc->nr_mapping_array[i]]; 10196 if (mergeable && selector->right_edge) { 10197 /* 10198 * Backup, left and right edges were 10199 * ok to merge. 10200 */ 10201 num_nr_gap_blocks--; 10202 gap_descriptor--; 10203 } 10204 if (selector->num_entries == 0) 10205 mergeable = 0; 10206 else { 10207 for (j = sel_start; j < selector->num_entries; j++) { 10208 if (mergeable && selector->right_edge) { 10209 /* 10210 * do a merge by NOT 10211 * setting the left 10212 * side 10213 */ 10214 mergeable = 0; 10215 } else { 10216 /* 10217 * no merge, set the 10218 * left side 10219 */ 10220 mergeable = 0; 10221 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10222 } 10223 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10224 num_nr_gap_blocks++; 10225 gap_descriptor++; 10226 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10227 /* no more room */ 10228 limit_reached = 1; 10229 break; 10230 } 10231 } 10232 if (selector->left_edge) { 10233 mergeable = 1; 10234 } 10235 } 10236 if (limit_reached) { 10237 /* Reached the limit stop */ 10238 break; 10239 } 10240 sel_start = 0; 10241 offset += 8; 10242 } 10243 } 10244 } 10245 /* now we must add any dups we are going to report. */ 10246 if ((limit_reached == 0) && (asoc->numduptsns)) { 10247 dup = (uint32_t *) gap_descriptor; 10248 for (i = 0; i < asoc->numduptsns; i++) { 10249 *dup = htonl(asoc->dup_tsns[i]); 10250 dup++; 10251 num_dups++; 10252 if (((caddr_t)dup + sizeof(uint32_t)) > limit) { 10253 /* no more room */ 10254 break; 10255 } 10256 } 10257 asoc->numduptsns = 0; 10258 } 10259 /* 10260 * now that the chunk is prepared queue it to the control chunk 10261 * queue. 10262 */ 10263 if (type == SCTP_SELECTIVE_ACK) { 10264 a_chk->send_size = sizeof(struct sctp_sack_chunk) + 10265 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10266 num_dups * sizeof(int32_t); 10267 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10268 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10269 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 10270 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 10271 sack->sack.num_dup_tsns = htons(num_dups); 10272 sack->ch.chunk_type = type; 10273 sack->ch.chunk_flags = flags; 10274 sack->ch.chunk_length = htons(a_chk->send_size); 10275 } else { 10276 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) + 10277 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10278 num_dups * sizeof(int32_t); 10279 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10280 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10281 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd); 10282 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks); 10283 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks); 10284 nr_sack->nr_sack.num_dup_tsns = htons(num_dups); 10285 nr_sack->nr_sack.reserved = 0; 10286 nr_sack->ch.chunk_type = type; 10287 nr_sack->ch.chunk_flags = flags; 10288 nr_sack->ch.chunk_length = htons(a_chk->send_size); 10289 } 10290 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 10291 asoc->my_last_reported_rwnd = asoc->my_rwnd; 10292 asoc->ctrl_queue_cnt++; 10293 asoc->send_sack = 0; 10294 SCTP_STAT_INCR(sctps_sendsacks); 10295 return; 10296} 10297 10298void 10299sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked 10300#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10301 SCTP_UNUSED 10302#endif 10303) 10304{ 10305 struct mbuf *m_abort; 10306 struct mbuf *m_out = NULL, *m_end = NULL; 10307 struct sctp_abort_chunk *abort = NULL; 10308 int sz; 10309 uint32_t auth_offset = 0; 10310 struct sctp_auth_chunk *auth = NULL; 10311 10312 /*- 10313 * Add an AUTH chunk, if chunk requires it and save the offset into 10314 * the chain for AUTH 10315 */ 10316 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION, 10317 stcb->asoc.peer_auth_chunks)) { 10318 m_out = sctp_add_auth_chunk(m_out, &m_end, &auth, &auth_offset, 10319 stcb, SCTP_ABORT_ASSOCIATION); 10320 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10321 } 10322 SCTP_TCB_LOCK_ASSERT(stcb); 10323 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 10324 if (m_abort == NULL) { 10325 /* no mbuf's */ 10326 if (m_out) 10327 sctp_m_freem(m_out); 10328 return; 10329 } 10330 /* link in any error */ 10331 SCTP_BUF_NEXT(m_abort) = operr; 10332 sz = 0; 10333 if (operr) { 10334 struct mbuf *n; 10335 10336 n = operr; 10337 while (n) { 10338 sz += SCTP_BUF_LEN(n); 10339 n = SCTP_BUF_NEXT(n); 10340 } 10341 } 10342 SCTP_BUF_LEN(m_abort) = sizeof(*abort); 10343 if (m_out == NULL) { 10344 /* NO Auth chunk prepended, so reserve space in front */ 10345 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD); 10346 m_out = m_abort; 10347 } else { 10348 /* Put AUTH chunk at the front of the chain */ 10349 SCTP_BUF_NEXT(m_end) = m_abort; 10350 } 10351 10352 /* fill in the ABORT chunk */ 10353 abort = mtod(m_abort, struct sctp_abort_chunk *); 10354 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION; 10355 abort->ch.chunk_flags = 0; 10356 abort->ch.chunk_length = htons(sizeof(*abort) + sz); 10357 10358 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, 10359 stcb->asoc.primary_destination, 10360 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr, 10361 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, NULL, 0, 10362 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 10363 stcb->asoc.primary_destination->port, so_locked, NULL); 10364 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10365} 10366 10367void 10368sctp_send_shutdown_complete(struct sctp_tcb *stcb, 10369 struct sctp_nets *net, 10370 int reflect_vtag) 10371{ 10372 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10373 struct mbuf *m_shutdown_comp; 10374 struct sctp_shutdown_complete_chunk *shutdown_complete; 10375 uint32_t vtag; 10376 uint8_t flags; 10377 10378 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER); 10379 if (m_shutdown_comp == NULL) { 10380 /* no mbuf's */ 10381 return; 10382 } 10383 if (reflect_vtag) { 10384 flags = SCTP_HAD_NO_TCB; 10385 vtag = stcb->asoc.my_vtag; 10386 } else { 10387 flags = 0; 10388 vtag = stcb->asoc.peer_vtag; 10389 } 10390 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *); 10391 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10392 shutdown_complete->ch.chunk_flags = flags; 10393 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10394 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk); 10395 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 10396 (struct sockaddr *)&net->ro._l_addr, 10397 m_shutdown_comp, 0, NULL, 0, 1, 0, NULL, 0, 10398 stcb->sctp_ep->sctp_lport, stcb->rport, 10399 htonl(vtag), 10400 net->port, SCTP_SO_NOT_LOCKED, NULL); 10401 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10402 return; 10403} 10404 10405void 10406sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh, 10407 uint32_t vrf_id, uint16_t port) 10408{ 10409 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10410 struct mbuf *o_pak; 10411 struct mbuf *mout; 10412 struct ip *iph, *iph_out; 10413 struct udphdr *udp = NULL; 10414 10415#ifdef INET6 10416 struct ip6_hdr *ip6, *ip6_out; 10417 10418#endif 10419 int offset_out, len, mlen; 10420 struct sctp_shutdown_complete_msg *comp_cp; 10421 10422 iph = mtod(m, struct ip *); 10423 switch (iph->ip_v) { 10424 case IPVERSION: 10425 len = (sizeof(struct ip) + sizeof(struct sctp_shutdown_complete_msg)); 10426 break; 10427#ifdef INET6 10428 case IPV6_VERSION >> 4: 10429 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_shutdown_complete_msg)); 10430 break; 10431#endif 10432 default: 10433 return; 10434 } 10435 if (port) { 10436 len += sizeof(struct udphdr); 10437 } 10438 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 10439 if (mout == NULL) { 10440 return; 10441 } 10442 SCTP_BUF_RESV_UF(mout, max_linkhdr); 10443 SCTP_BUF_LEN(mout) = len; 10444 SCTP_BUF_NEXT(mout) = NULL; 10445 iph_out = NULL; 10446#ifdef INET6 10447 ip6_out = NULL; 10448#endif 10449 offset_out = 0; 10450 10451 switch (iph->ip_v) { 10452 case IPVERSION: 10453 iph_out = mtod(mout, struct ip *); 10454 10455 /* Fill in the IP header for the ABORT */ 10456 iph_out->ip_v = IPVERSION; 10457 iph_out->ip_hl = (sizeof(struct ip) / 4); 10458 iph_out->ip_tos = (u_char)0; 10459 iph_out->ip_id = 0; 10460 iph_out->ip_off = 0; 10461 iph_out->ip_ttl = MAXTTL; 10462 if (port) { 10463 iph_out->ip_p = IPPROTO_UDP; 10464 } else { 10465 iph_out->ip_p = IPPROTO_SCTP; 10466 } 10467 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 10468 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 10469 10470 /* let IP layer calculate this */ 10471 iph_out->ip_sum = 0; 10472 offset_out += sizeof(*iph_out); 10473 comp_cp = (struct sctp_shutdown_complete_msg *)( 10474 (caddr_t)iph_out + offset_out); 10475 break; 10476#ifdef INET6 10477 case IPV6_VERSION >> 4: 10478 ip6 = (struct ip6_hdr *)iph; 10479 ip6_out = mtod(mout, struct ip6_hdr *); 10480 10481 /* Fill in the IPv6 header for the ABORT */ 10482 ip6_out->ip6_flow = ip6->ip6_flow; 10483 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 10484 if (port) { 10485 ip6_out->ip6_nxt = IPPROTO_UDP; 10486 } else { 10487 ip6_out->ip6_nxt = IPPROTO_SCTP; 10488 } 10489 ip6_out->ip6_src = ip6->ip6_dst; 10490 ip6_out->ip6_dst = ip6->ip6_src; 10491 /* 10492 * ?? The old code had both the iph len + payload, I think 10493 * this is wrong and would never have worked 10494 */ 10495 ip6_out->ip6_plen = sizeof(struct sctp_shutdown_complete_msg); 10496 offset_out += sizeof(*ip6_out); 10497 comp_cp = (struct sctp_shutdown_complete_msg *)( 10498 (caddr_t)ip6_out + offset_out); 10499 break; 10500#endif /* INET6 */ 10501 default: 10502 /* Currently not supported. */ 10503 sctp_m_freem(mout); 10504 return; 10505 } 10506 if (port) { 10507 udp = (struct udphdr *)comp_cp; 10508 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 10509 udp->uh_dport = port; 10510 udp->uh_ulen = htons(sizeof(struct sctp_shutdown_complete_msg) + sizeof(struct udphdr)); 10511 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 10512 offset_out += sizeof(struct udphdr); 10513 comp_cp = (struct sctp_shutdown_complete_msg *)((caddr_t)comp_cp + sizeof(struct udphdr)); 10514 } 10515 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 10516 /* no mbuf's */ 10517 sctp_m_freem(mout); 10518 return; 10519 } 10520 /* Now copy in and fill in the ABORT tags etc. */ 10521 comp_cp->sh.src_port = sh->dest_port; 10522 comp_cp->sh.dest_port = sh->src_port; 10523 comp_cp->sh.checksum = 0; 10524 comp_cp->sh.v_tag = sh->v_tag; 10525 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB; 10526 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10527 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10528 10529 if (iph_out != NULL) { 10530 sctp_route_t ro; 10531 int ret; 10532 struct sctp_tcb *stcb = NULL; 10533 10534 mlen = SCTP_BUF_LEN(mout); 10535 bzero(&ro, sizeof ro); 10536 /* set IPv4 length */ 10537 iph_out->ip_len = mlen; 10538#ifdef SCTP_PACKET_LOGGING 10539 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 10540 sctp_packet_log(mout, mlen); 10541#endif 10542 if (port) { 10543 comp_cp->sh.checksum = sctp_calculate_cksum(mout, offset_out); 10544 SCTP_STAT_INCR(sctps_sendswcrc); 10545 SCTP_ENABLE_UDP_CSUM(mout); 10546 } else { 10547 mout->m_pkthdr.csum_flags = CSUM_SCTP; 10548 mout->m_pkthdr.csum_data = 0; 10549 SCTP_STAT_INCR(sctps_sendhwcrc); 10550 } 10551 SCTP_ATTACH_CHAIN(o_pak, mout, mlen); 10552 /* out it goes */ 10553 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id); 10554 10555 /* Free the route if we got one back */ 10556 if (ro.ro_rt) 10557 RTFREE(ro.ro_rt); 10558 } 10559#ifdef INET6 10560 if (ip6_out != NULL) { 10561 struct route_in6 ro; 10562 int ret; 10563 struct sctp_tcb *stcb = NULL; 10564 struct ifnet *ifp = NULL; 10565 10566 bzero(&ro, sizeof(ro)); 10567 mlen = SCTP_BUF_LEN(mout); 10568#ifdef SCTP_PACKET_LOGGING 10569 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 10570 sctp_packet_log(mout, mlen); 10571#endif 10572 SCTP_ATTACH_CHAIN(o_pak, mout, mlen); 10573 if (port) { 10574 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 10575 (stcb) && 10576 (stcb->asoc.loopback_scope))) { 10577 comp_cp->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 10578 SCTP_STAT_INCR(sctps_sendswcrc); 10579 } else { 10580 SCTP_STAT_INCR(sctps_sendnocrc); 10581 } 10582 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), mlen - sizeof(struct ip6_hdr))) == 0) { 10583 udp->uh_sum = 0xffff; 10584 } 10585 } else { 10586 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 10587 (stcb) && 10588 (stcb->asoc.loopback_scope))) { 10589 mout->m_pkthdr.csum_flags = CSUM_SCTP; 10590 mout->m_pkthdr.csum_data = 0; 10591 SCTP_STAT_INCR(sctps_sendhwcrc); 10592 } else { 10593 SCTP_STAT_INCR(sctps_sendnocrc); 10594 } 10595 } 10596 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id); 10597 10598 /* Free the route if we got one back */ 10599 if (ro.ro_rt) 10600 RTFREE(ro.ro_rt); 10601 } 10602#endif 10603 SCTP_STAT_INCR(sctps_sendpackets); 10604 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 10605 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10606 return; 10607 10608} 10609 10610static struct sctp_nets * 10611sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now) 10612{ 10613 struct sctp_nets *net, *hnet; 10614 int ms_goneby, highest_ms, state_overide = 0; 10615 10616 (void)SCTP_GETTIME_TIMEVAL(now); 10617 highest_ms = 0; 10618 hnet = NULL; 10619 SCTP_TCB_LOCK_ASSERT(stcb); 10620 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 10621 if ( 10622 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) || 10623 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE) 10624 ) { 10625 /* 10626 * Skip this guy from consideration if HB is off AND 10627 * its confirmed 10628 */ 10629 continue; 10630 } 10631 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro._l_addr) == 0) { 10632 /* skip this dest net from consideration */ 10633 continue; 10634 } 10635 if (net->last_sent_time.tv_sec) { 10636 /* Sent to so we subtract */ 10637 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000; 10638 } else 10639 /* Never been sent to */ 10640 ms_goneby = 0x7fffffff; 10641 /*- 10642 * When the address state is unconfirmed but still 10643 * considered reachable, we HB at a higher rate. Once it 10644 * goes confirmed OR reaches the "unreachable" state, thenw 10645 * we cut it back to HB at a more normal pace. 10646 */ 10647 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) { 10648 state_overide = 1; 10649 } else { 10650 state_overide = 0; 10651 } 10652 10653 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) && 10654 (ms_goneby > highest_ms)) { 10655 highest_ms = ms_goneby; 10656 hnet = net; 10657 } 10658 } 10659 if (hnet && 10660 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) { 10661 state_overide = 1; 10662 } else { 10663 state_overide = 0; 10664 } 10665 10666 if (hnet && highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) { 10667 /*- 10668 * Found the one with longest delay bounds OR it is 10669 * unconfirmed and still not marked unreachable. 10670 */ 10671 SCTPDBG(SCTP_DEBUG_OUTPUT4, "net:%p is the hb winner -", hnet); 10672#ifdef SCTP_DEBUG 10673 if (hnet) { 10674 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT4, 10675 (struct sockaddr *)&hnet->ro._l_addr); 10676 } else { 10677 SCTPDBG(SCTP_DEBUG_OUTPUT4, " none\n"); 10678 } 10679#endif 10680 /* update the timer now */ 10681 hnet->last_sent_time = *now; 10682 return (hnet); 10683 } 10684 /* Nothing to HB */ 10685 return (NULL); 10686} 10687 10688int 10689sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net) 10690{ 10691 struct sctp_tmit_chunk *chk; 10692 struct sctp_nets *net; 10693 struct sctp_heartbeat_chunk *hb; 10694 struct timeval now; 10695 struct sockaddr_in *sin; 10696 struct sockaddr_in6 *sin6; 10697 10698 SCTP_TCB_LOCK_ASSERT(stcb); 10699 if (user_req == 0) { 10700 net = sctp_select_hb_destination(stcb, &now); 10701 if (net == NULL) { 10702 /*- 10703 * All our busy none to send to, just start the 10704 * timer again. 10705 */ 10706 if (stcb->asoc.state == 0) { 10707 return (0); 10708 } 10709 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, 10710 stcb->sctp_ep, 10711 stcb, 10712 net); 10713 return (0); 10714 } 10715 } else { 10716 net = u_net; 10717 if (net == NULL) { 10718 return (0); 10719 } 10720 (void)SCTP_GETTIME_TIMEVAL(&now); 10721 } 10722 sin = (struct sockaddr_in *)&net->ro._l_addr; 10723 if (sin->sin_family != AF_INET) { 10724 if (sin->sin_family != AF_INET6) { 10725 /* huh */ 10726 return (0); 10727 } 10728 } 10729 sctp_alloc_a_chunk(stcb, chk); 10730 if (chk == NULL) { 10731 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n"); 10732 return (0); 10733 } 10734 chk->copy_by_ref = 0; 10735 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST; 10736 chk->rec.chunk_id.can_take_data = 1; 10737 chk->asoc = &stcb->asoc; 10738 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 10739 10740 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 10741 if (chk->data == NULL) { 10742 sctp_free_a_chunk(stcb, chk); 10743 return (0); 10744 } 10745 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10746 SCTP_BUF_LEN(chk->data) = chk->send_size; 10747 chk->sent = SCTP_DATAGRAM_UNSENT; 10748 chk->snd_count = 0; 10749 chk->whoTo = net; 10750 atomic_add_int(&chk->whoTo->ref_count, 1); 10751 /* Now we have a mbuf that we can fill in with the details */ 10752 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 10753 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk)); 10754 /* fill out chunk header */ 10755 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 10756 hb->ch.chunk_flags = 0; 10757 hb->ch.chunk_length = htons(chk->send_size); 10758 /* Fill out hb parameter */ 10759 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 10760 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 10761 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 10762 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 10763 /* Did our user request this one, put it in */ 10764 hb->heartbeat.hb_info.user_req = user_req; 10765 hb->heartbeat.hb_info.addr_family = sin->sin_family; 10766 hb->heartbeat.hb_info.addr_len = sin->sin_len; 10767 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 10768 /* 10769 * we only take from the entropy pool if the address is not 10770 * confirmed. 10771 */ 10772 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 10773 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 10774 } else { 10775 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 10776 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 10777 } 10778 if (sin->sin_family == AF_INET) { 10779 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr)); 10780 } else if (sin->sin_family == AF_INET6) { 10781 /* We leave the scope the way it is in our lookup table. */ 10782 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 10783 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr)); 10784 } else { 10785 /* huh compiler bug */ 10786 return (0); 10787 } 10788 10789 /* 10790 * JRS 5/14/07 - In CMT PF, the T3 timer is used to track 10791 * PF-heartbeats. Because of this, threshold management is done by 10792 * the t3 timer handler, and does not need to be done upon the send 10793 * of a PF-heartbeat. If CMT PF is on and the destination to which a 10794 * heartbeat is being sent is in PF state, do NOT do threshold 10795 * management. 10796 */ 10797 if ((SCTP_BASE_SYSCTL(sctp_cmt_pf) == 0) || ((net->dest_state & SCTP_ADDR_PF) != SCTP_ADDR_PF)) { 10798 /* ok we have a destination that needs a beat */ 10799 /* lets do the theshold management Qiaobing style */ 10800 if (sctp_threshold_management(stcb->sctp_ep, stcb, net, 10801 stcb->asoc.max_send_times)) { 10802 /*- 10803 * we have lost the association, in a way this is 10804 * quite bad since we really are one less time since 10805 * we really did not send yet. This is the down side 10806 * to the Q's style as defined in the RFC and not my 10807 * alternate style defined in the RFC. 10808 */ 10809 if (chk->data != NULL) { 10810 sctp_m_freem(chk->data); 10811 chk->data = NULL; 10812 } 10813 /* 10814 * Here we do NOT use the macro since the 10815 * association is now gone. 10816 */ 10817 if (chk->whoTo) { 10818 sctp_free_remote_addr(chk->whoTo); 10819 chk->whoTo = NULL; 10820 } 10821 sctp_free_a_chunk((struct sctp_tcb *)NULL, chk); 10822 return (-1); 10823 } 10824 } 10825 net->hb_responded = 0; 10826 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 10827 stcb->asoc.ctrl_queue_cnt++; 10828 SCTP_STAT_INCR(sctps_sendheartbeat); 10829 /*- 10830 * Call directly med level routine to put out the chunk. It will 10831 * always tumble out control chunks aka HB but it may even tumble 10832 * out data too. 10833 */ 10834 return (1); 10835} 10836 10837void 10838sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 10839 uint32_t high_tsn) 10840{ 10841 struct sctp_association *asoc; 10842 struct sctp_ecne_chunk *ecne; 10843 struct sctp_tmit_chunk *chk; 10844 10845 asoc = &stcb->asoc; 10846 SCTP_TCB_LOCK_ASSERT(stcb); 10847 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10848 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 10849 /* found a previous ECN_ECHO update it if needed */ 10850 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 10851 ecne->tsn = htonl(high_tsn); 10852 return; 10853 } 10854 } 10855 /* nope could not find one to update so we must build one */ 10856 sctp_alloc_a_chunk(stcb, chk); 10857 if (chk == NULL) { 10858 return; 10859 } 10860 chk->copy_by_ref = 0; 10861 SCTP_STAT_INCR(sctps_sendecne); 10862 chk->rec.chunk_id.id = SCTP_ECN_ECHO; 10863 chk->rec.chunk_id.can_take_data = 0; 10864 chk->asoc = &stcb->asoc; 10865 chk->send_size = sizeof(struct sctp_ecne_chunk); 10866 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 10867 if (chk->data == NULL) { 10868 sctp_free_a_chunk(stcb, chk); 10869 return; 10870 } 10871 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10872 SCTP_BUF_LEN(chk->data) = chk->send_size; 10873 chk->sent = SCTP_DATAGRAM_UNSENT; 10874 chk->snd_count = 0; 10875 chk->whoTo = net; 10876 atomic_add_int(&chk->whoTo->ref_count, 1); 10877 stcb->asoc.ecn_echo_cnt_onq++; 10878 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 10879 ecne->ch.chunk_type = SCTP_ECN_ECHO; 10880 ecne->ch.chunk_flags = 0; 10881 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 10882 ecne->tsn = htonl(high_tsn); 10883 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 10884 asoc->ctrl_queue_cnt++; 10885} 10886 10887void 10888sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 10889 struct mbuf *m, int iphlen, int bad_crc) 10890{ 10891 struct sctp_association *asoc; 10892 struct sctp_pktdrop_chunk *drp; 10893 struct sctp_tmit_chunk *chk; 10894 uint8_t *datap; 10895 int len; 10896 int was_trunc = 0; 10897 struct ip *iph; 10898 10899#ifdef INET6 10900 struct ip6_hdr *ip6h; 10901 10902#endif 10903 int fullsz = 0, extra = 0; 10904 long spc; 10905 int offset; 10906 struct sctp_chunkhdr *ch, chunk_buf; 10907 unsigned int chk_length; 10908 10909 if (!stcb) { 10910 return; 10911 } 10912 asoc = &stcb->asoc; 10913 SCTP_TCB_LOCK_ASSERT(stcb); 10914 if (asoc->peer_supports_pktdrop == 0) { 10915 /*- 10916 * peer must declare support before I send one. 10917 */ 10918 return; 10919 } 10920 if (stcb->sctp_socket == NULL) { 10921 return; 10922 } 10923 sctp_alloc_a_chunk(stcb, chk); 10924 if (chk == NULL) { 10925 return; 10926 } 10927 chk->copy_by_ref = 0; 10928 iph = mtod(m, struct ip *); 10929 if (iph == NULL) { 10930 sctp_free_a_chunk(stcb, chk); 10931 return; 10932 } 10933 switch (iph->ip_v) { 10934 case IPVERSION: 10935 /* IPv4 */ 10936 len = chk->send_size = iph->ip_len; 10937 break; 10938#ifdef INET6 10939 case IPV6_VERSION >> 4: 10940 /* IPv6 */ 10941 ip6h = mtod(m, struct ip6_hdr *); 10942 len = chk->send_size = htons(ip6h->ip6_plen); 10943 break; 10944#endif 10945 default: 10946 return; 10947 } 10948 /* Validate that we do not have an ABORT in here. */ 10949 offset = iphlen + sizeof(struct sctphdr); 10950 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 10951 sizeof(*ch), (uint8_t *) & chunk_buf); 10952 while (ch != NULL) { 10953 chk_length = ntohs(ch->chunk_length); 10954 if (chk_length < sizeof(*ch)) { 10955 /* break to abort land */ 10956 break; 10957 } 10958 switch (ch->chunk_type) { 10959 case SCTP_PACKET_DROPPED: 10960 case SCTP_ABORT_ASSOCIATION: 10961 /*- 10962 * we don't respond with an PKT-DROP to an ABORT 10963 * or PKT-DROP 10964 */ 10965 sctp_free_a_chunk(stcb, chk); 10966 return; 10967 default: 10968 break; 10969 } 10970 offset += SCTP_SIZE32(chk_length); 10971 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 10972 sizeof(*ch), (uint8_t *) & chunk_buf); 10973 } 10974 10975 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) > 10976 min(stcb->asoc.smallest_mtu, MCLBYTES)) { 10977 /* 10978 * only send 1 mtu worth, trim off the excess on the end. 10979 */ 10980 fullsz = len - extra; 10981 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD; 10982 was_trunc = 1; 10983 } 10984 chk->asoc = &stcb->asoc; 10985 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 10986 if (chk->data == NULL) { 10987jump_out: 10988 sctp_free_a_chunk(stcb, chk); 10989 return; 10990 } 10991 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10992 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 10993 if (drp == NULL) { 10994 sctp_m_freem(chk->data); 10995 chk->data = NULL; 10996 goto jump_out; 10997 } 10998 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 10999 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD)); 11000 chk->book_size_scale = 0; 11001 if (was_trunc) { 11002 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 11003 drp->trunc_len = htons(fullsz); 11004 /* 11005 * Len is already adjusted to size minus overhead above take 11006 * out the pkt_drop chunk itself from it. 11007 */ 11008 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk); 11009 len = chk->send_size; 11010 } else { 11011 /* no truncation needed */ 11012 drp->ch.chunk_flags = 0; 11013 drp->trunc_len = htons(0); 11014 } 11015 if (bad_crc) { 11016 drp->ch.chunk_flags |= SCTP_BADCRC; 11017 } 11018 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 11019 SCTP_BUF_LEN(chk->data) = chk->send_size; 11020 chk->sent = SCTP_DATAGRAM_UNSENT; 11021 chk->snd_count = 0; 11022 if (net) { 11023 /* we should hit here */ 11024 chk->whoTo = net; 11025 } else { 11026 chk->whoTo = asoc->primary_destination; 11027 } 11028 atomic_add_int(&chk->whoTo->ref_count, 1); 11029 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED; 11030 chk->rec.chunk_id.can_take_data = 1; 11031 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 11032 drp->ch.chunk_length = htons(chk->send_size); 11033 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket); 11034 if (spc < 0) { 11035 spc = 0; 11036 } 11037 drp->bottle_bw = htonl(spc); 11038 if (asoc->my_rwnd) { 11039 drp->current_onq = htonl(asoc->size_on_reasm_queue + 11040 asoc->size_on_all_streams + 11041 asoc->my_rwnd_control_len + 11042 stcb->sctp_socket->so_rcv.sb_cc); 11043 } else { 11044 /*- 11045 * If my rwnd is 0, possibly from mbuf depletion as well as 11046 * space used, tell the peer there is NO space aka onq == bw 11047 */ 11048 drp->current_onq = htonl(spc); 11049 } 11050 drp->reserved = 0; 11051 datap = drp->data; 11052 m_copydata(m, iphlen, len, (caddr_t)datap); 11053 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11054 asoc->ctrl_queue_cnt++; 11055} 11056 11057void 11058sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn) 11059{ 11060 struct sctp_association *asoc; 11061 struct sctp_cwr_chunk *cwr; 11062 struct sctp_tmit_chunk *chk; 11063 11064 asoc = &stcb->asoc; 11065 SCTP_TCB_LOCK_ASSERT(stcb); 11066 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 11067 if (chk->rec.chunk_id.id == SCTP_ECN_CWR) { 11068 /* found a previous ECN_CWR update it if needed */ 11069 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11070 if (compare_with_wrap(high_tsn, ntohl(cwr->tsn), 11071 MAX_TSN)) { 11072 cwr->tsn = htonl(high_tsn); 11073 } 11074 return; 11075 } 11076 } 11077 /* nope could not find one to update so we must build one */ 11078 sctp_alloc_a_chunk(stcb, chk); 11079 if (chk == NULL) { 11080 return; 11081 } 11082 chk->copy_by_ref = 0; 11083 chk->rec.chunk_id.id = SCTP_ECN_CWR; 11084 chk->rec.chunk_id.can_take_data = 1; 11085 chk->asoc = &stcb->asoc; 11086 chk->send_size = sizeof(struct sctp_cwr_chunk); 11087 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 11088 if (chk->data == NULL) { 11089 sctp_free_a_chunk(stcb, chk); 11090 return; 11091 } 11092 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11093 SCTP_BUF_LEN(chk->data) = chk->send_size; 11094 chk->sent = SCTP_DATAGRAM_UNSENT; 11095 chk->snd_count = 0; 11096 chk->whoTo = net; 11097 atomic_add_int(&chk->whoTo->ref_count, 1); 11098 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11099 cwr->ch.chunk_type = SCTP_ECN_CWR; 11100 cwr->ch.chunk_flags = 0; 11101 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 11102 cwr->tsn = htonl(high_tsn); 11103 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11104 asoc->ctrl_queue_cnt++; 11105} 11106 11107void 11108sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk, 11109 int number_entries, uint16_t * list, 11110 uint32_t seq, uint32_t resp_seq, uint32_t last_sent) 11111{ 11112 int len, old_len, i; 11113 struct sctp_stream_reset_out_request *req_out; 11114 struct sctp_chunkhdr *ch; 11115 11116 ch = mtod(chk->data, struct sctp_chunkhdr *); 11117 11118 11119 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11120 11121 /* get to new offset for the param. */ 11122 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len); 11123 /* now how long will this param be? */ 11124 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries)); 11125 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST); 11126 req_out->ph.param_length = htons(len); 11127 req_out->request_seq = htonl(seq); 11128 req_out->response_seq = htonl(resp_seq); 11129 req_out->send_reset_at_tsn = htonl(last_sent); 11130 if (number_entries) { 11131 for (i = 0; i < number_entries; i++) { 11132 req_out->list_of_streams[i] = htons(list[i]); 11133 } 11134 } 11135 if (SCTP_SIZE32(len) > len) { 11136 /*- 11137 * Need to worry about the pad we may end up adding to the 11138 * end. This is easy since the struct is either aligned to 4 11139 * bytes or 2 bytes off. 11140 */ 11141 req_out->list_of_streams[number_entries] = 0; 11142 } 11143 /* now fix the chunk length */ 11144 ch->chunk_length = htons(len + old_len); 11145 chk->book_size = len + old_len; 11146 chk->book_size_scale = 0; 11147 chk->send_size = SCTP_SIZE32(chk->book_size); 11148 SCTP_BUF_LEN(chk->data) = chk->send_size; 11149 return; 11150} 11151 11152 11153void 11154sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk, 11155 int number_entries, uint16_t * list, 11156 uint32_t seq) 11157{ 11158 int len, old_len, i; 11159 struct sctp_stream_reset_in_request *req_in; 11160 struct sctp_chunkhdr *ch; 11161 11162 ch = mtod(chk->data, struct sctp_chunkhdr *); 11163 11164 11165 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11166 11167 /* get to new offset for the param. */ 11168 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len); 11169 /* now how long will this param be? */ 11170 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries)); 11171 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST); 11172 req_in->ph.param_length = htons(len); 11173 req_in->request_seq = htonl(seq); 11174 if (number_entries) { 11175 for (i = 0; i < number_entries; i++) { 11176 req_in->list_of_streams[i] = htons(list[i]); 11177 } 11178 } 11179 if (SCTP_SIZE32(len) > len) { 11180 /*- 11181 * Need to worry about the pad we may end up adding to the 11182 * end. This is easy since the struct is either aligned to 4 11183 * bytes or 2 bytes off. 11184 */ 11185 req_in->list_of_streams[number_entries] = 0; 11186 } 11187 /* now fix the chunk length */ 11188 ch->chunk_length = htons(len + old_len); 11189 chk->book_size = len + old_len; 11190 chk->book_size_scale = 0; 11191 chk->send_size = SCTP_SIZE32(chk->book_size); 11192 SCTP_BUF_LEN(chk->data) = chk->send_size; 11193 return; 11194} 11195 11196 11197void 11198sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk, 11199 uint32_t seq) 11200{ 11201 int len, old_len; 11202 struct sctp_stream_reset_tsn_request *req_tsn; 11203 struct sctp_chunkhdr *ch; 11204 11205 ch = mtod(chk->data, struct sctp_chunkhdr *); 11206 11207 11208 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11209 11210 /* get to new offset for the param. */ 11211 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len); 11212 /* now how long will this param be? */ 11213 len = sizeof(struct sctp_stream_reset_tsn_request); 11214 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST); 11215 req_tsn->ph.param_length = htons(len); 11216 req_tsn->request_seq = htonl(seq); 11217 11218 /* now fix the chunk length */ 11219 ch->chunk_length = htons(len + old_len); 11220 chk->send_size = len + old_len; 11221 chk->book_size = SCTP_SIZE32(chk->send_size); 11222 chk->book_size_scale = 0; 11223 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11224 return; 11225} 11226 11227void 11228sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk, 11229 uint32_t resp_seq, uint32_t result) 11230{ 11231 int len, old_len; 11232 struct sctp_stream_reset_response *resp; 11233 struct sctp_chunkhdr *ch; 11234 11235 ch = mtod(chk->data, struct sctp_chunkhdr *); 11236 11237 11238 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11239 11240 /* get to new offset for the param. */ 11241 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len); 11242 /* now how long will this param be? */ 11243 len = sizeof(struct sctp_stream_reset_response); 11244 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11245 resp->ph.param_length = htons(len); 11246 resp->response_seq = htonl(resp_seq); 11247 resp->result = ntohl(result); 11248 11249 /* now fix the chunk length */ 11250 ch->chunk_length = htons(len + old_len); 11251 chk->book_size = len + old_len; 11252 chk->book_size_scale = 0; 11253 chk->send_size = SCTP_SIZE32(chk->book_size); 11254 SCTP_BUF_LEN(chk->data) = chk->send_size; 11255 return; 11256 11257} 11258 11259 11260void 11261sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk, 11262 uint32_t resp_seq, uint32_t result, 11263 uint32_t send_una, uint32_t recv_next) 11264{ 11265 int len, old_len; 11266 struct sctp_stream_reset_response_tsn *resp; 11267 struct sctp_chunkhdr *ch; 11268 11269 ch = mtod(chk->data, struct sctp_chunkhdr *); 11270 11271 11272 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11273 11274 /* get to new offset for the param. */ 11275 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len); 11276 /* now how long will this param be? */ 11277 len = sizeof(struct sctp_stream_reset_response_tsn); 11278 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11279 resp->ph.param_length = htons(len); 11280 resp->response_seq = htonl(resp_seq); 11281 resp->result = htonl(result); 11282 resp->senders_next_tsn = htonl(send_una); 11283 resp->receivers_next_tsn = htonl(recv_next); 11284 11285 /* now fix the chunk length */ 11286 ch->chunk_length = htons(len + old_len); 11287 chk->book_size = len + old_len; 11288 chk->send_size = SCTP_SIZE32(chk->book_size); 11289 chk->book_size_scale = 0; 11290 SCTP_BUF_LEN(chk->data) = chk->send_size; 11291 return; 11292} 11293 11294static void 11295sctp_add_a_stream(struct sctp_tmit_chunk *chk, 11296 uint32_t seq, 11297 uint16_t adding) 11298{ 11299 int len, old_len; 11300 struct sctp_chunkhdr *ch; 11301 struct sctp_stream_reset_add_strm *addstr; 11302 11303 ch = mtod(chk->data, struct sctp_chunkhdr *); 11304 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11305 11306 /* get to new offset for the param. */ 11307 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 11308 /* now how long will this param be? */ 11309 len = sizeof(struct sctp_stream_reset_add_strm); 11310 11311 /* Fill it out. */ 11312 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_STREAMS); 11313 addstr->ph.param_length = htons(len); 11314 addstr->request_seq = htonl(seq); 11315 addstr->number_of_streams = htons(adding); 11316 addstr->reserved = 0; 11317 11318 /* now fix the chunk length */ 11319 ch->chunk_length = htons(len + old_len); 11320 chk->send_size = len + old_len; 11321 chk->book_size = SCTP_SIZE32(chk->send_size); 11322 chk->book_size_scale = 0; 11323 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11324 return; 11325} 11326 11327int 11328sctp_send_str_reset_req(struct sctp_tcb *stcb, 11329 int number_entries, uint16_t * list, 11330 uint8_t send_out_req, 11331 uint32_t resp_seq, 11332 uint8_t send_in_req, 11333 uint8_t send_tsn_req, 11334 uint8_t add_stream, 11335 uint16_t adding 11336) 11337{ 11338 11339 struct sctp_association *asoc; 11340 struct sctp_tmit_chunk *chk; 11341 struct sctp_chunkhdr *ch; 11342 uint32_t seq; 11343 11344 asoc = &stcb->asoc; 11345 if (asoc->stream_reset_outstanding) { 11346 /*- 11347 * Already one pending, must get ACK back to clear the flag. 11348 */ 11349 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY); 11350 return (EBUSY); 11351 } 11352 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0) && 11353 (add_stream == 0)) { 11354 /* nothing to do */ 11355 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11356 return (EINVAL); 11357 } 11358 if (send_tsn_req && (send_out_req || send_in_req)) { 11359 /* error, can't do that */ 11360 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11361 return (EINVAL); 11362 } 11363 sctp_alloc_a_chunk(stcb, chk); 11364 if (chk == NULL) { 11365 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11366 return (ENOMEM); 11367 } 11368 chk->copy_by_ref = 0; 11369 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 11370 chk->rec.chunk_id.can_take_data = 0; 11371 chk->asoc = &stcb->asoc; 11372 chk->book_size = sizeof(struct sctp_chunkhdr); 11373 chk->send_size = SCTP_SIZE32(chk->book_size); 11374 chk->book_size_scale = 0; 11375 11376 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 11377 if (chk->data == NULL) { 11378 sctp_free_a_chunk(stcb, chk); 11379 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11380 return (ENOMEM); 11381 } 11382 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11383 11384 /* setup chunk parameters */ 11385 chk->sent = SCTP_DATAGRAM_UNSENT; 11386 chk->snd_count = 0; 11387 chk->whoTo = asoc->primary_destination; 11388 atomic_add_int(&chk->whoTo->ref_count, 1); 11389 11390 ch = mtod(chk->data, struct sctp_chunkhdr *); 11391 ch->chunk_type = SCTP_STREAM_RESET; 11392 ch->chunk_flags = 0; 11393 ch->chunk_length = htons(chk->book_size); 11394 SCTP_BUF_LEN(chk->data) = chk->send_size; 11395 11396 seq = stcb->asoc.str_reset_seq_out; 11397 if (send_out_req) { 11398 sctp_add_stream_reset_out(chk, number_entries, list, 11399 seq, resp_seq, (stcb->asoc.sending_seq - 1)); 11400 asoc->stream_reset_out_is_outstanding = 1; 11401 seq++; 11402 asoc->stream_reset_outstanding++; 11403 } 11404 if (add_stream) { 11405 sctp_add_a_stream(chk, seq, adding); 11406 seq++; 11407 asoc->stream_reset_outstanding++; 11408 } 11409 if (send_in_req) { 11410 sctp_add_stream_reset_in(chk, number_entries, list, seq); 11411 asoc->stream_reset_outstanding++; 11412 } 11413 if (send_tsn_req) { 11414 sctp_add_stream_reset_tsn(chk, seq); 11415 asoc->stream_reset_outstanding++; 11416 } 11417 asoc->str_reset = chk; 11418 11419 /* insert the chunk for sending */ 11420 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 11421 chk, 11422 sctp_next); 11423 asoc->ctrl_queue_cnt++; 11424 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 11425 return (0); 11426} 11427 11428void 11429sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag, 11430 struct mbuf *err_cause, uint32_t vrf_id, uint16_t port) 11431{ 11432 /*- 11433 * Formulate the abort message, and send it back down. 11434 */ 11435 struct mbuf *o_pak; 11436 struct mbuf *mout; 11437 struct sctp_abort_msg *abm; 11438 struct ip *iph, *iph_out; 11439 struct udphdr *udp; 11440 11441#ifdef INET6 11442 struct ip6_hdr *ip6, *ip6_out; 11443 11444#endif 11445 int iphlen_out, len; 11446 11447 /* don't respond to ABORT with ABORT */ 11448 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 11449 if (err_cause) 11450 sctp_m_freem(err_cause); 11451 return; 11452 } 11453 iph = mtod(m, struct ip *); 11454 switch (iph->ip_v) { 11455 case IPVERSION: 11456 len = (sizeof(struct ip) + sizeof(struct sctp_abort_msg)); 11457 break; 11458#ifdef INET6 11459 case IPV6_VERSION >> 4: 11460 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_abort_msg)); 11461 break; 11462#endif 11463 default: 11464 if (err_cause) { 11465 sctp_m_freem(err_cause); 11466 } 11467 return; 11468 } 11469 if (port) { 11470 len += sizeof(struct udphdr); 11471 } 11472 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 11473 if (mout == NULL) { 11474 if (err_cause) { 11475 sctp_m_freem(err_cause); 11476 } 11477 return; 11478 } 11479 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11480 SCTP_BUF_LEN(mout) = len; 11481 SCTP_BUF_NEXT(mout) = err_cause; 11482 iph_out = NULL; 11483#ifdef INET6 11484 ip6_out = NULL; 11485#endif 11486 switch (iph->ip_v) { 11487 case IPVERSION: 11488 iph_out = mtod(mout, struct ip *); 11489 11490 /* Fill in the IP header for the ABORT */ 11491 iph_out->ip_v = IPVERSION; 11492 iph_out->ip_hl = (sizeof(struct ip) / 4); 11493 iph_out->ip_tos = (u_char)0; 11494 iph_out->ip_id = 0; 11495 iph_out->ip_off = 0; 11496 iph_out->ip_ttl = MAXTTL; 11497 if (port) { 11498 iph_out->ip_p = IPPROTO_UDP; 11499 } else { 11500 iph_out->ip_p = IPPROTO_SCTP; 11501 } 11502 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 11503 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 11504 /* let IP layer calculate this */ 11505 iph_out->ip_sum = 0; 11506 11507 iphlen_out = sizeof(*iph_out); 11508 abm = (struct sctp_abort_msg *)((caddr_t)iph_out + iphlen_out); 11509 break; 11510#ifdef INET6 11511 case IPV6_VERSION >> 4: 11512 ip6 = (struct ip6_hdr *)iph; 11513 ip6_out = mtod(mout, struct ip6_hdr *); 11514 11515 /* Fill in the IP6 header for the ABORT */ 11516 ip6_out->ip6_flow = ip6->ip6_flow; 11517 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11518 if (port) { 11519 ip6_out->ip6_nxt = IPPROTO_UDP; 11520 } else { 11521 ip6_out->ip6_nxt = IPPROTO_SCTP; 11522 } 11523 ip6_out->ip6_src = ip6->ip6_dst; 11524 ip6_out->ip6_dst = ip6->ip6_src; 11525 11526 iphlen_out = sizeof(*ip6_out); 11527 abm = (struct sctp_abort_msg *)((caddr_t)ip6_out + iphlen_out); 11528 break; 11529#endif /* INET6 */ 11530 default: 11531 /* Currently not supported */ 11532 sctp_m_freem(mout); 11533 return; 11534 } 11535 11536 udp = (struct udphdr *)abm; 11537 if (port) { 11538 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11539 udp->uh_dport = port; 11540 /* set udp->uh_ulen later */ 11541 udp->uh_sum = 0; 11542 iphlen_out += sizeof(struct udphdr); 11543 abm = (struct sctp_abort_msg *)((caddr_t)abm + sizeof(struct udphdr)); 11544 } 11545 abm->sh.src_port = sh->dest_port; 11546 abm->sh.dest_port = sh->src_port; 11547 abm->sh.checksum = 0; 11548 if (vtag == 0) { 11549 abm->sh.v_tag = sh->v_tag; 11550 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB; 11551 } else { 11552 abm->sh.v_tag = htonl(vtag); 11553 abm->msg.ch.chunk_flags = 0; 11554 } 11555 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION; 11556 11557 if (err_cause) { 11558 struct mbuf *m_tmp = err_cause; 11559 int err_len = 0; 11560 11561 /* get length of the err_cause chain */ 11562 while (m_tmp != NULL) { 11563 err_len += SCTP_BUF_LEN(m_tmp); 11564 m_tmp = SCTP_BUF_NEXT(m_tmp); 11565 } 11566 len = SCTP_BUF_LEN(mout) + err_len; 11567 if (err_len % 4) { 11568 /* need pad at end of chunk */ 11569 uint32_t cpthis = 0; 11570 int padlen; 11571 11572 padlen = 4 - (len % 4); 11573 m_copyback(mout, len, padlen, (caddr_t)&cpthis); 11574 len += padlen; 11575 } 11576 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len); 11577 } else { 11578 len = SCTP_BUF_LEN(mout); 11579 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch)); 11580 } 11581 11582 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11583 /* no mbuf's */ 11584 sctp_m_freem(mout); 11585 return; 11586 } 11587 if (iph_out != NULL) { 11588 sctp_route_t ro; 11589 struct sctp_tcb *stcb = NULL; 11590 int ret; 11591 11592 /* zap the stack pointer to the route */ 11593 bzero(&ro, sizeof ro); 11594 if (port) { 11595 udp->uh_ulen = htons(len - sizeof(struct ip)); 11596 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11597 } 11598 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip_output:\n"); 11599 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, iph_out, &abm->sh); 11600 /* set IPv4 length */ 11601 iph_out->ip_len = len; 11602 /* out it goes */ 11603#ifdef SCTP_PACKET_LOGGING 11604 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11605 sctp_packet_log(mout, len); 11606#endif 11607 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11608 if (port) { 11609 abm->sh.checksum = sctp_calculate_cksum(mout, iphlen_out); 11610 SCTP_STAT_INCR(sctps_sendswcrc); 11611 SCTP_ENABLE_UDP_CSUM(o_pak); 11612 } else { 11613 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11614 mout->m_pkthdr.csum_data = 0; 11615 SCTP_STAT_INCR(sctps_sendhwcrc); 11616 } 11617 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id); 11618 11619 /* Free the route if we got one back */ 11620 if (ro.ro_rt) 11621 RTFREE(ro.ro_rt); 11622 } 11623#ifdef INET6 11624 if (ip6_out != NULL) { 11625 struct route_in6 ro; 11626 int ret; 11627 struct sctp_tcb *stcb = NULL; 11628 struct ifnet *ifp = NULL; 11629 11630 /* zap the stack pointer to the route */ 11631 bzero(&ro, sizeof(ro)); 11632 if (port) { 11633 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr)); 11634 } 11635 SCTPDBG(SCTP_DEBUG_OUTPUT2, "sctp_send_abort calling ip6_output:\n"); 11636 SCTPDBG_PKT(SCTP_DEBUG_OUTPUT2, (struct ip *)ip6_out, &abm->sh); 11637 ip6_out->ip6_plen = len - sizeof(*ip6_out); 11638#ifdef SCTP_PACKET_LOGGING 11639 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11640 sctp_packet_log(mout, len); 11641#endif 11642 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11643 if (port) { 11644 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11645 (stcb) && 11646 (stcb->asoc.loopback_scope))) { 11647 abm->sh.checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11648 SCTP_STAT_INCR(sctps_sendswcrc); 11649 } else { 11650 SCTP_STAT_INCR(sctps_sendnocrc); 11651 } 11652 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11653 udp->uh_sum = 0xffff; 11654 } 11655 } else { 11656 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11657 (stcb) && 11658 (stcb->asoc.loopback_scope))) { 11659 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11660 mout->m_pkthdr.csum_data = 0; 11661 SCTP_STAT_INCR(sctps_sendhwcrc); 11662 } else { 11663 SCTP_STAT_INCR(sctps_sendnocrc); 11664 } 11665 } 11666 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id); 11667 11668 /* Free the route if we got one back */ 11669 if (ro.ro_rt) 11670 RTFREE(ro.ro_rt); 11671 } 11672#endif 11673 SCTP_STAT_INCR(sctps_sendpackets); 11674 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11675 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11676} 11677 11678void 11679sctp_send_operr_to(struct mbuf *m, int iphlen, struct mbuf *scm, uint32_t vtag, 11680 uint32_t vrf_id, uint16_t port) 11681{ 11682 struct mbuf *o_pak; 11683 struct sctphdr *sh, *sh_out; 11684 struct sctp_chunkhdr *ch; 11685 struct ip *iph, *iph_out; 11686 struct udphdr *udp = NULL; 11687 struct mbuf *mout; 11688 11689#ifdef INET6 11690 struct ip6_hdr *ip6, *ip6_out; 11691 11692#endif 11693 int iphlen_out, len; 11694 11695 iph = mtod(m, struct ip *); 11696 sh = (struct sctphdr *)((caddr_t)iph + iphlen); 11697 switch (iph->ip_v) { 11698 case IPVERSION: 11699 len = (sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)); 11700 break; 11701#ifdef INET6 11702 case IPV6_VERSION >> 4: 11703 len = (sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)); 11704 break; 11705#endif 11706 default: 11707 if (scm) { 11708 sctp_m_freem(scm); 11709 } 11710 return; 11711 } 11712 if (port) { 11713 len += sizeof(struct udphdr); 11714 } 11715 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_DONTWAIT, 1, MT_DATA); 11716 if (mout == NULL) { 11717 if (scm) { 11718 sctp_m_freem(scm); 11719 } 11720 return; 11721 } 11722 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11723 SCTP_BUF_LEN(mout) = len; 11724 SCTP_BUF_NEXT(mout) = scm; 11725 iph_out = NULL; 11726#ifdef INET6 11727 ip6_out = NULL; 11728#endif 11729 switch (iph->ip_v) { 11730 case IPVERSION: 11731 iph_out = mtod(mout, struct ip *); 11732 11733 /* Fill in the IP header for the ABORT */ 11734 iph_out->ip_v = IPVERSION; 11735 iph_out->ip_hl = (sizeof(struct ip) / 4); 11736 iph_out->ip_tos = (u_char)0; 11737 iph_out->ip_id = 0; 11738 iph_out->ip_off = 0; 11739 iph_out->ip_ttl = MAXTTL; 11740 if (port) { 11741 iph_out->ip_p = IPPROTO_UDP; 11742 } else { 11743 iph_out->ip_p = IPPROTO_SCTP; 11744 } 11745 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 11746 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 11747 /* let IP layer calculate this */ 11748 iph_out->ip_sum = 0; 11749 11750 iphlen_out = sizeof(struct ip); 11751 sh_out = (struct sctphdr *)((caddr_t)iph_out + iphlen_out); 11752 break; 11753#ifdef INET6 11754 case IPV6_VERSION >> 4: 11755 ip6 = (struct ip6_hdr *)iph; 11756 ip6_out = mtod(mout, struct ip6_hdr *); 11757 11758 /* Fill in the IP6 header for the ABORT */ 11759 ip6_out->ip6_flow = ip6->ip6_flow; 11760 ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11761 if (port) { 11762 ip6_out->ip6_nxt = IPPROTO_UDP; 11763 } else { 11764 ip6_out->ip6_nxt = IPPROTO_SCTP; 11765 } 11766 ip6_out->ip6_src = ip6->ip6_dst; 11767 ip6_out->ip6_dst = ip6->ip6_src; 11768 11769 iphlen_out = sizeof(struct ip6_hdr); 11770 sh_out = (struct sctphdr *)((caddr_t)ip6_out + iphlen_out); 11771 break; 11772#endif /* INET6 */ 11773 default: 11774 /* Currently not supported */ 11775 sctp_m_freem(mout); 11776 return; 11777 } 11778 11779 udp = (struct udphdr *)sh_out; 11780 if (port) { 11781 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11782 udp->uh_dport = port; 11783 /* set udp->uh_ulen later */ 11784 udp->uh_sum = 0; 11785 iphlen_out += sizeof(struct udphdr); 11786 sh_out = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 11787 } 11788 sh_out->src_port = sh->dest_port; 11789 sh_out->dest_port = sh->src_port; 11790 sh_out->v_tag = vtag; 11791 sh_out->checksum = 0; 11792 11793 ch = (struct sctp_chunkhdr *)((caddr_t)sh_out + sizeof(struct sctphdr)); 11794 ch->chunk_type = SCTP_OPERATION_ERROR; 11795 ch->chunk_flags = 0; 11796 11797 if (scm) { 11798 struct mbuf *m_tmp = scm; 11799 int cause_len = 0; 11800 11801 /* get length of the err_cause chain */ 11802 while (m_tmp != NULL) { 11803 cause_len += SCTP_BUF_LEN(m_tmp); 11804 m_tmp = SCTP_BUF_NEXT(m_tmp); 11805 } 11806 len = SCTP_BUF_LEN(mout) + cause_len; 11807 if (cause_len % 4) { 11808 /* need pad at end of chunk */ 11809 uint32_t cpthis = 0; 11810 int padlen; 11811 11812 padlen = 4 - (len % 4); 11813 m_copyback(mout, len, padlen, (caddr_t)&cpthis); 11814 len += padlen; 11815 } 11816 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len); 11817 } else { 11818 len = SCTP_BUF_LEN(mout); 11819 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr)); 11820 } 11821 11822 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11823 /* no mbuf's */ 11824 sctp_m_freem(mout); 11825 return; 11826 } 11827 if (iph_out != NULL) { 11828 sctp_route_t ro; 11829 struct sctp_tcb *stcb = NULL; 11830 int ret; 11831 11832 /* zap the stack pointer to the route */ 11833 bzero(&ro, sizeof ro); 11834 if (port) { 11835 udp->uh_ulen = htons(len - sizeof(struct ip)); 11836 udp->uh_sum = in_pseudo(iph_out->ip_src.s_addr, iph_out->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11837 } 11838 /* set IPv4 length */ 11839 iph_out->ip_len = len; 11840 /* out it goes */ 11841#ifdef SCTP_PACKET_LOGGING 11842 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11843 sctp_packet_log(mout, len); 11844#endif 11845 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11846 if (port) { 11847 sh_out->checksum = sctp_calculate_cksum(mout, iphlen_out); 11848 SCTP_STAT_INCR(sctps_sendswcrc); 11849 SCTP_ENABLE_UDP_CSUM(o_pak); 11850 } else { 11851 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11852 mout->m_pkthdr.csum_data = 0; 11853 SCTP_STAT_INCR(sctps_sendhwcrc); 11854 } 11855 SCTP_IP_OUTPUT(ret, o_pak, &ro, stcb, vrf_id); 11856 11857 /* Free the route if we got one back */ 11858 if (ro.ro_rt) 11859 RTFREE(ro.ro_rt); 11860 } 11861#ifdef INET6 11862 if (ip6_out != NULL) { 11863 struct route_in6 ro; 11864 int ret; 11865 struct sctp_tcb *stcb = NULL; 11866 struct ifnet *ifp = NULL; 11867 11868 /* zap the stack pointer to the route */ 11869 bzero(&ro, sizeof(ro)); 11870 if (port) { 11871 udp->uh_ulen = htons(len - sizeof(struct ip6_hdr)); 11872 } 11873 ip6_out->ip6_plen = len - sizeof(*ip6_out); 11874#ifdef SCTP_PACKET_LOGGING 11875 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 11876 sctp_packet_log(mout, len); 11877#endif 11878 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11879 if (port) { 11880 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11881 (stcb) && 11882 (stcb->asoc.loopback_scope))) { 11883 sh_out->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11884 SCTP_STAT_INCR(sctps_sendswcrc); 11885 } else { 11886 SCTP_STAT_INCR(sctps_sendnocrc); 11887 } 11888 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11889 udp->uh_sum = 0xffff; 11890 } 11891 } else { 11892 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 11893 (stcb) && 11894 (stcb->asoc.loopback_scope))) { 11895 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11896 mout->m_pkthdr.csum_data = 0; 11897 SCTP_STAT_INCR(sctps_sendhwcrc); 11898 } else { 11899 SCTP_STAT_INCR(sctps_sendnocrc); 11900 } 11901 } 11902 SCTP_IP6_OUTPUT(ret, o_pak, &ro, &ifp, stcb, vrf_id); 11903 11904 /* Free the route if we got one back */ 11905 if (ro.ro_rt) 11906 RTFREE(ro.ro_rt); 11907 } 11908#endif 11909 SCTP_STAT_INCR(sctps_sendpackets); 11910 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11911 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11912} 11913 11914static struct mbuf * 11915sctp_copy_resume(struct sctp_stream_queue_pending *sp, 11916 struct uio *uio, 11917 struct sctp_sndrcvinfo *srcv, 11918 int max_send_len, 11919 int user_marks_eor, 11920 int *error, 11921 uint32_t * sndout, 11922 struct mbuf **new_tail) 11923{ 11924 struct mbuf *m; 11925 11926 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0, 11927 (M_PKTHDR | (user_marks_eor ? M_EOR : 0))); 11928 if (m == NULL) { 11929 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11930 *error = ENOMEM; 11931 } else { 11932 *sndout = m_length(m, NULL); 11933 *new_tail = m_last(m); 11934 } 11935 return (m); 11936} 11937 11938static int 11939sctp_copy_one(struct sctp_stream_queue_pending *sp, 11940 struct uio *uio, 11941 int resv_upfront) 11942{ 11943 int left; 11944 11945 left = sp->length; 11946 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, 11947 resv_upfront, 0); 11948 if (sp->data == NULL) { 11949 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11950 return (ENOMEM); 11951 } 11952 sp->tail_mbuf = m_last(sp->data); 11953 return (0); 11954} 11955 11956 11957 11958static struct sctp_stream_queue_pending * 11959sctp_copy_it_in(struct sctp_tcb *stcb, 11960 struct sctp_association *asoc, 11961 struct sctp_sndrcvinfo *srcv, 11962 struct uio *uio, 11963 struct sctp_nets *net, 11964 int max_send_len, 11965 int user_marks_eor, 11966 int *error, 11967 int non_blocking) 11968{ 11969 /*- 11970 * This routine must be very careful in its work. Protocol 11971 * processing is up and running so care must be taken to spl...() 11972 * when you need to do something that may effect the stcb/asoc. The 11973 * sb is locked however. When data is copied the protocol processing 11974 * should be enabled since this is a slower operation... 11975 */ 11976 struct sctp_stream_queue_pending *sp = NULL; 11977 int resv_in_first; 11978 11979 *error = 0; 11980 /* Now can we send this? */ 11981 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 11982 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 11983 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 11984 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 11985 /* got data while shutting down */ 11986 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 11987 *error = ECONNRESET; 11988 goto out_now; 11989 } 11990 sctp_alloc_a_strmoq(stcb, sp); 11991 if (sp == NULL) { 11992 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11993 *error = ENOMEM; 11994 goto out_now; 11995 } 11996 sp->act_flags = 0; 11997 sp->sender_all_done = 0; 11998 sp->sinfo_flags = srcv->sinfo_flags; 11999 sp->timetolive = srcv->sinfo_timetolive; 12000 sp->ppid = srcv->sinfo_ppid; 12001 sp->context = srcv->sinfo_context; 12002 sp->strseq = 0; 12003 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 12004 12005 sp->stream = srcv->sinfo_stream; 12006 sp->length = min(uio->uio_resid, max_send_len); 12007 if ((sp->length == (uint32_t) uio->uio_resid) && 12008 ((user_marks_eor == 0) || 12009 (srcv->sinfo_flags & SCTP_EOF) || 12010 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12011 sp->msg_is_complete = 1; 12012 } else { 12013 sp->msg_is_complete = 0; 12014 } 12015 sp->sender_all_done = 0; 12016 sp->some_taken = 0; 12017 sp->put_last_out = 0; 12018 resv_in_first = sizeof(struct sctp_data_chunk); 12019 sp->data = sp->tail_mbuf = NULL; 12020 if (sp->length == 0) { 12021 *error = 0; 12022 goto skip_copy; 12023 } 12024 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 12025 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 12026 sctp_auth_key_acquire(stcb, stcb->asoc.authinfo.active_keyid); 12027 sp->holds_key_ref = 1; 12028 } 12029 *error = sctp_copy_one(sp, uio, resv_in_first); 12030skip_copy: 12031 if (*error) { 12032 sctp_free_a_strmoq(stcb, sp); 12033 sp = NULL; 12034 } else { 12035 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 12036 sp->net = net; 12037 } else { 12038 sp->net = asoc->primary_destination; 12039 } 12040 atomic_add_int(&sp->net->ref_count, 1); 12041 sctp_set_prsctp_policy(sp); 12042 } 12043out_now: 12044 return (sp); 12045} 12046 12047 12048int 12049sctp_sosend(struct socket *so, 12050 struct sockaddr *addr, 12051 struct uio *uio, 12052 struct mbuf *top, 12053 struct mbuf *control, 12054 int flags, 12055 struct thread *p 12056) 12057{ 12058 struct sctp_inpcb *inp; 12059 int error, use_rcvinfo = 0; 12060 struct sctp_sndrcvinfo srcv; 12061 struct sockaddr *addr_to_use; 12062 12063#ifdef INET6 12064 struct sockaddr_in sin; 12065 12066#endif 12067 12068 inp = (struct sctp_inpcb *)so->so_pcb; 12069 if (control) { 12070 /* process cmsg snd/rcv info (maybe a assoc-id) */ 12071 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control, 12072 sizeof(srcv))) { 12073 /* got one */ 12074 use_rcvinfo = 1; 12075 } 12076 } 12077 addr_to_use = addr; 12078#if defined(INET6) && !defined(__Userspace__) /* TODO port in6_sin6_2_sin */ 12079 if ((addr) && (addr->sa_family == AF_INET6)) { 12080 struct sockaddr_in6 *sin6; 12081 12082 sin6 = (struct sockaddr_in6 *)addr; 12083 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 12084 in6_sin6_2_sin(&sin, sin6); 12085 addr_to_use = (struct sockaddr *)&sin; 12086 } 12087 } 12088#endif 12089 error = sctp_lower_sosend(so, addr_to_use, uio, top, 12090 control, 12091 flags, 12092 use_rcvinfo, &srcv 12093 ,p 12094 ); 12095 return (error); 12096} 12097 12098 12099int 12100sctp_lower_sosend(struct socket *so, 12101 struct sockaddr *addr, 12102 struct uio *uio, 12103 struct mbuf *i_pak, 12104 struct mbuf *control, 12105 int flags, 12106 int use_rcvinfo, 12107 struct sctp_sndrcvinfo *srcv 12108 , 12109 struct thread *p 12110) 12111{ 12112 unsigned int sndlen = 0, max_len; 12113 int error, len; 12114 struct mbuf *top = NULL; 12115 int queue_only = 0, queue_only_for_init = 0; 12116 int free_cnt_applied = 0; 12117 int un_sent = 0; 12118 int now_filled = 0; 12119 unsigned int inqueue_bytes = 0; 12120 struct sctp_block_entry be; 12121 struct sctp_inpcb *inp; 12122 struct sctp_tcb *stcb = NULL; 12123 struct timeval now; 12124 struct sctp_nets *net; 12125 struct sctp_association *asoc; 12126 struct sctp_inpcb *t_inp; 12127 int user_marks_eor; 12128 int create_lock_applied = 0; 12129 int nagle_applies = 0; 12130 int some_on_control = 0; 12131 int got_all_of_the_send = 0; 12132 int hold_tcblock = 0; 12133 int non_blocking = 0; 12134 int temp_flags = 0; 12135 uint32_t local_add_more, local_soresv = 0; 12136 12137 error = 0; 12138 net = NULL; 12139 stcb = NULL; 12140 asoc = NULL; 12141 12142 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 12143 if (inp == NULL) { 12144 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12145 error = EINVAL; 12146 if (i_pak) { 12147 SCTP_RELEASE_PKT(i_pak); 12148 } 12149 return (error); 12150 } 12151 if ((uio == NULL) && (i_pak == NULL)) { 12152 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12153 return (EINVAL); 12154 } 12155 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 12156 atomic_add_int(&inp->total_sends, 1); 12157 if (uio) { 12158 if (uio->uio_resid < 0) { 12159 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12160 return (EINVAL); 12161 } 12162 sndlen = uio->uio_resid; 12163 } else { 12164 top = SCTP_HEADER_TO_CHAIN(i_pak); 12165 sndlen = SCTP_HEADER_LEN(i_pak); 12166 } 12167 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n", 12168 addr, 12169 sndlen); 12170 /*- 12171 * Pre-screen address, if one is given the sin-len 12172 * must be set correctly! 12173 */ 12174 if (addr) { 12175 if ((addr->sa_family == AF_INET) && 12176 (addr->sa_len != sizeof(struct sockaddr_in))) { 12177 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12178 error = EINVAL; 12179 goto out_unlocked; 12180 } else if ((addr->sa_family == AF_INET6) && 12181 (addr->sa_len != sizeof(struct sockaddr_in6))) { 12182 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12183 error = EINVAL; 12184 goto out_unlocked; 12185 } 12186 } 12187 hold_tcblock = 0; 12188 12189 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 12190 (inp->sctp_socket->so_qlimit)) { 12191 /* The listener can NOT send */ 12192 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12193 error = ENOTCONN; 12194 goto out_unlocked; 12195 } 12196 if ((use_rcvinfo) && srcv) { 12197 if (INVALID_SINFO_FLAG(srcv->sinfo_flags) || 12198 PR_SCTP_INVALID_POLICY(srcv->sinfo_flags)) { 12199 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12200 error = EINVAL; 12201 goto out_unlocked; 12202 } 12203 if (srcv->sinfo_flags) 12204 SCTP_STAT_INCR(sctps_sends_with_flags); 12205 12206 if (srcv->sinfo_flags & SCTP_SENDALL) { 12207 /* its a sendall */ 12208 error = sctp_sendall(inp, uio, top, srcv); 12209 top = NULL; 12210 goto out_unlocked; 12211 } 12212 } 12213 /* now we must find the assoc */ 12214 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) || 12215 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12216 SCTP_INP_RLOCK(inp); 12217 stcb = LIST_FIRST(&inp->sctp_asoc_list); 12218 if (stcb == NULL) { 12219 SCTP_INP_RUNLOCK(inp); 12220 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12221 error = ENOTCONN; 12222 goto out_unlocked; 12223 } 12224 SCTP_TCB_LOCK(stcb); 12225 hold_tcblock = 1; 12226 SCTP_INP_RUNLOCK(inp); 12227 if (addr) { 12228 /* Must locate the net structure if addr given */ 12229 net = sctp_findnet(stcb, addr); 12230 if (net) { 12231 /* validate port was 0 or correct */ 12232 struct sockaddr_in *sin; 12233 12234 sin = (struct sockaddr_in *)addr; 12235 if ((sin->sin_port != 0) && 12236 (sin->sin_port != stcb->rport)) { 12237 net = NULL; 12238 } 12239 } 12240 temp_flags |= SCTP_ADDR_OVER; 12241 } else 12242 net = stcb->asoc.primary_destination; 12243 if (addr && (net == NULL)) { 12244 /* Could not find address, was it legal */ 12245 if (addr->sa_family == AF_INET) { 12246 struct sockaddr_in *sin; 12247 12248 sin = (struct sockaddr_in *)addr; 12249 if (sin->sin_addr.s_addr == 0) { 12250 if ((sin->sin_port == 0) || 12251 (sin->sin_port == stcb->rport)) { 12252 net = stcb->asoc.primary_destination; 12253 } 12254 } 12255 } else { 12256 struct sockaddr_in6 *sin6; 12257 12258 sin6 = (struct sockaddr_in6 *)addr; 12259 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 12260 if ((sin6->sin6_port == 0) || 12261 (sin6->sin6_port == stcb->rport)) { 12262 net = stcb->asoc.primary_destination; 12263 } 12264 } 12265 } 12266 } 12267 if (net == NULL) { 12268 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12269 error = EINVAL; 12270 goto out_unlocked; 12271 } 12272 } else if (use_rcvinfo && srcv && srcv->sinfo_assoc_id) { 12273 stcb = sctp_findassociation_ep_asocid(inp, srcv->sinfo_assoc_id, 0); 12274 if (stcb) { 12275 if (addr) 12276 /* 12277 * Must locate the net structure if addr 12278 * given 12279 */ 12280 net = sctp_findnet(stcb, addr); 12281 else 12282 net = stcb->asoc.primary_destination; 12283 if ((srcv->sinfo_flags & SCTP_ADDR_OVER) && 12284 ((net == NULL) || (addr == NULL))) { 12285 struct sockaddr_in *sin; 12286 12287 if (addr == NULL) { 12288 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12289 error = EINVAL; 12290 goto out_unlocked; 12291 } 12292 sin = (struct sockaddr_in *)addr; 12293 /* Validate port is 0 or correct */ 12294 if ((sin->sin_port != 0) && 12295 (sin->sin_port != stcb->rport)) { 12296 net = NULL; 12297 } 12298 } 12299 } 12300 hold_tcblock = 0; 12301 } else if (addr) { 12302 /*- 12303 * Since we did not use findep we must 12304 * increment it, and if we don't find a tcb 12305 * decrement it. 12306 */ 12307 SCTP_INP_WLOCK(inp); 12308 SCTP_INP_INCR_REF(inp); 12309 SCTP_INP_WUNLOCK(inp); 12310 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12311 if (stcb == NULL) { 12312 SCTP_INP_WLOCK(inp); 12313 SCTP_INP_DECR_REF(inp); 12314 SCTP_INP_WUNLOCK(inp); 12315 } else { 12316 hold_tcblock = 1; 12317 } 12318 } 12319 if ((stcb == NULL) && (addr)) { 12320 /* Possible implicit send? */ 12321 SCTP_ASOC_CREATE_LOCK(inp); 12322 create_lock_applied = 1; 12323 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 12324 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 12325 /* Should I really unlock ? */ 12326 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12327 error = EINVAL; 12328 goto out_unlocked; 12329 12330 } 12331 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 12332 (addr->sa_family == AF_INET6)) { 12333 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12334 error = EINVAL; 12335 goto out_unlocked; 12336 } 12337 SCTP_INP_WLOCK(inp); 12338 SCTP_INP_INCR_REF(inp); 12339 SCTP_INP_WUNLOCK(inp); 12340 /* With the lock applied look again */ 12341 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12342 if (stcb == NULL) { 12343 SCTP_INP_WLOCK(inp); 12344 SCTP_INP_DECR_REF(inp); 12345 SCTP_INP_WUNLOCK(inp); 12346 } else { 12347 hold_tcblock = 1; 12348 } 12349 if (t_inp != inp) { 12350 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12351 error = ENOTCONN; 12352 goto out_unlocked; 12353 } 12354 } 12355 if (stcb == NULL) { 12356 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 12357 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12358 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12359 error = ENOTCONN; 12360 goto out_unlocked; 12361 } 12362 if (addr == NULL) { 12363 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12364 error = ENOENT; 12365 goto out_unlocked; 12366 } else { 12367 /* 12368 * UDP style, we must go ahead and start the INIT 12369 * process 12370 */ 12371 uint32_t vrf_id; 12372 12373 if ((use_rcvinfo) && (srcv) && 12374 ((srcv->sinfo_flags & SCTP_ABORT) || 12375 ((srcv->sinfo_flags & SCTP_EOF) && 12376 (sndlen == 0)))) { 12377 /*- 12378 * User asks to abort a non-existant assoc, 12379 * or EOF a non-existant assoc with no data 12380 */ 12381 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12382 error = ENOENT; 12383 goto out_unlocked; 12384 } 12385 /* get an asoc/stcb struct */ 12386 vrf_id = inp->def_vrf_id; 12387#ifdef INVARIANTS 12388 if (create_lock_applied == 0) { 12389 panic("Error, should hold create lock and I don't?"); 12390 } 12391#endif 12392 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id, 12393 p 12394 ); 12395 if (stcb == NULL) { 12396 /* Error is setup for us in the call */ 12397 goto out_unlocked; 12398 } 12399 if (create_lock_applied) { 12400 SCTP_ASOC_CREATE_UNLOCK(inp); 12401 create_lock_applied = 0; 12402 } else { 12403 SCTP_PRINTF("Huh-3? create lock should have been on??\n"); 12404 } 12405 /* 12406 * Turn on queue only flag to prevent data from 12407 * being sent 12408 */ 12409 queue_only = 1; 12410 asoc = &stcb->asoc; 12411 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 12412 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 12413 12414 /* initialize authentication params for the assoc */ 12415 sctp_initialize_auth_params(inp, stcb); 12416 12417 if (control) { 12418 /* 12419 * see if a init structure exists in cmsg 12420 * headers 12421 */ 12422 struct sctp_initmsg initm; 12423 int i; 12424 12425 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control, 12426 sizeof(initm))) { 12427 /* 12428 * we have an INIT override of the 12429 * default 12430 */ 12431 if (initm.sinit_max_attempts) 12432 asoc->max_init_times = initm.sinit_max_attempts; 12433 if (initm.sinit_num_ostreams) 12434 asoc->pre_open_streams = initm.sinit_num_ostreams; 12435 if (initm.sinit_max_instreams) 12436 asoc->max_inbound_streams = initm.sinit_max_instreams; 12437 if (initm.sinit_max_init_timeo) 12438 asoc->initial_init_rto_max = initm.sinit_max_init_timeo; 12439 if (asoc->streamoutcnt < asoc->pre_open_streams) { 12440 struct sctp_stream_out *tmp_str; 12441 int had_lock = 0; 12442 12443 /* Default is NOT correct */ 12444 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, defout:%d pre_open:%d\n", 12445 asoc->streamoutcnt, asoc->pre_open_streams); 12446 /* 12447 * What happens if this 12448 * fails? we panic ... 12449 */ 12450 12451 if (hold_tcblock) { 12452 had_lock = 1; 12453 SCTP_TCB_UNLOCK(stcb); 12454 } 12455 SCTP_MALLOC(tmp_str, 12456 struct sctp_stream_out *, 12457 (asoc->pre_open_streams * 12458 sizeof(struct sctp_stream_out)), 12459 SCTP_M_STRMO); 12460 if (had_lock) { 12461 SCTP_TCB_LOCK(stcb); 12462 } 12463 if (tmp_str != NULL) { 12464 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 12465 asoc->strmout = tmp_str; 12466 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams; 12467 } else { 12468 asoc->pre_open_streams = asoc->streamoutcnt; 12469 } 12470 for (i = 0; i < asoc->streamoutcnt; i++) { 12471 /*- 12472 * inbound side must be set 12473 * to 0xffff, also NOTE when 12474 * we get the INIT-ACK back 12475 * (for INIT sender) we MUST 12476 * reduce the count 12477 * (streamoutcnt) but first 12478 * check if we sent to any 12479 * of the upper streams that 12480 * were dropped (if some 12481 * were). Those that were 12482 * dropped must be notified 12483 * to the upper layer as 12484 * failed to send. 12485 */ 12486 asoc->strmout[i].next_sequence_sent = 0x0; 12487 TAILQ_INIT(&asoc->strmout[i].outqueue); 12488 asoc->strmout[i].stream_no = i; 12489 asoc->strmout[i].last_msg_incomplete = 0; 12490 asoc->strmout[i].next_spoke.tqe_next = 0; 12491 asoc->strmout[i].next_spoke.tqe_prev = 0; 12492 } 12493 } 12494 } 12495 } 12496 hold_tcblock = 1; 12497 /* out with the INIT */ 12498 queue_only_for_init = 1; 12499 /*- 12500 * we may want to dig in after this call and adjust the MTU 12501 * value. It defaulted to 1500 (constant) but the ro 12502 * structure may now have an update and thus we may need to 12503 * change it BEFORE we append the message. 12504 */ 12505 net = stcb->asoc.primary_destination; 12506 asoc = &stcb->asoc; 12507 } 12508 } 12509 if ((SCTP_SO_IS_NBIO(so) 12510 || (flags & MSG_NBIO) 12511 )) { 12512 non_blocking = 1; 12513 } 12514 asoc = &stcb->asoc; 12515 atomic_add_int(&stcb->total_sends, 1); 12516 12517 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { 12518 if (sndlen > asoc->smallest_mtu) { 12519 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12520 error = EMSGSIZE; 12521 goto out_unlocked; 12522 } 12523 } 12524 /* would we block? */ 12525 if (non_blocking) { 12526 if (hold_tcblock == 0) { 12527 SCTP_TCB_LOCK(stcb); 12528 hold_tcblock = 1; 12529 } 12530 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12531 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) || 12532 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12533 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); 12534 if (sndlen > SCTP_SB_LIMIT_SND(so)) 12535 error = EMSGSIZE; 12536 else 12537 error = EWOULDBLOCK; 12538 goto out_unlocked; 12539 } 12540 stcb->asoc.sb_send_resv += sndlen; 12541 SCTP_TCB_UNLOCK(stcb); 12542 hold_tcblock = 0; 12543 } else { 12544 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen); 12545 } 12546 local_soresv = sndlen; 12547 /* Keep the stcb from being freed under our feet */ 12548 if (free_cnt_applied) { 12549#ifdef INVARIANTS 12550 panic("refcnt already incremented"); 12551#else 12552 printf("refcnt:1 already incremented?\n"); 12553#endif 12554 } else { 12555 atomic_add_int(&stcb->asoc.refcnt, 1); 12556 free_cnt_applied = 1; 12557 } 12558 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12559 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12560 error = ECONNRESET; 12561 goto out_unlocked; 12562 } 12563 if (create_lock_applied) { 12564 SCTP_ASOC_CREATE_UNLOCK(inp); 12565 create_lock_applied = 0; 12566 } 12567 if (asoc->stream_reset_outstanding) { 12568 /* 12569 * Can't queue any data while stream reset is underway. 12570 */ 12571 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN); 12572 error = EAGAIN; 12573 goto out_unlocked; 12574 } 12575 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12576 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12577 queue_only = 1; 12578 } 12579 if ((use_rcvinfo == 0) || (srcv == NULL)) { 12580 /* Grab the default stuff from the asoc */ 12581 srcv = (struct sctp_sndrcvinfo *)&stcb->asoc.def_send; 12582 } 12583 /* we are now done with all control */ 12584 if (control) { 12585 sctp_m_freem(control); 12586 control = NULL; 12587 } 12588 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 12589 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 12590 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 12591 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 12592 if ((use_rcvinfo) && 12593 (srcv->sinfo_flags & SCTP_ABORT)) { 12594 ; 12595 } else { 12596 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12597 error = ECONNRESET; 12598 goto out_unlocked; 12599 } 12600 } 12601 /* Ok, we will attempt a msgsnd :> */ 12602 if (p) { 12603 p->td_ru.ru_msgsnd++; 12604 } 12605 if (stcb) { 12606 if (((srcv->sinfo_flags | temp_flags) & SCTP_ADDR_OVER) == 0) { 12607 net = stcb->asoc.primary_destination; 12608 } 12609 } 12610 if (net == NULL) { 12611 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12612 error = EINVAL; 12613 goto out_unlocked; 12614 } 12615 if ((net->flight_size > net->cwnd) && (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) { 12616 /*- 12617 * CMT: Added check for CMT above. net above is the primary 12618 * dest. If CMT is ON, sender should always attempt to send 12619 * with the output routine sctp_fill_outqueue() that loops 12620 * through all destination addresses. Therefore, if CMT is 12621 * ON, queue_only is NOT set to 1 here, so that 12622 * sctp_chunk_output() can be called below. 12623 */ 12624 queue_only = 1; 12625 } else if (asoc->ifp_had_enobuf) { 12626 SCTP_STAT_INCR(sctps_ifnomemqueued); 12627 if (net->flight_size > (net->mtu * 2)) 12628 queue_only = 1; 12629 asoc->ifp_had_enobuf = 0; 12630 } else { 12631 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 12632 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 12633 } 12634 /* Are we aborting? */ 12635 if (srcv->sinfo_flags & SCTP_ABORT) { 12636 struct mbuf *mm; 12637 int tot_demand, tot_out = 0, max_out; 12638 12639 SCTP_STAT_INCR(sctps_sends_with_abort); 12640 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12641 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12642 /* It has to be up before we abort */ 12643 /* how big is the user initiated abort? */ 12644 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12645 error = EINVAL; 12646 goto out; 12647 } 12648 if (hold_tcblock) { 12649 SCTP_TCB_UNLOCK(stcb); 12650 hold_tcblock = 0; 12651 } 12652 if (top) { 12653 struct mbuf *cntm = NULL; 12654 12655 mm = sctp_get_mbuf_for_msg(1, 0, M_WAIT, 1, MT_DATA); 12656 if (sndlen != 0) { 12657 cntm = top; 12658 while (cntm) { 12659 tot_out += SCTP_BUF_LEN(cntm); 12660 cntm = SCTP_BUF_NEXT(cntm); 12661 } 12662 } 12663 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12664 } else { 12665 /* Must fit in a MTU */ 12666 tot_out = sndlen; 12667 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12668 if (tot_demand > SCTP_DEFAULT_ADD_MORE) { 12669 /* To big */ 12670 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12671 error = EMSGSIZE; 12672 goto out; 12673 } 12674 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAIT, 1, MT_DATA); 12675 } 12676 if (mm == NULL) { 12677 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12678 error = ENOMEM; 12679 goto out; 12680 } 12681 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); 12682 max_out -= sizeof(struct sctp_abort_msg); 12683 if (tot_out > max_out) { 12684 tot_out = max_out; 12685 } 12686 if (mm) { 12687 struct sctp_paramhdr *ph; 12688 12689 /* now move forward the data pointer */ 12690 ph = mtod(mm, struct sctp_paramhdr *); 12691 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 12692 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out)); 12693 ph++; 12694 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr); 12695 if (top == NULL) { 12696 error = uiomove((caddr_t)ph, (int)tot_out, uio); 12697 if (error) { 12698 /*- 12699 * Here if we can't get his data we 12700 * still abort we just don't get to 12701 * send the users note :-0 12702 */ 12703 sctp_m_freem(mm); 12704 mm = NULL; 12705 } 12706 } else { 12707 if (sndlen != 0) { 12708 SCTP_BUF_NEXT(mm) = top; 12709 } 12710 } 12711 } 12712 if (hold_tcblock == 0) { 12713 SCTP_TCB_LOCK(stcb); 12714 hold_tcblock = 1; 12715 } 12716 atomic_add_int(&stcb->asoc.refcnt, -1); 12717 free_cnt_applied = 0; 12718 /* release this lock, otherwise we hang on ourselves */ 12719 sctp_abort_an_association(stcb->sctp_ep, stcb, 12720 SCTP_RESPONSE_TO_USER_REQ, 12721 mm, SCTP_SO_LOCKED); 12722 /* now relock the stcb so everything is sane */ 12723 hold_tcblock = 0; 12724 stcb = NULL; 12725 /* 12726 * In this case top is already chained to mm avoid double 12727 * free, since we free it below if top != NULL and driver 12728 * would free it after sending the packet out 12729 */ 12730 if (sndlen != 0) { 12731 top = NULL; 12732 } 12733 goto out_unlocked; 12734 } 12735 /* Calculate the maximum we can send */ 12736 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12737 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12738 if (non_blocking) { 12739 /* we already checked for non-blocking above. */ 12740 max_len = sndlen; 12741 } else { 12742 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12743 } 12744 } else { 12745 max_len = 0; 12746 } 12747 if (hold_tcblock) { 12748 SCTP_TCB_UNLOCK(stcb); 12749 hold_tcblock = 0; 12750 } 12751 /* Is the stream no. valid? */ 12752 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 12753 /* Invalid stream number */ 12754 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12755 error = EINVAL; 12756 goto out_unlocked; 12757 } 12758 if (asoc->strmout == NULL) { 12759 /* huh? software error */ 12760 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 12761 error = EFAULT; 12762 goto out_unlocked; 12763 } 12764 /* Unless E_EOR mode is on, we must make a send FIT in one call. */ 12765 if ((user_marks_eor == 0) && 12766 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { 12767 /* It will NEVER fit */ 12768 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12769 error = EMSGSIZE; 12770 goto out_unlocked; 12771 } 12772 if ((uio == NULL) && user_marks_eor) { 12773 /*- 12774 * We do not support eeor mode for 12775 * sending with mbuf chains (like sendfile). 12776 */ 12777 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12778 error = EINVAL; 12779 goto out_unlocked; 12780 } 12781 if (user_marks_eor) { 12782 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); 12783 } else { 12784 /*- 12785 * For non-eeor the whole message must fit in 12786 * the socket send buffer. 12787 */ 12788 local_add_more = sndlen; 12789 } 12790 len = 0; 12791 if (non_blocking) { 12792 goto skip_preblock; 12793 } 12794 if (((max_len <= local_add_more) && 12795 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || 12796 (max_len == 0) || 12797 ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12798 /* No room right now ! */ 12799 SOCKBUF_LOCK(&so->so_snd); 12800 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12801 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || 12802 ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12803 SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", 12804 (unsigned int)SCTP_SB_LIMIT_SND(so), 12805 inqueue_bytes, 12806 local_add_more, 12807 stcb->asoc.stream_queue_cnt, 12808 stcb->asoc.chunks_on_out_queue, 12809 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)); 12810 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12811 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, so, asoc, sndlen); 12812 } 12813 be.error = 0; 12814 stcb->block_entry = &be; 12815 error = sbwait(&so->so_snd); 12816 stcb->block_entry = NULL; 12817 if (error || so->so_error || be.error) { 12818 if (error == 0) { 12819 if (so->so_error) 12820 error = so->so_error; 12821 if (be.error) { 12822 error = be.error; 12823 } 12824 } 12825 SOCKBUF_UNLOCK(&so->so_snd); 12826 goto out_unlocked; 12827 } 12828 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12829 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 12830 so, asoc, stcb->asoc.total_output_queue_size); 12831 } 12832 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12833 goto out_unlocked; 12834 } 12835 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12836 } 12837 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12838 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12839 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12840 } else { 12841 max_len = 0; 12842 } 12843 SOCKBUF_UNLOCK(&so->so_snd); 12844 } 12845skip_preblock: 12846 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12847 goto out_unlocked; 12848 } 12849 /* 12850 * sndlen covers for mbuf case uio_resid covers for the non-mbuf 12851 * case NOTE: uio will be null when top/mbuf is passed 12852 */ 12853 if (sndlen == 0) { 12854 if (srcv->sinfo_flags & SCTP_EOF) { 12855 got_all_of_the_send = 1; 12856 goto dataless_eof; 12857 } else { 12858 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12859 error = EINVAL; 12860 goto out; 12861 } 12862 } 12863 if (top == NULL) { 12864 struct sctp_stream_queue_pending *sp; 12865 struct sctp_stream_out *strm; 12866 uint32_t sndout, initial_out; 12867 12868 initial_out = uio->uio_resid; 12869 12870 SCTP_TCB_SEND_LOCK(stcb); 12871 if ((asoc->stream_locked) && 12872 (asoc->stream_locked_on != srcv->sinfo_stream)) { 12873 SCTP_TCB_SEND_UNLOCK(stcb); 12874 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12875 error = EINVAL; 12876 goto out; 12877 } 12878 SCTP_TCB_SEND_UNLOCK(stcb); 12879 12880 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 12881 if (strm->last_msg_incomplete == 0) { 12882 do_a_copy_in: 12883 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error, non_blocking); 12884 if ((sp == NULL) || (error)) { 12885 goto out; 12886 } 12887 SCTP_TCB_SEND_LOCK(stcb); 12888 if (sp->msg_is_complete) { 12889 strm->last_msg_incomplete = 0; 12890 asoc->stream_locked = 0; 12891 } else { 12892 /* 12893 * Just got locked to this guy in case of an 12894 * interrupt. 12895 */ 12896 strm->last_msg_incomplete = 1; 12897 asoc->stream_locked = 1; 12898 asoc->stream_locked_on = srcv->sinfo_stream; 12899 sp->sender_all_done = 0; 12900 } 12901 sctp_snd_sb_alloc(stcb, sp->length); 12902 atomic_add_int(&asoc->stream_queue_cnt, 1); 12903 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 12904 sp->strseq = strm->next_sequence_sent; 12905 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_SCTP) { 12906 sctp_misc_ints(SCTP_STRMOUT_LOG_ASSIGN, 12907 (uintptr_t) stcb, sp->length, 12908 (uint32_t) ((srcv->sinfo_stream << 16) | sp->strseq), 0); 12909 } 12910 strm->next_sequence_sent++; 12911 } else { 12912 SCTP_STAT_INCR(sctps_sends_with_unord); 12913 } 12914 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 12915 if ((strm->next_spoke.tqe_next == NULL) && 12916 (strm->next_spoke.tqe_prev == NULL)) { 12917 /* Not on wheel, insert */ 12918 sctp_insert_on_wheel(stcb, asoc, strm, 1); 12919 } 12920 SCTP_TCB_SEND_UNLOCK(stcb); 12921 } else { 12922 SCTP_TCB_SEND_LOCK(stcb); 12923 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead); 12924 SCTP_TCB_SEND_UNLOCK(stcb); 12925 if (sp == NULL) { 12926 /* ???? Huh ??? last msg is gone */ 12927#ifdef INVARIANTS 12928 panic("Warning: Last msg marked incomplete, yet nothing left?"); 12929#else 12930 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n"); 12931 strm->last_msg_incomplete = 0; 12932#endif 12933 goto do_a_copy_in; 12934 12935 } 12936 } 12937 while (uio->uio_resid > 0) { 12938 /* How much room do we have? */ 12939 struct mbuf *new_tail, *mm; 12940 12941 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 12942 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 12943 else 12944 max_len = 0; 12945 12946 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || 12947 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) || 12948 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) { 12949 sndout = 0; 12950 new_tail = NULL; 12951 if (hold_tcblock) { 12952 SCTP_TCB_UNLOCK(stcb); 12953 hold_tcblock = 0; 12954 } 12955 mm = sctp_copy_resume(sp, uio, srcv, max_len, user_marks_eor, &error, &sndout, &new_tail); 12956 if ((mm == NULL) || error) { 12957 if (mm) { 12958 sctp_m_freem(mm); 12959 } 12960 goto out; 12961 } 12962 /* Update the mbuf and count */ 12963 SCTP_TCB_SEND_LOCK(stcb); 12964 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12965 /* 12966 * we need to get out. Peer probably 12967 * aborted. 12968 */ 12969 sctp_m_freem(mm); 12970 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) { 12971 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12972 error = ECONNRESET; 12973 } 12974 SCTP_TCB_SEND_UNLOCK(stcb); 12975 goto out; 12976 } 12977 if (sp->tail_mbuf) { 12978 /* tack it to the end */ 12979 SCTP_BUF_NEXT(sp->tail_mbuf) = mm; 12980 sp->tail_mbuf = new_tail; 12981 } else { 12982 /* A stolen mbuf */ 12983 sp->data = mm; 12984 sp->tail_mbuf = new_tail; 12985 } 12986 sctp_snd_sb_alloc(stcb, sndout); 12987 atomic_add_int(&sp->length, sndout); 12988 len += sndout; 12989 12990 /* Did we reach EOR? */ 12991 if ((uio->uio_resid == 0) && 12992 ((user_marks_eor == 0) || 12993 (srcv->sinfo_flags & SCTP_EOF) || 12994 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12995 sp->msg_is_complete = 1; 12996 } else { 12997 sp->msg_is_complete = 0; 12998 } 12999 SCTP_TCB_SEND_UNLOCK(stcb); 13000 } 13001 if (uio->uio_resid == 0) { 13002 /* got it all? */ 13003 continue; 13004 } 13005 /* PR-SCTP? */ 13006 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) { 13007 /* 13008 * This is ugly but we must assure locking 13009 * order 13010 */ 13011 if (hold_tcblock == 0) { 13012 SCTP_TCB_LOCK(stcb); 13013 hold_tcblock = 1; 13014 } 13015 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 13016 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13017 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 13018 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 13019 else 13020 max_len = 0; 13021 if (max_len > 0) { 13022 continue; 13023 } 13024 SCTP_TCB_UNLOCK(stcb); 13025 hold_tcblock = 0; 13026 } 13027 /* wait for space now */ 13028 if (non_blocking) { 13029 /* Non-blocking io in place out */ 13030 goto skip_out_eof; 13031 } 13032 if ((net->flight_size > net->cwnd) && 13033 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) { 13034 queue_only = 1; 13035 } else if (asoc->ifp_had_enobuf) { 13036 SCTP_STAT_INCR(sctps_ifnomemqueued); 13037 if (net->flight_size > (net->mtu * 2)) { 13038 queue_only = 1; 13039 } else { 13040 queue_only = 0; 13041 } 13042 asoc->ifp_had_enobuf = 0; 13043 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13044 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13045 } else { 13046 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13047 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13048 if (net->flight_size > net->cwnd) { 13049 queue_only = 1; 13050 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13051 } else { 13052 queue_only = 0; 13053 } 13054 } 13055 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13056 (stcb->asoc.total_flight > 0) && 13057 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13058 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13059 13060 /*- 13061 * Ok, Nagle is set on and we have data outstanding. 13062 * Don't send anything and let SACKs drive out the 13063 * data unless wen have a "full" segment to send. 13064 */ 13065 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13066 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13067 } 13068 SCTP_STAT_INCR(sctps_naglequeued); 13069 nagle_applies = 1; 13070 } else { 13071 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13072 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13073 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13074 } 13075 SCTP_STAT_INCR(sctps_naglesent); 13076 nagle_applies = 0; 13077 } 13078 /* What about the INIT, send it maybe */ 13079 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13080 13081 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 13082 nagle_applies, un_sent); 13083 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 13084 stcb->asoc.total_flight, 13085 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 13086 } 13087 if (queue_only_for_init) { 13088 if (hold_tcblock == 0) { 13089 SCTP_TCB_LOCK(stcb); 13090 hold_tcblock = 1; 13091 } 13092 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13093 /* a collision took us forward? */ 13094 queue_only_for_init = 0; 13095 queue_only = 0; 13096 } else { 13097 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13098 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 13099 queue_only_for_init = 0; 13100 queue_only = 1; 13101 } 13102 } 13103 if ((queue_only == 0) && (nagle_applies == 0)) { 13104 /*- 13105 * need to start chunk output 13106 * before blocking.. note that if 13107 * a lock is already applied, then 13108 * the input via the net is happening 13109 * and I don't need to start output :-D 13110 */ 13111 if (hold_tcblock == 0) { 13112 if (SCTP_TCB_TRYLOCK(stcb)) { 13113 hold_tcblock = 1; 13114 sctp_chunk_output(inp, 13115 stcb, 13116 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13117 } 13118 } else { 13119 sctp_chunk_output(inp, 13120 stcb, 13121 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13122 } 13123 if (hold_tcblock == 1) { 13124 SCTP_TCB_UNLOCK(stcb); 13125 hold_tcblock = 0; 13126 } 13127 } 13128 SOCKBUF_LOCK(&so->so_snd); 13129 /*- 13130 * This is a bit strange, but I think it will 13131 * work. The total_output_queue_size is locked and 13132 * protected by the TCB_LOCK, which we just released. 13133 * There is a race that can occur between releasing it 13134 * above, and me getting the socket lock, where sacks 13135 * come in but we have not put the SB_WAIT on the 13136 * so_snd buffer to get the wakeup. After the LOCK 13137 * is applied the sack_processing will also need to 13138 * LOCK the so->so_snd to do the actual sowwakeup(). So 13139 * once we have the socket buffer lock if we recheck the 13140 * size we KNOW we will get to sleep safely with the 13141 * wakeup flag in place. 13142 */ 13143 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size + 13144 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) { 13145 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13146 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 13147 so, asoc, uio->uio_resid); 13148 } 13149 be.error = 0; 13150 stcb->block_entry = &be; 13151 error = sbwait(&so->so_snd); 13152 stcb->block_entry = NULL; 13153 13154 if (error || so->so_error || be.error) { 13155 if (error == 0) { 13156 if (so->so_error) 13157 error = so->so_error; 13158 if (be.error) { 13159 error = be.error; 13160 } 13161 } 13162 SOCKBUF_UNLOCK(&so->so_snd); 13163 goto out_unlocked; 13164 } 13165 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13166 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 13167 so, asoc, stcb->asoc.total_output_queue_size); 13168 } 13169 } 13170 SOCKBUF_UNLOCK(&so->so_snd); 13171 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13172 goto out_unlocked; 13173 } 13174 } 13175 SCTP_TCB_SEND_LOCK(stcb); 13176 if (sp) { 13177 if (sp->msg_is_complete == 0) { 13178 strm->last_msg_incomplete = 1; 13179 asoc->stream_locked = 1; 13180 asoc->stream_locked_on = srcv->sinfo_stream; 13181 } else { 13182 sp->sender_all_done = 1; 13183 strm->last_msg_incomplete = 0; 13184 asoc->stream_locked = 0; 13185 } 13186 } else { 13187 SCTP_PRINTF("Huh no sp TSNH?\n"); 13188 strm->last_msg_incomplete = 0; 13189 asoc->stream_locked = 0; 13190 } 13191 SCTP_TCB_SEND_UNLOCK(stcb); 13192 if (uio->uio_resid == 0) { 13193 got_all_of_the_send = 1; 13194 } 13195 } else if (top) { 13196 /* We send in a 0, since we do NOT have any locks */ 13197 error = sctp_msg_append(stcb, net, top, srcv, 0); 13198 top = NULL; 13199 if (srcv->sinfo_flags & SCTP_EOF) { 13200 /* 13201 * This should only happen for Panda for the mbuf 13202 * send case, which does NOT yet support EEOR mode. 13203 * Thus, we can just set this flag to do the proper 13204 * EOF handling. 13205 */ 13206 got_all_of_the_send = 1; 13207 } 13208 } 13209 if (error) { 13210 goto out; 13211 } 13212dataless_eof: 13213 /* EOF thing ? */ 13214 if ((srcv->sinfo_flags & SCTP_EOF) && 13215 (got_all_of_the_send == 1) && 13216 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) { 13217 int cnt; 13218 13219 SCTP_STAT_INCR(sctps_sends_with_eof); 13220 error = 0; 13221 if (hold_tcblock == 0) { 13222 SCTP_TCB_LOCK(stcb); 13223 hold_tcblock = 1; 13224 } 13225 cnt = sctp_is_there_unsent_data(stcb); 13226 if (TAILQ_EMPTY(&asoc->send_queue) && 13227 TAILQ_EMPTY(&asoc->sent_queue) && 13228 (cnt == 0)) { 13229 if (asoc->locked_on_sending) { 13230 goto abort_anyway; 13231 } 13232 /* there is nothing queued to send, so I'm done... */ 13233 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13234 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13235 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13236 /* only send SHUTDOWN the first time through */ 13237 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 13238 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 13239 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 13240 } 13241 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 13242 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 13243 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 13244 asoc->primary_destination); 13245 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13246 asoc->primary_destination); 13247 } 13248 } else { 13249 /*- 13250 * we still got (or just got) data to send, so set 13251 * SHUTDOWN_PENDING 13252 */ 13253 /*- 13254 * XXX sockets draft says that SCTP_EOF should be 13255 * sent with no data. currently, we will allow user 13256 * data to be sent first and move to 13257 * SHUTDOWN-PENDING 13258 */ 13259 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13260 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13261 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13262 if (hold_tcblock == 0) { 13263 SCTP_TCB_LOCK(stcb); 13264 hold_tcblock = 1; 13265 } 13266 if (asoc->locked_on_sending) { 13267 /* Locked to send out the data */ 13268 struct sctp_stream_queue_pending *sp; 13269 13270 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 13271 if (sp) { 13272 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 13273 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 13274 } 13275 } 13276 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 13277 if (TAILQ_EMPTY(&asoc->send_queue) && 13278 TAILQ_EMPTY(&asoc->sent_queue) && 13279 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 13280 abort_anyway: 13281 if (free_cnt_applied) { 13282 atomic_add_int(&stcb->asoc.refcnt, -1); 13283 free_cnt_applied = 0; 13284 } 13285 sctp_abort_an_association(stcb->sctp_ep, stcb, 13286 SCTP_RESPONSE_TO_USER_REQ, 13287 NULL, SCTP_SO_LOCKED); 13288 /* 13289 * now relock the stcb so everything 13290 * is sane 13291 */ 13292 hold_tcblock = 0; 13293 stcb = NULL; 13294 goto out; 13295 } 13296 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13297 asoc->primary_destination); 13298 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY); 13299 } 13300 } 13301 } 13302skip_out_eof: 13303 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 13304 some_on_control = 1; 13305 } 13306 if ((net->flight_size > net->cwnd) && 13307 (SCTP_BASE_SYSCTL(sctp_cmt_on_off) == 0)) { 13308 queue_only = 1; 13309 } else if (asoc->ifp_had_enobuf) { 13310 SCTP_STAT_INCR(sctps_ifnomemqueued); 13311 if (net->flight_size > (net->mtu * 2)) { 13312 queue_only = 1; 13313 } else { 13314 queue_only = 0; 13315 } 13316 asoc->ifp_had_enobuf = 0; 13317 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13318 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13319 } else { 13320 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13321 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13322 if (net->flight_size > net->cwnd) { 13323 queue_only = 1; 13324 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13325 } else { 13326 queue_only = 0; 13327 } 13328 } 13329 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13330 (stcb->asoc.total_flight > 0) && 13331 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13332 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13333 /*- 13334 * Ok, Nagle is set on and we have data outstanding. 13335 * Don't send anything and let SACKs drive out the 13336 * data unless wen have a "full" segment to send. 13337 */ 13338 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13339 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13340 } 13341 SCTP_STAT_INCR(sctps_naglequeued); 13342 nagle_applies = 1; 13343 } else { 13344 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13345 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13346 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13347 } 13348 SCTP_STAT_INCR(sctps_naglesent); 13349 nagle_applies = 0; 13350 } 13351 if (queue_only_for_init) { 13352 if (hold_tcblock == 0) { 13353 SCTP_TCB_LOCK(stcb); 13354 hold_tcblock = 1; 13355 } 13356 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13357 /* a collision took us forward? */ 13358 queue_only_for_init = 0; 13359 queue_only = 0; 13360 } else { 13361 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13362 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT); 13363 queue_only_for_init = 0; 13364 queue_only = 1; 13365 } 13366 } 13367 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 13368 /* we can attempt to send too. */ 13369 if (hold_tcblock == 0) { 13370 /* 13371 * If there is activity recv'ing sacks no need to 13372 * send 13373 */ 13374 if (SCTP_TCB_TRYLOCK(stcb)) { 13375 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13376 hold_tcblock = 1; 13377 } 13378 } else { 13379 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13380 } 13381 } else if ((queue_only == 0) && 13382 (stcb->asoc.peers_rwnd == 0) && 13383 (stcb->asoc.total_flight == 0)) { 13384 /* We get to have a probe outstanding */ 13385 if (hold_tcblock == 0) { 13386 hold_tcblock = 1; 13387 SCTP_TCB_LOCK(stcb); 13388 } 13389 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13390 } else if (some_on_control) { 13391 int num_out, reason, frag_point; 13392 13393 /* Here we do control only */ 13394 if (hold_tcblock == 0) { 13395 hold_tcblock = 1; 13396 SCTP_TCB_LOCK(stcb); 13397 } 13398 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 13399 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 13400 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED); 13401 } 13402 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n", 13403 queue_only, stcb->asoc.peers_rwnd, un_sent, 13404 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 13405 stcb->asoc.total_output_queue_size, error); 13406 13407out: 13408out_unlocked: 13409 13410 if (local_soresv && stcb) { 13411 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen); 13412 local_soresv = 0; 13413 } 13414 if (create_lock_applied) { 13415 SCTP_ASOC_CREATE_UNLOCK(inp); 13416 create_lock_applied = 0; 13417 } 13418 if ((stcb) && hold_tcblock) { 13419 SCTP_TCB_UNLOCK(stcb); 13420 } 13421 if (stcb && free_cnt_applied) { 13422 atomic_add_int(&stcb->asoc.refcnt, -1); 13423 } 13424#ifdef INVARIANTS 13425 if (stcb) { 13426 if (mtx_owned(&stcb->tcb_mtx)) { 13427 panic("Leaving with tcb mtx owned?"); 13428 } 13429 if (mtx_owned(&stcb->tcb_send_mtx)) { 13430 panic("Leaving with tcb send mtx owned?"); 13431 } 13432 } 13433#endif 13434#ifdef INVARIANTS 13435 if (inp) { 13436 sctp_validate_no_locks(inp); 13437 } else { 13438 printf("Warning - inp is NULL so cant validate locks\n"); 13439 } 13440#endif 13441 if (top) { 13442 sctp_m_freem(top); 13443 } 13444 if (control) { 13445 sctp_m_freem(control); 13446 } 13447 return (error); 13448} 13449 13450 13451/* 13452 * generate an AUTHentication chunk, if required 13453 */ 13454struct mbuf * 13455sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 13456 struct sctp_auth_chunk **auth_ret, uint32_t * offset, 13457 struct sctp_tcb *stcb, uint8_t chunk) 13458{ 13459 struct mbuf *m_auth; 13460 struct sctp_auth_chunk *auth; 13461 int chunk_len; 13462 13463 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) || 13464 (stcb == NULL)) 13465 return (m); 13466 13467 /* sysctl disabled auth? */ 13468 if (SCTP_BASE_SYSCTL(sctp_auth_disable)) 13469 return (m); 13470 13471 /* peer doesn't do auth... */ 13472 if (!stcb->asoc.peer_supports_auth) { 13473 return (m); 13474 } 13475 /* does the requested chunk require auth? */ 13476 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) { 13477 return (m); 13478 } 13479 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_DONTWAIT, 1, MT_HEADER); 13480 if (m_auth == NULL) { 13481 /* no mbuf's */ 13482 return (m); 13483 } 13484 /* reserve some space if this will be the first mbuf */ 13485 if (m == NULL) 13486 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD); 13487 /* fill in the AUTH chunk details */ 13488 auth = mtod(m_auth, struct sctp_auth_chunk *); 13489 bzero(auth, sizeof(*auth)); 13490 auth->ch.chunk_type = SCTP_AUTHENTICATION; 13491 auth->ch.chunk_flags = 0; 13492 chunk_len = sizeof(*auth) + 13493 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 13494 auth->ch.chunk_length = htons(chunk_len); 13495 auth->hmac_id = htons(stcb->asoc.peer_hmac_id); 13496 /* key id and hmac digest will be computed and filled in upon send */ 13497 13498 /* save the offset where the auth was inserted into the chain */ 13499 if (m != NULL) { 13500 struct mbuf *cn; 13501 13502 *offset = 0; 13503 cn = m; 13504 while (cn) { 13505 *offset += SCTP_BUF_LEN(cn); 13506 cn = SCTP_BUF_NEXT(cn); 13507 } 13508 } else 13509 *offset = 0; 13510 13511 /* update length and return pointer to the auth chunk */ 13512 SCTP_BUF_LEN(m_auth) = chunk_len; 13513 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0); 13514 if (auth_ret != NULL) 13515 *auth_ret = auth; 13516 13517 return (m); 13518} 13519 13520#ifdef INET6 13521int 13522sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro) 13523{ 13524 struct nd_prefix *pfx = NULL; 13525 struct nd_pfxrouter *pfxrtr = NULL; 13526 struct sockaddr_in6 gw6; 13527 13528 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6) 13529 return (0); 13530 13531 /* get prefix entry of address */ 13532 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) { 13533 if (pfx->ndpr_stateflags & NDPRF_DETACHED) 13534 continue; 13535 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr, 13536 &src6->sin6_addr, &pfx->ndpr_mask)) 13537 break; 13538 } 13539 /* no prefix entry in the prefix list */ 13540 if (pfx == NULL) { 13541 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for "); 13542 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13543 return (0); 13544 } 13545 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is "); 13546 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13547 13548 /* search installed gateway from prefix entry */ 13549 for (pfxrtr = pfx->ndpr_advrtrs.lh_first; pfxrtr; pfxrtr = 13550 pfxrtr->pfr_next) { 13551 memset(&gw6, 0, sizeof(struct sockaddr_in6)); 13552 gw6.sin6_family = AF_INET6; 13553 gw6.sin6_len = sizeof(struct sockaddr_in6); 13554 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr, 13555 sizeof(struct in6_addr)); 13556 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is "); 13557 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6); 13558 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is "); 13559 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13560 if (sctp_cmpaddr((struct sockaddr *)&gw6, 13561 ro->ro_rt->rt_gateway)) { 13562 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n"); 13563 return (1); 13564 } 13565 } 13566 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n"); 13567 return (0); 13568} 13569 13570#endif 13571 13572int 13573sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t * ro) 13574{ 13575 struct sockaddr_in *sin, *mask; 13576 struct ifaddr *ifa; 13577 struct in_addr srcnetaddr, gwnetaddr; 13578 13579 if (ro == NULL || ro->ro_rt == NULL || 13580 sifa->address.sa.sa_family != AF_INET) { 13581 return (0); 13582 } 13583 ifa = (struct ifaddr *)sifa->ifa; 13584 mask = (struct sockaddr_in *)(ifa->ifa_netmask); 13585 sin = (struct sockaddr_in *)&sifa->address.sin; 13586 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13587 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is "); 13588 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 13589 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr); 13590 13591 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway; 13592 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13593 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is "); 13594 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13595 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr); 13596 if (srcnetaddr.s_addr == gwnetaddr.s_addr) { 13597 return (1); 13598 } 13599 return (0); 13600}
|